rewrite this title Your Employees Are Not the Only AI Risk. Theta Lake Is Building for the Threat Inside the Content. – UC Today

Picture this. An employee shares a document with an AI assistant inside their UC platform. The document looks routine. But it contains hidden instructions, invisible to the employee yet readable by the AI. Those instructions tell the tool to bypass its guardrails, access sensitive data, or alter its outputs in ways that quietly compromise your compliance records.

This is indirect prompt injection. Crucially, it is not theoretical. It is a growing attack vector in enterprise AI deployments, and most current governance frameworks cannot catch it. Traditional DLP tools track what users do. They do not track what content does when it enters the AI layer.

Theta Lake has now built a classifier to close that gap. The company targets hidden instructions in the emails, documents, chats, and transcripts employees share with AI tools every day, across the UC platforms it already monitors.

For IT and security leaders who have built AI governance policies around user behaviour, this is precisely the gap those policies leave open. If your team is not already thinking about it, your organisation is almost certainly exposed.

How Theta Lake AI Prompt Injection Detection Works

The indirect prompt injection classifier sits at the centre of a broader platform update. It differs from jailbreak detection, which Theta Lake already offers, in one important way. Jailbreaking requires a user to actively try to manipulate an AI tool. Indirect prompt injection, by contrast, works through the content itself. A third party embeds malicious instructions inside a document or message. The employee shares it. The AI acts on the hidden instruction without either party realising it.

The classifier intercepts those instructions before they reach the AI layer. It covers Theta Lake’s integrations with Zoom, Microsoft Teams, Cisco Webex, RingCentral, and Slack. As a result, compliance and security teams get a forensic record of what the classifier detected, where, and when.

Two further classifiers accompany it. The first covers attachment sharing with AI assistants: it detects and identifies documents passing into AI tools, giving teams visibility into what content enters the AI layer and from where. The second targets AI manipulation and unethical summary steering. This catches users who instruct AI tools to omit or alter specific topics from meeting summaries or communication records, an act that could compromise legal, compliance, or security analysis downstream.

Marc Gilman, General Counsel and VP of Compliance at Theta Lake, said the company’s focus extends well beyond product delivery:

“We want to help our customers learn to adapt to the new AI-powered workplace, and one of the best ways we can help is to bring leading experts, present real-world scenarios, and best practices to the broader community of risk, compliance, and legal professionals.”

CSA STAR for AI Level II, ISO 42001, and a New Patent: What the Credentials Mean for Buyers

Alongside the new classifiers, Theta Lake has added CSA STAR for AI Level II to its existing ISO/IEC 42001 accreditation. The Cloud Security Alliance launched the Level II designation in November 2025. To achieve it, organisations must combine a validated third-party ISO/IEC 42001 certification with a completed AI Controls Matrix assessment. That assessment covers bias mitigation, model risk management, algorithmic explainability, and training data privacy. Importantly, the framework requires independent third-party audit, not simply documented intent.

For enterprise procurement teams, the combination of both certifications provides a documented, auditable basis for vendor due diligence. In practice, it also reduces reliance on bespoke security questionnaires during the procurement process.

Additionally, Theta Lake has secured a new patent on topographic techniques for high-dimensional data analysis, selection, and labelling. This methodology underpins its classifier engineering. Together with more than 18 existing patents across AI and compliance governance, the portfolio sets the company apart from competitors whose governance positioning rests on integrations rather than proprietary detection technology.

Irwin Lazar, President and Principal Analyst at Metrigy, framed the broader market need:

“Successful companies take a proactive AI security and compliance approach, with almost 85% now having a policy in place, or one in development. Theta Lake’s new AI interaction governance capabilities are a timely and logical application of their solution, meeting the growing market need for AI-native security and compliance for digital communications.”

AI Governance in Financial Services: What Comes Next

To help customers navigate the practical questions that product releases alone do not answer, Theta Lake is launching a Financial Services AI Governance Series in June. The virtual series features speakers from SIFMA, Zoom, RingCentral, Cisco, and Metrigy. Its focus is on risk, compliance, and legal professionals working through the governance implications of AI in regulated workplace communications.

Melissa MacGregor, Deputy General Counsel and Corporate Secretary at SIFMA, said regulated firms need more than feature adoption:

“They need practical perspectives on potential risks and guidance on areas of AI governance to prioritise.”

Why AI Compliance Governance Needs to Move Beyond User Behaviour

The indirect prompt injection risk arrives at an uncomfortable moment for IT and security teams. AI tool adoption inside UC platforms is near-universal. Yet most governance frameworks still focus on a threat model that centres on user behaviour. That model is already being superseded. Locking down what employees do with AI is necessary. It is not sufficient.

As AI assistants become standard participants in workplace communications, the content flowing through those systems becomes an attack surface in its own right. Theta Lake now extends detection into that content layer. For organisations that have not yet mapped this risk, the question is not whether to act. It is how quickly they can close the gap before someone else exploits it.