Access-trust gaps in AI governance are widening fast

At a glance

What this is: 1Password’s report argues that AI adoption is outpacing policy enforcement, creating an access-trust gap between what organisations can govern and how people actually use AI tools.

Why it matters: For IAM, IGA, and security teams, the lesson is that governance failure now includes unsanctioned AI usage, which can expose data, weaken auditability, and bypass existing access controls.

By the numbers:

• 73% of employees are encouraged to use AI for some part of their workloads, but 37% admit they do not always follow their company’s AI policies.
• 27% of employees have worked on AI-based applications that their employers did not approve.
• Only 6% of IT and security professionals believe their company lacks an AI policy.

👉 Read 1Password’s analysis of the 2025 Access-Trust Gap and AI governance

Context

The access-trust gap is the space between the access security teams believe they control and the access people actually use. In AI governance, that gap widens quickly when employees adopt unsanctioned tools faster than policy, inventory, and enforcement can keep up.

For IAM practitioners, the important shift is that AI tools now behave like an access path, not just a software choice. That means governance has to cover discovery, approval, device trust, and policy enforcement across human identities and the AI services they choose to use.

Key questions

Q: How should security teams govern employee use of AI tools?

A: They should govern AI tools as part of the access control plane, not just as acceptable-use software. That means discovering which tools are in use, classifying sanctioned and unsanctioned paths, enforcing device and identity checks, and making approved AI services easier to use than shadow AI. Policy without enforcement will not change behaviour.

Q: Why do SSO and MDM fall short for AI governance?

A: SSO and MDM were designed for a world where managed devices and approved apps define the boundary. AI breaks that assumption because users can send data to personal accounts or external tools outside those controls. Organisations need identity, device, and application governance together if they want auditability and real enforcement.

Q: What do organisations get wrong about shadow AI?

A: They often treat shadow AI as a communications or awareness problem. In practice, it is an identity and access problem because people can move sensitive work into unmanaged tools without going through sanctioned authentication, logging, or review. If the access path is invisible, the governance model is already incomplete.

Q: Who is accountable when employees use unapproved AI tools?

A: Accountability sits with the organisation’s governance model, not with the individual control alone. Security, IAM, and platform teams need clear ownership for discovery, policy enforcement, and exception handling so that unsanctioned AI use is addressed before sensitive data leaves approved boundaries.

Technical breakdown

Shadow AI as an access control problem

Shadow AI is not only a policy issue. It is an identity problem because employees can move sensitive work into unapproved AI tools that sit outside sanctioned authentication, logging, and review paths. Once that happens, the enterprise loses visibility into where data goes, which account handled it, and whether access should have been allowed at all. This is especially relevant when personal accounts, unmanaged SaaS, and browser-based AI tools blur the boundary between work and non-work identity. The security failure is not that AI exists. It is that access control no longer matches the actual execution path.

Practical implication: discover and classify AI tools as part of access governance, not as a separate software inventory exercise.

Why SSO and MDM no longer cover the full access path

Traditional SSO and MDM were built for a world where most work happened on managed devices and approved applications. AI usage breaks that assumption because users can interact with external models, personal accounts, and browser sessions that never enter the managed control plane. A device may be compliant while the data path is not. That is why access governance now has to look at both identity and endpoint context together. The technical issue is not a missing login. It is a missing policy boundary around where sensitive work can be processed and which tools can receive it.

Practical implication: pair identity controls with device checks and sanctioned-app routing before users reach AI services.

Policy enforcement and auditability in sanctioned AI use

Good AI governance depends on more than a written policy. Organisations need mechanisms that can block unsanctioned tools, explain why access was denied, and preserve enough telemetry to support audit and incident response. In practical terms, this means the control plane must distinguish between approved AI workspaces and personal or unmanaged tools. If the organisation cannot show which AI service received data, who approved it, and what policy applied, then the governance model is incomplete. The control is not merely denial. It is enforceable accountability across the AI access path.

Practical implication: design AI governance controls that can deny, redirect, and explain decisions in real time.

NHI Mgmt Group analysis

AI governance has become an access-control discipline, not a policy memo. The report shows that employees are already using AI in ways the organisation cannot consistently approve or observe. That means the control problem is no longer awareness alone. Practitioners need to treat AI usage as a governed access path with discovery, approval, and enforcement requirements, not as a side policy for end users.

Unsanctioned AI creates an auditability gap that existing IAM models were never built to close. Once sensitive data moves into personal AI accounts or unmanaged tools, the organisation loses the evidence chain needed for review, investigation, and accountability. The practical implication is that access governance must extend to where data is processed, not just where the user signs in.

Access controls that stop at SSO leave the real risk untouched. This report shows why identity teams must connect sanctioned applications, device posture, and policy enforcement into one operating model. A login can be compliant while the downstream AI tool is not, which means the security boundary has shifted from authentication to usage control.

Access-trust gap: The gap between approved identity controls and the actual tools people use is now the defining governance problem for AI adoption. The phrase matters because it captures a structural failure, not a temporary adoption issue. When users choose external AI services faster than controls can adapt, the organisation loses both restraint and visibility. Practitioners should treat that gap as a programme design fault line, not a communications issue.

The strongest AI governance programmes will combine discovery, enforcement, and user guidance. The report’s underlying message is that blocking alone is not enough if users simply move to another unapproved path. The programme must make sanctioned access easy, make unsanctioned access visible, and make policy consequences understandable. That is what turns AI governance into a durable operating model.

From our research:

• 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to The 2026 Infrastructure Identity Survey.
• Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
• For a broader control perspective, see OWASP Non-Human Identity Top 10 for the governance patterns that routinely fail when machine access grows faster than oversight.

What this signals

Access-trust gap: the pressure point for most IAM programmes will be tool sprawl, not just credential sprawl. When employees can move work into external AI services faster than governance can classify them, the practical boundary of identity management shifts from login control to usage control.

The signal for practitioners is that discovery and enforcement now matter together. A policy that users can ignore is not a control, and a device check that cannot explain itself will simply encourage workarounds. The next wave of AI governance will reward teams that make approved access easy while constraining shadow paths.

With 70% of organisations granting AI systems more access than they would give a human employee doing the same job, per the 2026 Infrastructure Identity Survey, the operational lesson is clear: access governance is becoming asymmetric, and current IAM patterns are not built for that asymmetry.

For practitioners

• Build a full AI tool inventory Continuously discover AI tools across managed and unmanaged environments, then classify them by approval status, data exposure risk, and access path. Treat browser-based and personal-account usage as part of the inventory, not exceptions.
• Tie AI policy to device trust checks Block access to managed applications when a device is running a blocklisted AI tool or using an unsanctioned account. The control should explain the reason for the block so users understand the policy and can move to an approved workspace.
• Route users toward sanctioned AI services Give employees a self-serve path to approved AI tools so convenience does not push them into shadow AI. The goal is to reduce workarounds by aligning productivity with the company’s access rules.
• Audit policy awareness against real behaviour Compare what leaders believe is in policy with what employees actually do, especially where personal AI accounts and unsanctioned SaaS are involved. Reconcile that gap through training, controls, and reporting, not awareness campaigns alone.

Key takeaways

• AI governance breaks when organisations can no longer see or control the tools people actually use.
• The report’s survey data shows a material gap between AI policy intent and employee behaviour, which is now an IAM issue as much as a cultural one.
• Teams need discovery, device trust, and sanctioned access routes together if they want AI adoption without losing accountability.

Key terms

• Access-trust gap: The gap between the access an organisation believes it controls and the access people or systems actually use. In AI governance, it appears when employees send data to unsanctioned tools or accounts that sit outside approved identity, logging, and policy enforcement paths.
• Shadow AI: AI tools or accounts used in an organisation without approval, inventory, or governance. Shadow AI matters because it creates unmanaged data exposure, weakens auditability, and bypasses the identity controls that security teams rely on to regulate access and accountability.
• Device trust: A control that evaluates whether a device meets security requirements before allowing access to managed resources. In this context, it helps extend governance beyond login by checking whether a user is running unsanctioned AI tools or other policy-violating software.
• Sanctioned AI workspace: An approved AI environment that the organisation has vetted for policy, access, and data handling requirements. It gives users a legitimate route for AI use while preserving visibility, control, and auditability across the work they perform.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.

This post draws on content published by 1Password: The Access-Trust Gap in AI governance. Read the original.