Subscribe to the Non-Human & AI Identity Journal

What breaks when AI governance exists on paper but not in enforcement?

Policy-only governance fails when teams cannot technically restrict access, log decisions, or revoke permissions in the systems AI actually uses. That creates a false sense of control while data exposure, privilege creep, and untracked actions continue. Effective governance must be enforced through identity, access, and audit mechanisms, not only through policy documents.

Why This Matters for Security Teams

Paper-only governance fails because AI and NHI risk is enforced by systems, not by intent. If an agent can still call APIs, read datasets, or modify infrastructure after a policy says “no,” then the policy is aspirational. That gap creates shadow privilege, weak auditability, and a false control narrative that often survives until an incident or audit forces the issue. Current guidance suggests governance must be measurable in identity, access, and logging paths, not just documents and approvals.

NHIMG’s The 2026 Infrastructure Identity Survey shows why this matters: only 44% of organisations have policies to manage AI agents, even though 92% say governance is critical to enterprise security. That disconnect is exactly where risk accumulates. Security leaders can also compare policy intent against operational controls using the NIST AI Risk Management Framework and NHIMG’s Ultimate Guide to NHIs — Regulatory and Audit Perspectives to see whether governance is actually enforceable.

In practice, many security teams discover that governance failed only after an agent has already made an unauthorised change, rather than through intentional control testing.

How It Works in Practice

Enforcement means the control plane must be able to deny, limit, or revoke actions at runtime. For AI agents and other NHIs, that usually requires workload identity, short-lived credentials, and policy evaluation at request time. Static role assignments are too blunt because autonomous systems do not follow fixed human workflows. Their tool use changes with context, prompt, task scope, and error conditions, which is why the gap between “approved” and “allowed” becomes dangerous fast.

Practical governance starts by binding every agent to a verifiable workload identity, then attaching narrowly scoped permissions to that identity. Best practice is evolving toward just-in-time access, ephemeral secrets, and context-aware authorization decisions rather than standing privilege. A common pattern is to issue access only for the duration of a task, then revoke it automatically when the task completes or the context changes. For auditability, the system should record what the agent attempted, what it was allowed to do, and why the policy engine decided that way.

That is the operating model reflected in NHIMG’s Top 10 NHI Issues and in standards such as NIST Cybersecurity Framework 2.0, which emphasises govern, identify, protect, detect, respond, and recover across real controls. For agentic deployments, current guidance also aligns with NIST AI 600-1 GenAI Profile because model outputs alone are not the risk, enforcement is.

  • Use policy-as-code so access decisions are evaluated consistently at runtime.
  • Prefer short-lived tokens or certificates over static secrets that linger after task completion.
  • Log decision context, not just successful actions, to expose attempted misuse.
  • Separate approval workflows from enforcement controls so a checklist cannot masquerade as protection.

These controls tend to break down in legacy environments that cannot support per-request policy evaluation, fine-grained service identity, or immediate revocation because the agent is still consuming broad shared credentials.

Common Variations and Edge Cases

Tighter enforcement often increases operational overhead, requiring organisations to balance stronger control against deployment speed and integration complexity. That tradeoff becomes sharper in mixed estates where human admins, scripts, and AI agents all touch the same systems. There is no universal standard for this yet, especially where a single workflow uses multiple toolchains, external APIs, and delegated privileges.

One common edge case is “governed in policy, exempt in practice.” Teams document restrictions but leave service accounts, break-glass roles, or integration tokens wide open because nobody wants to interrupt production. Another is when audit logs exist but do not capture the agent’s intent, policy decision, or chain of tool calls, making post-incident reconstruction incomplete. NHIMG’s Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs is useful here because lifecycle governance only works when issuance, rotation, revocation, and review are enforced in the same systems that issue access.

For risk-heavy environments, a policy document may still matter for accountability, but it cannot substitute for runtime controls. That is especially true when organisations are already seeing identity sprawl, as highlighted in the NIST AI Risk Management Framework and the ISO/IEC 42001:2023 AI Management System Standard, which both assume operational control, not paper compliance.

When governance exists only on paper, the practical result is usually privilege drift, unreviewed exceptions, and controls that fail the moment an autonomous system encounters an unexpected path.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-03 Paper-only governance often leaves NHI secrets unrevoked and over-scoped.
OWASP Agentic AI Top 10 AGENT-02 Agents need runtime constraints, not just written policy.
CSA MAESTRO A3 MAESTRO addresses governance for autonomous agent behavior and tool use.
NIST AI RMF GOVERN Govern function covers accountability when policy must be operationalized.
NIST CSF 2.0 PR.AC-1 Access control must be technically enforced, not only documented.

Enforce NHI secret lifecycle controls so issuance, rotation, and revocation happen automatically.