AI identity drift is the gap that appears when an AI service’s access, retention, or governance status changes faster than the organisation can inventory it. The term captures how quickly a tool can move from low-risk use to a high-trust integration without matching controls.
Expanded Definition
AI identity drift describes a control gap that appears when an AI service, agent, or model-backed workflow changes faster than identity inventories, approvals, and access rules can keep up. It is closely related to NHI lifecycle failure, but it is more specific to AI systems whose privileges expand through integrations, tool access, or retention changes.
In practice, the drift shows up when an internal prototype becomes a production dependency, when a chatbot is granted API access to customer systems, or when a vendor feature quietly begins storing prompts, outputs, or embedded secrets. No single standard governs this yet, and usage in the industry is still evolving, so practitioners should treat the term as an operational governance label rather than a formal compliance category. The closest control logic appears in the NIST Cyber AI Profile (IR 8596), which emphasizes risk controls across AI lifecycle states and changing system context.
The most common misapplication is treating AI identity drift as a simple inventory problem, which occurs when organisations catalogue the tool but fail to re-evaluate its real access, data handling, and supervision model after each change.
Examples and Use Cases
Implementing AI identity drift controls rigorously often introduces process friction, requiring organisations to weigh faster AI adoption against tighter approval, review, and revocation workflows.
- An internal coding agent is promoted from sandbox use to CI/CD access, but its token scope still matches a test environment. The inventory shows the agent, yet not the new blast radius.
- A customer support copilot gains access to CRM records and ticket history, then is updated to retain conversations for quality review. That retention shift changes governance status even if the interface looks unchanged.
- A vendor-hosted AI feature begins calling downstream services through a service account, making it a non-human identity that should be governed like any other privileged integration. This pattern is similar to cases covered in the Salesloft OAuth token breach.
- An assistant is allowed to read documents, then later to generate emails and open tickets. The identity did not change name, but its authority and data exposure did.
- A model workflow embeds credentials in prompts, configs, or connectors, creating hidden secret exposure that must be handled as NHI risk, not just application risk. See the JetBrains GitHub plugin token exposure and the NIST AI risk guidance on context-aware controls.
For broader NHI lifecycle context, the Ultimate Guide to NHIs remains the best reference point for how non-human access should be tracked, reviewed, and revoked as systems change.
Why It Matters in NHI Security
AI identity drift matters because AI systems rarely fail in the abstract. They fail when a tool that was approved for narrow use silently becomes trusted with production data, privileged actions, or long-lived secrets. That is an NHI problem as much as an AI problem, because the control failure usually sits in identity governance, not in model quality.
NHIMG research shows the scale of the underlying issue: only 5.7% of organisations have full visibility into their service accounts, and 91.6% of secrets remain valid five days after notification, which leaves drifted AI access in place long after it should have been removed. The same pattern appears in breach analysis such as the 52 NHI Breaches Analysis and the Top 10 NHI Issues, where mis-scoped credentials, stale access, and weak oversight repeatedly turn convenience into exposure. The NIST Cyber AI Profile (IR 8596) reinforces the need to manage AI systems as dynamic risk objects, not static deployments.
Organisations typically encounter the consequence only after an AI agent exfiltrates data, triggers an unauthorised action, or exposes a secret, at which point AI identity drift becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | AI identity drift often starts with weak secret and lifecycle handling. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access must be reassessed as AI system authority expands. |
| NIST AI RMF | AI RMF treats changing context and lifecycle risk as core governance concerns. |
Reassess AI system risks whenever tools, data retention, or access patterns change.
