Managing metadata is essential in LLM world

Working the meta is an essential part of social gaming—and managing metadata, the data about data, is just as important when you’re dealing with LLMs.

While metadata management has existed for decades, its importance has exploded alongside the increasing importance of AI in the tech stack. The need for data context that accurately reflects the under-the-hood mechanics of information is essential right now, Paul Stokes, CEO and co-founder of Prevalent AI, told IT Brew.

“Context is hard because enterprises are messy, they’re complicated, they’ve been built up over time—their data is the same, it’s messy, it’s inconsistent, some of it’s out-of-date, some of it’s inaccurate,” Stokes said. “So, having a way for an enterprise to be able to control its data is increasingly important.”

Ensar Seker, SOCRadar CISO, told IT Brew in an email that you can look at contextual understanding as a translation layer between information and AI reasoning.

“Organizations should prioritize a few foundational areas first: data classification, ownership mapping, access controls, lineage tracking, and consistent tagging standards across repositories,” Seker said. “Many companies underestimate how fragmented their environments are until they attempt retrieval-augmented generation or internal AI copilots.”

Careful now. Ignoring metadata management is a major risk. The world’s most powerful LLMs won’t help if they can’t understand your organization’s data and context; they’ll just hallucinate.

For Ido Livneh, CEO and co-founder of data leak solutions provider Jazz, the problem stems from organizations using the wrong data—which metadata management can solve.

“If you’re querying the wrong data or querying too much data, then you end up confusing the element,” Livneh said. “It doesn’t matter how smart it might be.”

Chart time. With metadata applications concerning organizations, one that might deserve more attention is authorization models, which govern who can see what types of data. According to Dan Moore, senior director of CIAM strategy and identity standards at FusionAuth, that graph of relationships can determine access. Don’t take care of it, and you might have a security issue.

“While traditional metadata tells AI how to understand data, authorization metadata, enforced by guardrails, prevents AI from accessing certain parts of data,” Moore told IT Brew in an email. “If your system can’t enforce it, you’ve got a model that either has too much access or too little. Both outcomes are bad. One is a compliance disaster. The other is a system nobody will use.”

To figure out the right path forward, organizations need to focus on whether or not they want to solve the problem in-house or via a vendor. Often this requires understanding the complexity of an organization’s data, and the right path can come down to the organization’s size, Livneh told IT Brew.

“I would tend to want to solve this in-house, and gain the experience, gain the knowledge, and have the flywheel of getting from that problem set to the other one—building capability and experience over time,” Livneh said.