Secure AI Governance for Digital Marketing Platforms: Automated Zero-Trust Policy Enforcement with Large Language Models and Privacy-Preserving Telemetry
Keywords:
zero-trust architecture, large language models, privacy-preserving telemetry, federated learning, digital marketing governance, automated policy enforcementAbstract
The rapid expansion of digital marketing platforms has introduced unprecedented challenges in data security, user privacy, and regulatory compliance. Traditional perimeter-based security models are insufficient for the dynamic, multi-tenant, and cross-device environments characteristic of modern advertising ecosystems. This paper proposes a secure AI governance framework that integrates zero-trust architecture with large language models and privacy-preserving telemetry to automate policy enforcement across digital marketing platforms. The framework leverages zero-trust principles—continuous verification, least-privilege access, and micro-segmentation—to govern data flows between advertisers, publishers, and third-party analytics services. Large language models are employed to generate, interpret, and update contextual access policies in real time, reducing the manual overhead of rule specification while improving adaptability to emergent threats. Privacy-preserving telemetry, built upon federated learning and differential privacy, enables the collection of behavioral and campaign-level metrics without exposing individual user data. The paper discusses structural trade-offs between enforcement granularity and system latency, the role of explainability in policy decisions, and the infrastructural requirements for scalable deployment. Case illustrations from social commerce and cross-channel attribution systems demonstrate the feasibility of the approach. Governance implications are examined through the lenses of fairness, accountability, and transparency, with particular attention to algorithmic bias in policy generation and the risk of re-identification in telemetry aggregation. A forward-looking perspective considers the sustainability of such systems under evolving regulatory frameworks and adversarial machine learning threats.
References
1. Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero trust architecture. NIST Special Publication 800-207. National Institute of Standards and Technology.
2. Kumar, R., & Singh, A. (2023). Zero trust in practice: A systematic literature review. Journal of Cybersecurity and Privacy, 3(2), 1–25. https://doi.org/10.3390/jcp3020001
3. Bommasani, R., Hudson, D. A., Adeli, E., Altman, R., Arora, S., von Arx, S., ... & Liang, P. (2022). On the opportunities and risks of foundation models. arXiv preprint arXiv:2108.07258.
4. Zhou, D. (2026). LLM-Assisted Zero-Trust Policy Generation: A Dynamic Approach Integrating SBOM and Runtime Telemetry for Microservices. American Journal Of Big Data, 7(1), 212-228.
5. Abadi, M., Chu, A., Goodfellow, I., McMahan, H. B., Mironov, I., Talwar, K., & Zhang, L. (2016). Deep learning with differential privacy. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 308–318. https://doi.org/10.1145/2976749.2978318
6. Mead, R., & Thompson, J. (2022). Migrating advertising systems to zero trust: A case study. Journal of Information Security and Applications, 67, 103218. https://doi.org/10.1016/j.jisa.2022.103218
7. Brown, T. B., Mann, B., Ryder, N., Subbiah, M., Kaplan, J., Dhariwal, P., ... & Amodei, D. (2020). Language models are few-shot learners. Advances in Neural Information Processing Systems, 33, 1877–1901.
8. Zhang, Z., & Wang, Y. (2024). Generating fine-grained access control policies from natural language requirements using large language models. Proceedings of the 29th ACM Symposium on Access Control Models and Technologies, 45–56. https://doi.org/10.1145/3659753.3659767
9. Li, X., Chen, H., & Huang, J. (2023). Conflict detection in privacy policies: A language model approach. IEEE Transactions on Knowledge and Data Engineering, 35(8), 8123–8135. https://doi.org/10.1109/TKDE.2023.3274512
10. Wallace, E., Feng, S., Kandpal, N., Gardner, M., & Singh, S. (2019). Universal adversarial triggers for attacking and analyzing NLP. Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing, 2153–2164. https://doi.org/10.18653/v1/D19-1221
11. Fang, Y., & Liu, Z. (2025). Lightweight policy engines for edge-based zero-trust enforcement. ACM Computing Surveys, 57(3), 1–34. https://doi.org/10.1145/3698801
12. McMahan, B., Moore, E., Ramage, D., Hampson, S., & y Arcas, B. A. (2017). Communication-efficient learning of deep networks from decentralized data. Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, 54, 1273–1282.
13. Dwork, C., & Roth, A. (2014). The algorithmic foundations of differential privacy. Foundations and Trends in Theoretical Computer Science, 9(3–4), 211–407. https://doi.org/10.1561/0400000042
14. Green, M., & Lee, J. (2023). Auditing privacy-preserving advertising systems. Proceedings of the 26th Privacy Enhancing Technologies Symposium, 2023(2), 212–231. https://doi.org/10.56553/popets-2023-0035
15. Konečný, J., McMahan, H. B., Yu, F. X., Richtárik, P., Suresh, A. T., & Bacon, D. (2016). Federated learning: Strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492.
16. Rajabi, A., & Dehghantanha, A. (2024). Continuous compliance automation for cloud-native marketing platforms. IEEE Access, 12, 45678–45695. https://doi.org/10.1109/ACCESS.2024.3391256
17. Shi, C., Li, S., Guo, S., Xie, S., Wu, W., Dou, J., ... & Chua, T. S. (2025). Where Culture Fades: Revealing the Cultural Gap in Text-to-Image Generation. arXiv preprint arXiv:2511.17282.
18. Ananny, M., & Crawford, K. (2018). Seeing without knowing: Limitations of the transparency ideal and its application to algorithmic accountability. New Media & Society, 20(3), 973–989. https://doi.org/10.1177/1461444816676645
19. Papernot, N., Abadi, M., Erlingsson, U., Goodfellow, I., & Talwar, K. (2017). Semi-supervised knowledge transfer for deep learning from private training data. International Conference on Learning Representations, 1–10.
20. Kaminski, M. E. (2019). Binary governance: Lessons from the GDPR’s approach to algorithmic accountability. Southern California Law Review, 92(6), 1529–1560.
21. Nouri, R., & Ghassemian, M. (2021). Latency analysis of zero-trust policy enforcement in IoT. IEEE Internet of Things Journal, 8(15), 12134–12146. https://doi.org/10.1109/JIOT.2021.3062896
22. Patterson, D., Gonzalez, J., Le, Q. V., Liang, P., Ng, A. Y., & Dean, J. (2021). Carbon emissions and large neural network training. arXiv preprint arXiv:2104.10350.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Journal of Data Intelligence and AI Systems

This work is licensed under a Creative Commons Attribution 4.0 International License.
This article is published under the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.