NTT Research launched SaltGrain at its Upgrade 2026 conference on Wednesday in San Jose, California. As a zero-trust data security suite, SaltGrain is designed for a context where AI agents are increasingly handling sensitive corporate data.
The product is the first commercial release out of Scale Academy, NTT Research’s newly formalized startup incubator.
The pitch is straightforward: most current security models protect the perimeter – the network, the building, the login screen. But SaltGrain protects the contents – the encryption travels with the data, meaning that a stolen file is rendered useless.
Now, AI agents can access corporate data on their own – a distinction that matters more in 2026 than it did even a year ago. To be successful, agents need broad access that creates new ways for sensitive information to leak. In that sense, a semi-classic dilemma emerges: to give, or not to give agents access to files?
The numbers paint a clear picture about the urgency of the matter: 88% of organizations surveyed by Arkose Labs have already reported confirmed or suspected AI agent security incidents in the past year, a number that climbs to 92.7% in healthcare. Meanwhile, only less than a third of companies have formal security policies in place.
The traditional perimeter model was built under the assumption that humans were the only actors, and that trust was easily verifiable, as the browser was never designed for software that can think, decide, and act autonomously.
As an IBM study points out, the average cost of data breaches is now exceeding $4.88 million USD, the highest in history. The takeaway is uncomfortable: every software system is vulnerable. In a context where AI agents receive more autonomy, risk is only building up day by day.
“SaltGrain is a data security suite that breaks the prevailing all-or-nothing file-access paradigm,” NTT Research President and CEO Kazu Gomi said at the opening Upgrade 2026 press conference on April 13, 2026.
The way SaltGrain makes it happen is with a cryptographic approach called attribute-based encryption (ABE). Instead of locking a whole file behind a single key, ABE gives granular permissions, meaning the access is line by line:
A doctor reviewing a patient record can be allowed to see the medical history, but not the billing details, for example; an AI agent summarizing a contract can read the clauses it needs without ever touching the parts marked as confidential – the rules travel with the file, not the network around it.
ABE itself is not new. It was first proposed in a 2004 academic paper co-authored by Dr. Brent Waters, who now directs NTT Research’s Cryptography and Information Security Lab, as well as Dr. Amit Sahai of UCLA. What changed is performance – the encryption is designed to keep working in a world where quantum computing is no longer hypothetical.
SaltGrain is now targeting financial services, healthcare, and global tech firms. The common ground between them is regulated data, constant sharing of data across organizations, and aggressive AI adoption. These are also the sectors where breach costs run highest – and where the gap between executive confidence and operational reality is widest.
SaltGrain enters a crowded yet immature market. Competitors have both moved aggressively in the past year to address AI agent security at the execution layer, and most major hyperscalers have rolled out their own data-protection tooling, much of it focused on access controls and monitoring.
But the bets being placed across the industry are not the same. What NTT Research is betting on is the encryption layer itself. Most current approaches treat encryption as a baseline, but the SaltGrain approach inverts that, making the intelligence live in the cryptography itself.
Now, the real question for enterprise buyers in the next 12 months is not whether SaltGrain works; ABE has been studied for two decades, and the cryptography is solid. The question is whether organizations are ready to rethink security as a property of data rather than a property of networks, which implies a harder shift than just installing new software.
Adopting such a solution would require changes in how security, compliance, and product teams think and plan audits and data flows. Whether the industry is ready for that shift is the test that matters.
Featured image: Courtesy of NTT
Rockefeller Foundation VP for Reimagining Humanitarian Nutrition Security Simon Winter tells the One Health Summit…
NTT Research, the Silicon Valley-based research division of Japanese telecom giant NTT, announced Dr. Tetsuomi…
This piece started from a series of conversations I kept coming back to over the…
The credit card rewards system operates on a structural imbalance that rarely gets discussed openly;…
The closure of the Strait of Hormuz has sent shockwaves through the global economy, halting…
For the past few years, corporate investment into AI startups and in-house R&D have skyrocketed,…