Vivek Kumar’s PAARA Framework Highlights Emerging Risks in Enterprise AI Connectors

By PNI Admin On Jun 29, 2026

Mumbai : Vivek Kumar, an independent AI governance, cybersecurity, and privacy consultant, developed PAARA Privacy-Aware AI Risk Architecture to address an under-examined risk in enterprise AI governance: the connector layer.

PAARA helps organisations assess the privacy, security, and insider-risk implications of AI connectors OAuth scopes, Microsoft Graph permissions, API bridges, and retrieval pipelines used by tools such as Microsoft 365 Copilot and Google Gemini. Its central argument is that AI governance has focused heavily on models, algorithms, and compliance, while the connector layer determines what enterprise data an AI system can actually access, combine, retrieve, and act upon.

Kumar submitted PAARA-based feedback to Singapore’s Infocomm Media Development Authority through its open feedback process for the Model AI Governance Framework for Agentic AI. IMDA later confirmed that Version 1.5 of the framework incorporated feedback received through that channel.

He also authored an analysis in the IAPP’s Privacy Perspectives examining how AI connectors create hidden data flows and new insider-threat risks for privacy programs. His PAARA methodology is published on SSRN with a DOI, and related research has been peer-reviewed at IEEE and Springer venues.

PAARA reduces the issue to five questions a governance team should answer before enabling a connector at scale: What systems can the connector reach? Is sensitive data accessible through it? Are permissions scoped to least privilege, with read separated from write? Can retrieved records be reconstructed for a given AI output? And how does the connector change insider-risk exposure not whether someone could break the rules, but what becomes possible when they follow them?

Kumar serves as an IAPP KnowledgeNet Chapter Chair and holds the AIGP, CIPP/US, CIPP/E, CIPM, CISM, and FIP certifications. His work focuses on AI governance, privacy engineering, cybersecurity, and connector-layer risk management.