Traditional access control models (e.g., RBAC, ABAC) struggle with real-time threat mitigation in multi-cloud environments, leading to vulnerabilities in cloud-based government and enterprise systems. This study introduces a cognitive AI-driven framework integrating machine learning (ML) models (Random Forest, SVM) with a dynamic policy adaptation layer to enhance security governance. The framework employs adversarial testing, real-time anomaly detection, and GDPR-compliant anonymisation to address evolving cyber threats. Evaluated on a Kaggle dataset of 50 access control factors, the framework achieved a 75% reduction in unauthorised access incidents and a 20% improvement in security scores compared to traditional models. Deployed via AWS SageMaker and Lambda, it enforced policies in under 5 seconds, demonstrating scalability and cost efficiency. These findings highlight the framework’s potential to redefine cloud security governance, offering a robust solution for healthcare, finance, and government sectors.