AI makes IT governance more complex because it changes how work is delegated, reviewed, and owned. Teams must manage productivity gains alongside risk, compliance, and legal exposure. That means governance has to cover both the human operator and the AI-assisted workflow, especially where decisions influence access or sensitive data.
Why This Matters for Security Teams
AI expands governance scope because it turns a predictable workflow into a runtime decision problem. Human users can be reviewed through static roles, approval chains, and periodic access recertification. AI-assisted work, by contrast, can generate new actions, new data paths, and new privilege requests at the moment of execution. That makes policy enforcement, auditability, and accountability harder to pin to a single owner or a single event.
For security teams, the issue is not just model risk. It is the operational reality that AI can touch sensitive systems faster than existing review processes can react. Current guidance from NIST Cybersecurity Framework 2.0 supports stronger governance and continuous risk management, but AI pushes those ideas deeper into day-to-day operations. The same challenge shows up in NHI programs, where the Top 10 NHI Issues highlights how unmanaged identities and weak lifecycle controls create compounding exposure.
NHI Management Group research shows that 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, which is a strong signal that identity governance fails quickly when machine-driven access is left static. In practice, many security teams encounter privilege drift and unauthorised tool use only after an AI-assisted workflow has already crossed a control boundary, rather than through intentional governance design.
How It Works in Practice
Effective ai governance shifts from pre-approved entitlements to context-aware control. That means the organisation evaluates what the AI is trying to do, which data it needs, which system it is calling, and whether the action is appropriate in that moment. For agentic systems, this often requires workload identity, ephemeral credentials, and policy checks at request time rather than at onboarding time.
The practical pattern is to treat the AI agent as a workload with its own identity and lifecycle, not as a user with a permanent role. A useful implementation usually combines:
- workload identity to prove what the agent is, not who launched it
- just-in-time access with short-lived secrets or tokens
- policy-as-code for real-time authorisation decisions
- logging that links every agent action to a task, context, and approver
This is where standards and research complement each other. The Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs is useful for thinking about identity birth, use, rotation, and retirement. For broader governance structure, the NIST Cybersecurity Framework 2.0 reinforces continuous improvement, while the current guidance around AI risk management is evolving toward runtime evaluation, traceability, and accountability.
In practice, organisations also need to decide whether the AI can chain tools, call external APIs, or request elevated actions through another service. If those paths are not bounded, the agent can expand its effective privilege far beyond the original request. These controls tend to break down in legacy environments where service accounts are shared, secrets are long-lived, and request-level policy evaluation is not available.
Common Variations and Edge Cases
Tighter AI governance often increases delivery friction, so organisations must balance speed against control coverage. That tradeoff becomes sharper when teams are using AI for customer support, code generation, or IT operations, because these workloads can move from harmless assistance to privileged action with very little human input.
Best practice is evolving for multi-agent systems, and there is no universal standard for this yet. Some organisations gate only high-risk actions, while others wrap every tool call in policy checks. The right choice depends on the sensitivity of the data, the blast radius of the target system, and whether human review is still practical at the moment of execution. Where the workflow touches secrets, regulated data, or production infrastructure, static RBAC alone is usually too blunt.
The Ultimate Guide to NHIs — Regulatory and Audit Perspectives is especially relevant when auditors ask who approved the action, how long access lasted, and whether revocation was automatic. The same governance logic should also be informed by breach learning, including the DeepSeek breach, which reinforces how quickly AI-related exposure can become a broader control problem.
Where this guidance breaks down most often is in highly distributed environments with shared service identities, fragmented secrets stores, and no central policy engine, because runtime decisions cannot be enforced consistently across the stack.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Covers runtime risk in autonomous AI actions and tool use. | |
| CSA MAESTRO | Addresses governance for agentic workflows, identities, and tool access. | |
| NIST AI RMF | Supports risk-based governance for AI systems across the lifecycle. |
Use AI RMF to assign ownership, assess impact, and monitor AI-driven decisions continuously.
