The mosaic effect is the security risk that many harmless-looking data points become sensitive when combined. A single ticket, directory record, log entry, or policy document may not expose much by itself, but a workflow that collects and correlates them can reveal identities, relationships, credentials, or operational details that no one source was meant to disclose.
This matters in cyber security because attackers often exploit correlation, not just direct access. In agentic AI systems, the mosaic effect can appear when an agent is allowed to read from multiple tools and then summarize, route, or act on the combined result. Defenders should treat this as an execution problem as well as a data problem: apply least privilege, limit connector scope, separate read from write actions, and log tool calls so risky combinations are visible during review and incident response.