The Data+AI security company announced a new AI-powered classification taxonomy designed to unify how enterprises identify, categorize, and protect sensitive data across modern data stacks and AI-driven environments. Alongside it, Symmetry introduced expanded “Bring Your Own AI” (BYOAI) capabilities, giving large organizations more control over how and where AI-powered classification runs.

Together, the announcements mark a strategic shift away from proprietary, vendor-specific classification models toward something the industry has largely lacked: a shared, extensible standard for data and AI security.

A single taxonomy for a fragmented security landscape

At the heart of Symmetry’s announcement is a comprehensive classification framework that serves as the backbone of its DataGuard platform. The taxonomy supports:

• 400+ sensitive data identifiers, spanning PII, PHI, PCI, financial data, credentials, and intellectual property

• 500+ semantic data types, including contracts, board documents, healthcare records, financial filings, and legal documents

• Regulatory mappings across GDPR, CCPA, HIPAA, PCI DSS, SOC 2, and emerging AI governance frameworks

• Privacy data elements, unified into a single model

The goal is straightforward but ambitious: replace the patchwork of incompatible taxonomies that force enterprises to translate policies across multiple tools, clouds, and vendors.

For security and privacy teams, that translation work has become a hidden tax—consuming time and increasing risk as data sprawls across SaaS apps, data lakes, warehouses, and AI pipelines.

Moving toward open standards, not closed ecosystems

Symmetry isn’t just introducing a new taxonomy—it plans to open source it, along with supporting datasets, to encourage industry-wide standardization and benchmarking.

In a notable step toward collaboration, the company has already integrated the Fides privacy-by-code taxonomy into its broader model. The combined taxonomy and corpus of test data will be released as an open-source project, with governance and benchmarking details expected in the coming weeks.

That approach directly challenges the status quo, where most data security vendors maintain proprietary classification schemes that don’t interoperate.

“Vendor-specific taxonomies force organizations to maintain multiple overlapping frameworks and create unnecessary friction,” said Sameer Sait, Senior Director of Information Security at Stanley 1913. “An open, standards-based taxonomy addresses a fundamental problem the entire industry faces.”

Why classification matters more in the AI era

Classification has always been foundational to data security—but AI has raised the stakes.

Large language models, analytics pipelines, and agent-based systems consume vast amounts of enterprise data. Without consistent classification, organizations struggle to answer basic questions: What data is sensitive? Where does it live? Who—or what—can access it?

Symmetry CEO Dr. Mohit Tiwari framed the issue bluntly.

“The data security industry has a taxonomy problem. Organizations waste resources translating between incompatible approaches instead of securing data.”

His comparison is telling. Tiwari likens Symmetry’s vision to a “PyTorch moment for data security”—a compact specification layer that abstracts complexity while enabling portability.

Just as PyTorch allows AI practitioners to define models once and deploy them across GPUs or TPUs, an open data security taxonomy would let privacy and security teams define policies once and enforce them everywhere—from Databricks Unity Catalog and Snowflake to AWS IAM, Kubernetes OPA rules, and DLP systems.

From policy statements to technical enforcement

One of the most compelling implications of the taxonomy is its role in bridging human policy and machine enforcement.

Today, high-level directives—such as “vendors cannot access customer data”—require manual translation into dozens of disconnected systems. That process is slow, error-prone, and difficult to audit.

Symmetry’s approach aims to turn those directives into policy-as-code, automatically generating permissions, access controls, network rules, and audit configurations across the stack.

This isn’t just about compliance speed. It’s about making governance scalable in environments where data and AI systems change faster than humans can document them.

Benchmarking data security like AI models

By releasing evaluation datasets alongside the taxonomy, Symmetry is also pushing for something rare in security: reproducible benchmarking.

In AI, shared benchmarks drove rapid improvement by making performance measurable and comparable. Data security classification, by contrast, has largely operated without standardized testing.

“Data security needs the same approach,” said Tiwari. “Open benchmarks allow the community to test, compare, and continuously improve classification accuracy.”

If adopted broadly, that could pressure vendors to compete on measurable outcomes rather than opaque claims.

“Bring Your Own AI” to avoid lock-in

Complementing the taxonomy is Symmetry’s expanded BYOAI support, which allows customers to run classification using their own AI infrastructure—whether that’s Azure OpenAI, AWS Bedrock, Google Vertex AI, or private GPU environments.

This matters for two reasons: data sovereignty and control.

Many enterprises are reluctant to send sensitive data through third-party cloud pipelines. Symmetry’s architecture brings AI-powered classification to where the data already lives, rather than forcing data to move.

That stands in contrast to cloud-dependent Data Security Posture Management tools that rely on centralized vendor infrastructure—an approach that can introduce compliance and trust concerns.

A differentiated position in a crowded market

The data security market is crowded with DSPM, DLP, and AI governance tools, many of which promise visibility but stop short of standardization.

Symmetry is carving out a distinct position: comprehensive classification, infrastructure flexibility, and an open standard designed to outlive any single vendor.

Whether the industry rallies around this taxonomy remains to be seen. But the problem it addresses—fragmented classification in a world of exploding data and AI usage—is real and growing.

The takeaway

Symmetry Systems isn’t just shipping a feature. It’s challenging a deeply entrenched model of proprietary data classification at a moment when AI is forcing enterprises to rethink governance from the ground up.

If its open taxonomy gains traction, it could do for data security what shared frameworks did for AI development: turn fragmented experimentation into a more measurable, interoperable discipline.

For enterprises grappling with AI-driven data sprawl, that shift can’t come soon enough.

Get in touch with our MarTech Experts.