Blog

Build vs. Buy: How AI is Shaping Your Next DLP Decision

Author icon
by
Chris Martinez
,
July 2, 2025
Build vs. Buy: How AI is Shaping Your Next DLP DecisionBuild vs. Buy: How AI is Shaping Your Next DLP Decision
Chris Martinez
July 2, 2025
Icon - Time needed to read this article

As AI transforms the security landscape, security leaders face a critical decision:

Should you build your own DLP solutions to match evolving threats, or buy best-in-class tools that leverage AI out of the box?

To unpack this question, Rohan Sathe, co-founder of Nightfall AI, sat down with Chris Sandulow, CISO at Confluent at our recent webinar Build vs Buy: Designing an Effective DLP Program in the AI Era.

With 25 years of experience across the U.S. Army, Federal Reserve, NASDAQ, MongoDB, and now Confluent, Chris offers a grounded perspective on what actually works when designing effective DLP programs in the AI era.

Here’s some of the highlights from the discussion between Rohan and Chris. You can also watch their full conversation here.

The Corporate vs. Product Lens: One Size Does Not Fit All

Chris explains that DLP needs differ depending on whether you’re protecting corporate environments or product-specific workflows:

  • Corporate DLP (employee communications, file sharing, regulatory compliance) is often commoditized, making buying specialized solutions the faster, more reliable path.

  • Product-specific DLP (protecting customer data in your product’s unique environment) may require building for highly specific use cases—though this path comes with trade-offs.
“You’re going to have parts of your company that are bespoke and unique to you. Those may warrant different solutions depending on what you’re looking for.” – Chris Sandulow, CISO, Confluent

The Hidden Costs of Building DLP

The temptation to build is strong, especially in engineering-driven cultures. But Chris cautions:

“At a certain point, it pulls you away from your core competency.”

Building DLP internally isn’t just about writing detection logic:

  • It requires treating security tools like real products with product management, feature development, compliance testing, and user support.

  • Maintenance costs compound as regulations change, your stack evolves, and threats shift.

As Rohan highlights, the key question becomes:

“Could your engineering resources be better leveraged elsewhere rather than building something outside your core mission?”

The AI Advantage in DLP

Traditional DLP solutions often rely on regex and heuristics, leading to high false positives and limited coverage.

Rohan explains how Nightfall shifts detection from static rules to AI-powered content classification combined with data lineage, enabling teams to:

  • Minimize false positives without missing sensitive data.

  • Scale DLP coverage across endpoints, SaaS apps, and user workflows.

  • Investigate incidents faster with AI-generated context.

Chris sees this AI-driven approach as essential for modern DLP:

  • AI chat interfaces lower the technical barrier for security engineers to explore logs and datasets.

  • Even “simple” AI boosts detection quality and operational efficiency.

  • However, human-in-the-loop oversight remains essential to validate outputs before action, preserving quality while benefiting from speed.
“We will figure out the security problems, because that’s always been our business.” – Chris Sandulow

Shadow AI: The New Shadow IT

As organizations adopt AI tools, they face a familiar challenge: shadow AI—employees using unvetted AI services without security oversight.

Chris encourages security leaders to engage AI proactively:

  • Promote safe, guided experimentation with AI to build literacy within security teams.

  • Use tools like Llama Firewall and emerging API gateways to gain visibility into AI tool usage.

  • Develop policy and guardrails, not bans, to manage risk while reaping productivity gains.

Making the Call: Build vs. Buy Framework

Consider this simple decision matrix:

Buy DLP if:

  • Use cases are standard across corporate environments.

  • You need fast time to value with mature, AI-powered detection.

  • You want to free your team to focus on core missions.

Build DLP if:

  • You have truly unique, product-specific data protection workflows.

  • The DLP system is strategically differentiating for your business.

  • You can sustain long-term ownership costs and resourcing.

Take a hybrid approach:

  • Adopt best-in-class DLP tools for broad coverage while building targeted controls for niche product workflows.

The Bottom Line: AI Changes the Equation

The build vs. buy question is no longer just about cost—it’s about speed, precision, and focus.

As AI transforms threats and defenses, buying an AI-powered DLP solution like Nightfall allows you to stay ahead while aligning your security investments with your business goals.

Your DLP program should enable your business, protect your data, and adapt as fast as your organization moves.

Ready to See What AI-Powered DLP Looks Like?

Discover how you can deploy scalable, precise, and integrated DLP across your SaaS, endpoints, and AI workflows with Nightfall.

On this page

Nightfall Mini Logo

Schedule a live demo

Speak to a DLP expert. Learn the platform in under an hour, and protect your data in less than a day.