A shadow decision is an action taken through an AI tool that affects business data or workflow without passing through normal identity governance. The risk is not only unapproved software, but unreviewed decision-making that bypasses the controls teams rely on for accountability and traceability.
Expanded Definition
A shadow decision is not just unsanctioned software use. It is a business action made by an AI tool that changes data, routes work, or influences outcomes without passing through approved identity governance, approval chains, or audit controls. In NHI security, the concern is that the decision may be operationally real even when the actor is not formally recognised as an authorised identity.
Definitions vary across vendors, because some teams use the term to describe any AI-assisted workflow outside policy, while others reserve it for autonomous or semi-autonomous actions with direct business impact. For governance purposes, the useful boundary is whether the action can be attributed, reviewed, and revoked like any other privileged activity. That makes the concept closely related to NIST Cybersecurity Framework 2.0 ideas around traceability, access control, and accountability, even though no single standard governs this term yet.
Shadow decisions differ from ordinary shadow IT because the risk sits in the decision path itself, not only in the application being used. The most common misapplication is treating every AI output as harmless assistance, which occurs when teams fail to notice that the tool was allowed to act on sensitive records or workflows without human approval.
Examples and Use Cases
Implementing controls against shadow decisions rigorously often introduces workflow friction, requiring organisations to weigh faster automation against stronger review, attribution, and rollback capability.
- An AI assistant updates customer account fields based on email content, but the change is never recorded as a governed identity action.
- A procurement copilot approves low-value purchases using embedded policy logic, yet the approval is not tied to a named approver or service account.
- An internal agent files support tickets, changes priorities, or closes cases after interpreting user input, with no visible review step or escalation trail.
- A document-generation tool inserts contractual language into a workflow and triggers downstream processing, but no one can prove who authorised the final decision.
- A data analysis agent reclassifies records or flags fraud candidates, but its actions are outside normal access reviews and exception handling.
These patterns are especially important where NHI governance already struggles with visibility. NHIMG notes that only 5.7% of organisations have full visibility into their service accounts in the Ultimate Guide to NHIs, which helps explain why AI-driven actions can slip past review. For implementation guidance, teams often map the decision path to identity and access controls, then require the same logging discipline used for privileged non-human identities.
Why It Matters in NHI Security
Shadow decisions matter because they blur the line between automation and authority. Once an AI tool can change records, trigger payments, approve access, or alter operational state, it has effectively become a non-human actor with business impact. If that actor is not governed as an identity, organisations lose the ability to answer basic questions about who did what, under which policy, and with which permissions.
The risk is amplified in environments already exposed to secret sprawl and weak lifecycle controls. NHIMG reports that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys in the Ultimate Guide to NHIs, and that statistic becomes more concerning when AI agents can act on the same credentials or interfaces. Governance teams should align shadow decision controls with NIST Cybersecurity Framework 2.0 practices for protective access, monitoring, and response, while ensuring AI actions are attributable, bounded, and revocable.
Organisations typically encounter the consequence only after a disputed change, compliance finding, or incident review, at which point shadow decision control becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agentic AI guidance covers autonomous actions and tool use that can create shadow decisions. | |
| OWASP Non-Human Identity Top 10 | NHI-01 | Shadow decisions often rely on unmanaged non-human identities and unclear ownership. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access is directly relevant when AI tools can trigger business decisions. |
Require approval, logging, and bounded tool permissions before any agent can act on business data.
