AI agent governance is outpacing enterprise IAM controls

At a glance

What this is: This is a 1Password survey of security leaders showing that AI tool adoption is outrunning visibility, policy enforcement, data controls, and identity governance.

Why it matters: It matters because AI tools and agents are already entering identity and access paths that were built for human users and conventional service accounts, leaving IAM, IGA, and PAM teams with blind spots they cannot ignore.

By the numbers:

• Only 21% of security leaders say they have full visibility into AI tools used in their organization.
• 54% of security leaders say their AI governance enforcement is weak.
• 56% of security leaders estimate that between 26% and 50% of their AI tools and agents are unmanaged.
• 63% of security leaders believe the biggest internal security threat is that employees have unknowingly given AI access to sensitive data.

👉 Read 1Password's survey findings on AI governance gaps and unmanaged AI

Context

AI tool governance is becoming an identity problem, not just an acceptable-use problem. Once employees connect generative tools, copilots, and embedded agents to corporate data and systems, the security team is no longer only dealing with software adoption. It is dealing with access, auditability, and the question of who or what can act inside the business.

The article shows a familiar pattern in a new form: policy exists faster than enforcement, and access expands faster than visibility. For IAM, IGA, and PAM teams, that means the control model has to cover discovery, approval, monitoring, recertification, and revocation for AI-driven access paths, not just for human users and classic service identities.

Key questions

Q: What breaks when AI tools are used without identity governance?

A: When AI tools bypass identity governance, organisations lose visibility, ownership, and revocation discipline. That creates shadow access paths, weak audit trails, and uncontrolled data sharing. The result is not just policy drift. It is a governance gap where AI can reach systems and sensitive data without the same lifecycle controls expected for other non-human identities.

Q: Why do AI agents complicate IAM and IGA programmes?

A: AI agents complicate IAM and IGA because they can be provisioned informally, reused across workflows, and left outside recertification cycles. Traditional governance assumes stable identities and reviewable access states. AI usage often moves faster than those cadences, which means ownership, approval, and revocation can all become unclear.

Q: How do teams know whether AI governance is actually working?

A: Teams should look for three signals: they can discover AI tools in use, they can enforce policy consistently, and they can prove who approved access and data sharing. If any of those are missing, governance is mostly documentary. Real control means the organisation can see, restrict, and revoke AI access paths on demand.

Q: Who should own risk when employees give AI tools access to sensitive data?

A: Accountability should sit with the business owner of the use case, the identity team managing access, and the security function defining policy enforcement. If no named owner can approve, monitor, and revoke AI access, the organisation has created an unmanaged identity path. Governance fails when ownership is diffuse.

Technical breakdown

AI tool visibility and the access trust gap

Visibility is the first control boundary in AI governance because you cannot enforce policy against what you cannot see. In practice, employees may use sanctioned copilots, unsanctioned browser tools, or embedded AI features that never pass through formal inventory and approval channels. That creates an access trust gap: the organisation assumes access is controlled, while the actual tool footprint is broader and less governed. The result is inconsistent enforcement, shadow AI, and incomplete audit evidence across both data and identity planes.

Practical implication: build AI discovery into SaaS governance, endpoint telemetry, and access review workflows before policy enforcement can be credible.

Policy enforcement for AI access and data sharing

AI governance fails when policy exists only as a document. Effective enforcement requires deciding what the organisation will monitor, what it will block, and what exceptions it will tolerate for business use. The article also highlights a data-sharing problem: employees can unintentionally expose sensitive data when they paste it into tools that may retain or reuse it. That turns governance into a combined access and data control problem, because the same action can create identity risk, compliance exposure, and loss of information control at once.

Practical implication: pair AI policy with technical controls that can detect, limit, and audit data flow into external AI services.

Unmanaged AI agents and identity lifecycle failure

The most consequential finding is that many AI tools and agents are operating outside formal identity governance. Some receive shared credentials, some are hard-coded into workflows, and some connect directly to sensitive systems without lifecycle controls. That is an identity lifecycle failure, not just a tooling gap. If an AI actor can be provisioned informally, used broadly, and never recertified or revoked on schedule, the organisation loses traceability and accountability across the full access lifecycle.

Practical implication: extend identity lifecycle controls to AI agents so provisioning, recertification, and revocation are explicitly governed.

NHI Mgmt Group analysis

AI governance is becoming an access-governance problem before it becomes a model-risk problem. The article shows security leaders struggling first with visibility, enforcement, and uncontrolled access paths, not with algorithmic behaviour. That matters because the primary failure mode is not the AI output itself but the identity path that lets the tool reach data and systems without governance. Practitioners should treat AI adoption as an access expansion event.

Unmanaged AI is a governance category, not a fringe exception. When more than half of security leaders estimate that 26% to 50% of AI tools and agents are unmanaged, the issue is structural, not isolated. This is where NHI governance meets AI adoption: the organisation has created machine access paths that bypass the same lifecycle controls expected for service accounts and other non-human identities. The implication is that AI access cannot be treated as an exception process.

Access trust gap: AI tool sprawl creates the illusion of policy control while undermining actual enforcement. Access trust gap is the named concept here. It describes the widening gap between declared policy and observable, enforceable AI usage across the enterprise. In this article, policies exist, but visibility and monitoring are too weak to prove they are effective. Practitioners should recognise that governance without enforceable discovery is only documentation.

Identity lifecycle controls are now the minimum viable control set for AI agents. The article’s strongest signal is that teams are already talking about provisioning, tracking, recertifying, and revoking AI access. That is lifecycle language, which means the governance model is converging with NHI discipline. If AI tools can be connected to sensitive systems, then lifecycle accountability, not just acceptable-use policy, becomes the control surface that matters most.

The human IAM playbook alone cannot absorb autonomous or semi-autonomous AI usage. Human-centric controls assume stable users, predictable session patterns, and reviewable behaviour over time. AI agents and tools break those assumptions by creating non-human access paths that may be embedded, shared, or hidden. The practical conclusion is that IAM, IGA, and PAM teams must govern AI as a distinct identity class rather than as a variation of employee software usage.

From our research:

• 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
• Another finding from the same research shows that only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared with nearly 1 in 4 for securing human identities.
• For a broader lifecycle view, NHI Lifecycle Management Guide explains how provisioning, rotation, and offboarding need to work when access is non-human and continuously changing.

What this signals

Access trust gap: security teams should treat AI adoption as an identity expansion problem because governance breaks first at discovery and enforcement, not at the model layer. The right signal is whether AI tools, agents, and integrations are visible enough to be owned, reviewed, and revoked like any other access path.

The programme implication is straightforward: if you cannot recertify AI access, you do not actually govern it. That is why lifecycle thinking matters here, and why the same discipline used for machine identity now needs to extend to AI tools and agents across the enterprise.

A useful benchmark comes from The State of Non-Human Identity Security, where 85% of organisations lacked full visibility into third-party vendors connected via OAuth apps. The pattern is the same: once access is distributed across tools and integrations, visibility becomes the prerequisite for every other control.

For practitioners

• Inventory AI tools and agent access paths Map sanctioned and unsanctioned AI usage across endpoints, SaaS, browser extensions, and embedded application features. Include direct system connections, shared credentials, and API integrations so the inventory reflects actual access, not just approved procurement.
• Tie AI governance to access review workflows Add AI tools and agents to recertification, ownership, and revocation workflows so each access path has a responsible approver and a defined retirement trigger. Treat unmanaged AI the same way you would other non-human identities with standing access.
• Enforce data-handling rules at the point of use Use policy controls, DLP, and SaaS governance to prevent sensitive data from being pasted or synced into external AI services without approval. Make the rule operational by restricting specific tools where the organisation cannot verify retention and reuse behaviour.
• Separate approved AI use from shadow AI Create explicit approval paths for high-risk AI use cases and block or flag tools that bypass them. Pair that with endpoint and tenant-level monitoring so security teams can distinguish business-sanctioned AI from shadow AI before access spreads further.
• Extend PAM thinking to AI-driven privileges For AI systems that reach privileged tools or data, define how access is granted, how scope is limited, and how privileges are removed. Do not allow hard-coded credentials or shared tokens to become permanent shortcuts for AI integration.

Key takeaways

• AI governance is failing first as an access problem, because organisations cannot see or control many of the tools and agents entering their environment.
• The scale of unmanaged AI is already material, with more than half of security leaders estimating that 26% to 50% of their AI tools and agents are unmanaged.
• IAM, IGA, and PAM teams need lifecycle controls for AI access paths, including discovery, recertification, revocation, and data-use enforcement.

Key terms

• Access Trust Gap: The gap between what an organisation believes is controlled and what is actually visible, enforceable, and auditable. In AI environments, the gap grows when tools, agents, and integrations enter workflows without formal identity governance or lifecycle oversight.
• Shadow AI: AI tools or agents that are in use but not formally discovered, approved, or governed by the security team. Shadow AI creates hidden access paths, making it difficult to apply monitoring, policy enforcement, and revocation in a reliable way.
• AI Identity Lifecycle: The governance process for AI tools and agents from initial approval through access provisioning, review, and removal. It is the machine-identity version of lifecycle management, but it must account for fast-changing usage, hidden integrations, and non-human access paths.
• Unmanaged AI: AI tools or agents that operate outside formal identity, access, and audit controls. They may use shared credentials, hard-coded secrets, or direct system connections, which makes them difficult to review, recertify, or revoke when risk changes.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by 1Password: AI governance gaps in the AI-augmented workforce. Read the original.