NetApp’s Industry Analyst Conference 2026 showcased a company building deliberately from its roots. The unified data fabric that has always defined NetApp’s enterprise story remains the foundation. While infrastructure and data residency still matter, metadata, semantic search, governance, AI data catalogs, sovereignty, policy, and cyber resilience are increasingly prominent discussion topics. This shift reflects how enterprise architectures must evolve as AI moves from experimentation into production and business-critical operations.
The Rise of Systems of Intelligence
For decades, enterprise technology revolved around two layers. Systems of Record captured transactions. Systems of Engagement connected people to applications and workflows. AI is introducing a third: Systems of Intelligence that consume information from across the enterprise, generate recommendations, orchestrate actions, and increasingly operate with autonomy.
As organizations mature from experimentation to production with their AI deployments, the constraint is no longer access to models or compute. It is trusted context.
Models can reason, but they cannot determine which enterprise data is authoritative or which policies govern a given business process. Also, they cannot independently distinguish governed from ungoverned sources. This is why data catalogs, metadata, lineage, and semantic context become so critical. Yet, most enterprises have a shortage of trusted, well-governed data that intelligence systems can act on with confidence. This issue is exacerbated as organizations begin to use autonomous systems that combine data across sources, reason across business processes, invoke tools, and participate in operational workflows. The quality of AI outcomes depends as much on context as on model capability. A well-grounded agent operating against poor context will produce worse results than a less capable model operating against trusted, well-governed information.
The Cognitive Surface
Systems of Intelligence shift precedence from managing information to managing meaning. NetApp’s AI Data Plane strategy sits squarely in that conversation. The company’s investments in AI-ready data, metadata services, semantic search, knowledge graphs, and governance reflect an acknowledgment that infrastructure value increasingly depends on establishing trusted context around enterprise data.
Viewed through a wider lens, these capabilities furthermore touch on something even more significant: what we describe as the Cognitive Surface, which is the layer that mediates between enterprise data and enterprise intelligence. This is not an application layer. It is the mechanism through which probabilistic AI systems connect to deterministic business operations, providing semantic grounding, governance, observability, and control. It is what allows an autonomous system to act in ways that align with organizational objectives, comply with policy, and remain explainable after the fact.
NetApp’s historical strengths including data management, availability, protection, and recovery are foundational to the governance, resilience, and trust that the Cognitive Surface requires.
NetApp’s architecture reflects this progression. The company frames its platform around three layers: Unified Storage, an AI Data Plane designed to make enterprise data AI-ready, and a Unified Control Plane responsible for observability, automation, and agentic operations. Viewed through the lens of our AI Stack research, this reflects a move beyond infrastructure toward capabilities that support the operation of Systems of Intelligence. The AI Data Plane provides context, metadata, and governance, while the Control Plane introduces coordination, observability, and operational management across increasingly autonomous environments.
Fragmentation and the Governance Gap
Throughout the summit, company executives consistently positioned NetApp as the layer responsible for making enterprise data AI-ready through metadata, governance, semantic discovery, lineage, and policy-aware data services.
The challenge is that data platform providers, hyperscalers, security vendors, identity providers, and model companies are all introducing governance frameworks and control mechanisms. For example, Snowflake is extending governance through the Data Cloud. Databricks is building toward a Data Intelligence layer. Identity vendors are expanding into agent governance. Security vendors are positioning around AI runtime protection and policy enforcement. We are rapidly heading towards an accumulating fragmentation problem.
An autonomous system operating within a single enterprise workflow may interact with multiple models, data platforms, clouds, and security controls. Each domain enforces its own policies. None of them, by design, sees the whole. Trust that is isolated within individual technology domains does not naturally extend across the workflows that run autonomous systems. Policy, identity, context, and trust ultimately need to operate as a coordinated system.
NetApp’s position is that governance should begin where enterprise data resides and where enterprise context is created. The unresolved question is whether the its platform becomes one of those coordinating layers or whether governance authority ultimately migrates elsewhere in the stack. NetApp’s own architecture suggests that role may ultimately reside in the Unified Control Plane, which the company positions as the operational layer for observability, automation, and agentic operations across the environment.
NetApp’s response to that fragmentation challenge is not to claim ownership of the entire governance stack. The company’s strategy is built around ecosystem participation as much as platform capability, supporting open source, closed source, and third-party services through north-south connectivity that contributes to a broader enterprise data context. That positions NetApp to contribute context, metadata, and policy awareness across environments even when data resides outside its own domain, which may prove more realistic than any single vendor claiming end-to-end governance authority.
Metadata can reveal where sensitive information exists. Lineage can show how it moves. Governance frameworks can document intended policy. But in the autonomous, agentic world, organizations need to know whether an agent should access specific information in a given context, why it accessed what it accessed, what policies governed that decision, and how that chain of reasoning can be reconstructed afterward.
NetApp already describes the AI Data Plane as a mechanism for applying policies consistently and enforcing them down to the storage layer, but Systems of Intelligence require governance at retrieval time, during agent interactions, and across workflows that span multiple platforms. The question is whether NetApp’s AI Data Plane evolves toward the runtime mediation and policy execution that autonomous systems require. If it does, the company moves closer to the Cognitive Surface, and into a very different category than traditional infrastructure providers.
The Attack Surface is Moving
This shift also has implications for security. When AI systems are embedded in business workflows, the attack surface expands well beyond the model itself. Metadata, embeddings, retrieval systems, semantic relationships, and agent memory all become targets. An adversary who cannot compromise a model directly may find it easier to corrupt the context that model operates against.
Consider a vector store that has been subtly poisoned. Not enough to trigger obvious errors, but enough to systematically bias an agent’s retrieval in ways that shape its recommendations over time. The model performs correctly. The infrastructure appears healthy. But the outputs are compromised. No conventional security control catches it, because no conventional security control was designed to monitor semantic integrity.
The threat landscape for AI systems extends across several distinct categories. Data manipulation by agents, mass extraction and exfiltration, and ransomware attacks targeting AI context layers all represent growing risks. Quantum computing advances also introduce longer-horizon concerns around encryption standards, making post-quantum cryptography readiness an emerging consideration for enterprises building durable AI infrastructure. Addressing these threats requires managing security context through the entire AI pipeline, from data source to agent interaction. Limiting data access at the source, consistently tracing role-based access controls throughout the data pipeline, and deploying AI-driven detection tools capable of identifying unexpected behaviors are becoming foundational requirements rather than optional enhancements.
NetApp’s AI Data Plane reflects a recognition that metadata, lineage, governance, and context are becoming increasingly important components of enterprise AI architectures. As organizations operationalize Systems of Intelligence, questions naturally emerge around how those contextual layers are secured, governed, and trusted. The challenge extends beyond protecting data repositories to ensuring the integrity of the metadata, governance controls, and retrieval processes that will shape how intelligence operates.
Recovery Is the Harder Problem
The resilience implications follow the same logic, and in some ways are even more difficult to address than the security challenges.
Traditional recovery strategies were designed to restore data, applications, and infrastructure. Systems of Intelligence introduce vector stores, semantic relationships, governance state, retrieval paths, agent memory, and contextual information shaping decisions, all of which will need to be captured. Uncertainty about what an agent knew, what it decided, why it acted as it did is harder to resolve than the incident itself.
This is where NetApp’s architecture has interesting implications for cyber resilience. Its AI Data Plane could provide a persistent source of the metadata, lineage, governance, and context, while the Unified Control Plane could provide the observability needed to reconstruct how those assets influenced operational decisions. Together, those capabilities begin to address the challenge of restoring confidence in AI-driven operations.
Trust as an Operational Requirement
AI adoption is ultimately constrained by the ability to establish trusted context, which is hard to build. It requires governance that operates at runtime, security thinking that accounts for semantic integrity, and resilience strategies capable of restoring confidence in the reasoning those systems produce.
NetApp enters this transition with genuine advantages. Decades of credibility in data management, protection, availability, and recovery translate directly into critical capabilities for Systems of Intelligence.
For practitioners, the questions worth asking early are: Can your intelligence systems distinguish authoritative data from ungoverned data? Do your governance controls operate at runtime? If an autonomous system made a consequential decision today, could you reconstruct why?
Organizations that treat these as future concerns will find them much harder to retrofit. The enterprises that move deliberately now, investing in semantic grounding, runtime governance, and resilience strategies built for autonomous systems, are the ones most likely to operationalize AI in ways that are trusted, explainable, and durable.
