TL;DR: AI adoption is widening access to sensitive data faster than many security teams can see it, with Cyera citing 83% daily AI use and only 13% strong visibility into AI-data interactions. The real issue is that identity governance and data security still operate on separate assumptions, so access decisions lack the context needed to enforce least privilege at AI scale.
At a glance
What this is: Cyera's analysis argues that AI agents, service accounts, and automation are widening sensitive-data access faster than identity and data controls can be connected.
Why it matters: It matters because IAM, NHI, and human access programmes can no longer rely on identity-only reviews when sensitive data exposure is now part of the access decision.
By the numbers:
- 83% of organizations use AI daily, yet only 13% have strong visibility into how it interacts with enterprise data.
- 96% of technology professionals
- Only 5.7% of organisations have full visibility into their service accounts.
👉 Read Cyera's analysis of AI data access governance with Saviynt
Context
Identity governance breaks down when data sensitivity is invisible at the point of access. In AI-driven environments, the question is no longer only who has access, but whether that identity can reach regulated or highly sensitive data right now.
Cyera's framing is that discovery and classification on one side, and entitlement governance on the other, must be connected before security teams can move from periodic review to continuous control. That is a familiar problem for NHI programmes, but AI agents make the blast radius and the decision tempo much harder to manage.
Key questions
Q: How should security teams govern AI agents that can reach sensitive data?
A: Treat AI agents as non-human identities whose access must be evaluated against the sensitivity of the data they can reach, not just the role they hold. Connect data classification, entitlement review, and ownership validation so access can be revoked when the data context changes. That is the difference between symbolic governance and enforceable least privilege.
Q: Why do service accounts and automation create hidden data-access risk?
A: Service accounts and automation often carry broad entitlements that are difficult to see in ordinary access reviews. When those identities can reach regulated data, the risk is not only over-privilege, but also poor explanation and delayed remediation. Teams need shared visibility into both identity and data context to keep access defensible.
Q: What breaks when identity governance is separated from data security?
A: Governance becomes blind to whether an approved identity can actually reach sensitive records. Reviewers may certify access without seeing exposure, while security teams may classify data without knowing which identities can use it. That split creates a gap where least privilege is assumed but not proven.
Q: Who is accountable when an AI agent accesses regulated data improperly?
A: Accountability sits with the teams that govern the agent's identity, the data classification, and the policy that allowed the access path. If those controls are disconnected, no single owner can explain why the access existed or why it was not removed sooner. Shared context is what makes accountability traceable.
Technical breakdown
Why identity and data posture management must be connected
Identity posture management answers which identities and entitlements exist. Data posture management answers what sensitive information exists and where it lives. When those two views are separate, teams can certify an account without knowing whether it reaches payroll data, source code, or regulated records. The operational gap is not just visibility, but context at decision time. In AI-enabled environments, that context must include field-level sensitivity, exposure state, and who or what is actually using the entitlement. Without it, least privilege becomes a guess rather than an enforceable policy.
Practical implication: integrate identity and data signals before recertification so reviewers see both entitlement and data sensitivity.
How continuous data-risk signals change entitlement enforcement
Continuous classification turns access governance into a dynamic control loop. When data posture changes, for example if new PII is discovered or sharing widens, the identity system can re-evaluate the entitlement against policy rather than waiting for the next access review. That matters because AI agents and automation can create new access paths faster than human processes can certify them. The key architectural shift is from static approval records to policy evaluation that incorporates sensitivity, exposure, recency, and ownership validation.
Practical implication: trigger entitlement reevaluation from data-risk changes, not only from scheduled access-review cycles.
Why agent and service-account access needs data-aware least privilege
AI agents and service accounts are both non-human identities, but their access patterns are increasingly shaped by runtime context rather than fixed human job roles. That means governance cannot stop at identity type or role membership. A broad group assignment may be harmless until the underlying dataset becomes regulated, shared externally, or tied to operational secrets. Data-aware least privilege uses sensitivity and exposure to decide whether the access still makes sense. This is especially important where multiple identities can reach the same sensitive store through different paths.
Practical implication: map non-human identities to sensitive datasets and remove entitlements that are broad in identity scope but narrow in business need.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Data-aware identity governance is becoming the next baseline for NHI control. Identity-only governance cannot answer the question that matters most in AI-heavy environments: which identities can reach sensitive data right now. That is not a visibility enhancement, it is a structural control requirement because access without data context is indistinguishable from overexposure. Practitioners should treat data sensitivity as part of entitlement logic, not as a separate downstream review.
Ephemeral access review debt is now a governance problem, not just an operational inconvenience. When AI agents and automated workflows can create access paths faster than review cadences, the programme inherits a blind spot between assignment and certification. The assumption that access will persist long enough to be reviewed was designed for slower human-paced governance. That assumption fails when runtime access decisions change as data posture changes, and the implication is that periodic review alone no longer defines effective control.
Hidden identity access to regulated data is the real risk multiplier. The issue is not simply that more identities exist, but that the identities are hidden from the teams responsible for data sensitivity and compliance. Once service accounts, workflows, and AI agents can reach classified data without shared context, the organization loses the ability to explain exposure, prioritise remediation, or prove least privilege. Practitioners should see unified identity-data visibility as a prerequisite for defensible governance.
Continuous control is replacing static certification as the meaningful unit of assurance. The article points to a world where security teams must move from point-in-time access reviews to policy enforcement that reacts to data changes in minutes. That aligns with OWASP-NHI and NIST CSF thinking: expose, evaluate, and constrain the identity path to sensitive information continuously. The practical conclusion is that governance programmes need to be measured by how quickly they reduce exposure, not how complete the next review cycle looks.
AI scale is compressing the gap between discovery and misuse. When AI adoption expands faster than visibility, the security question shifts from whether an access grant exists to whether the program can still justify it after the data changes. This is where cross-domain governance matters: NHI control, IAM policy, and DSPM context must be interpreted together. Practitioners should reframe AI access risk as a combined identity and data governance issue, not a tool-specific issue.
From our research:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- From our research: 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- For related guidance, see 52 NHI Breaches Analysis for the breach patterns that show why identity-only reviews fail when privileges and exposure are left unchecked.
What this signals
Identity-data convergence is becoming a programme-level requirement, not a nice-to-have integration. Once AI systems and service accounts can reach regulated data at scale, security teams need one control plane that interprets entitlement and sensitivity together. With 96% of organisations storing secrets outside secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to the Ultimate Guide to NHIs, the operational problem is already larger than most access-review workflows can see.
Data-aware governance will increasingly determine how fast teams can reduce privilege creep. Static certifications cannot keep up with identities that change behaviour faster than the review cycle. The programme signal to watch is how quickly access can be re-evaluated when a dataset changes classification or exposure state, because that is where continuous control becomes real rather than theoretical.
Ephemeral credential trust debt: access that looks acceptable at issuance can become unjustified as the data context changes, which means organisations should measure not only who has access, but how quickly governance reacts when the data behind that access changes. Teams that cannot shorten that gap will keep certifying stale access with fresh paperwork.
For practitioners
- Connect recertification to data sensitivity Include dataset classification, exposure state, and owner validation in every access review for service accounts and AI agents that can touch regulated information.
- Prioritise entitlements by data blast radius Rank non-human identities by the sensitivity of the data they can reach, then revoke broad access first where contractors, shared roles, or automation intersect.
- Automate policy reevaluation on data changes Trigger entitlement checks when new PII, PHI, PCI, financial records, or secrets are discovered, rather than waiting for the next scheduled certification.
- Unify identity and data telemetry Feed access recency, anomalous activity, and sensitivity labels into one governance workflow so remediation can happen before exposure widens.
Key takeaways
- AI-driven access is exposing a long-standing split between identity governance and data security.
- Non-human identities become materially riskier when their entitlements are not evaluated against the sensitivity of the data they can reach.
- Security teams should move from periodic review to continuous, data-aware enforcement if they want least privilege to hold at AI scale.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Covers NHI rotation and entitlement hygiene for service accounts and agents. |
| NIST CSF 2.0 | PR.AC-4 | Access permissions must reflect real data sensitivity, not stale assumptions. |
| NIST Zero Trust (SP 800-207) | AC-6 | Zero Trust requires ongoing verification of who can reach sensitive assets. |
Apply continuous authorisation to identities that access regulated data through automation or agents.
Key terms
- Data-aware least privilege: A governance model that limits access based on both identity and the sensitivity of the data being accessed. In practice, the entitlement may be valid for one dataset but unjustified for another, so policy must evaluate context at runtime or during continuous review.
- Identity-data convergence: The operational linking of identity governance signals with data discovery and classification signals. It allows security teams to see not only who has access, but whether that access reaches sensitive or regulated data, which is essential for defensible remediation and certification.
- Ephemeral credential trust debt: The gap between access being granted and the governance programme proving that the access is still justified. The risk grows when data sensitivity changes faster than review cycles, leaving credentials or entitlements active after their original purpose has expired.
Deepen your knowledge
AI agent governance and data-aware least privilege are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is trying to connect identity controls with data context, it is worth exploring.
This post draws on content published by Cyera: Cyera and Saviynt Secure AI’s Data Access at Scale. Read the original.
Published by the NHIMG editorial team on 2026-03-19.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
