AI agent governance is outpacing identity controls at Gartner SRM 2026

At a glance

What this is: This is an event briefing on shadow AI and AI agent governance, arguing that AI agents and other non-human identities are expanding faster than traditional identity controls can track.

Why it matters: It matters because identity programmes now have to govern human, machine, and agentic access together, or risk losing visibility into privilege, data access, and accountability across the full estate.

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

👉 Register for SailPoint's Gartner SRM 2026 session on shadow AI and NHI governance

Context

AI agent governance is moving from a theoretical concern to an operational identity problem. When non-human identities can act at machine speed, select tools dynamically, and reach across systems with significant privilege, the issue is no longer just access management. It becomes a question of who or what is allowed to act, what that actor can touch, and how the organisation proves accountability once the action has happened.

This event sits squarely in the overlap between NHI governance, agentic AI identity, and broader identity lifecycle control. The practical challenge is not whether AI agents will be deployed. It is whether existing IAM, IGA, and compliance processes can keep pace when identity populations expand faster than review cycles and security teams cannot reliably see what the agent accessed or changed.

Key questions

Q: How should security teams govern AI agents that can act across multiple systems?

A: Security teams should treat AI agents as governed non-human identities with owners, scope, and lifecycle controls. That means inventorying the agent, constraining its access, tying activity to telemetry, and reviewing its permissions when behaviour changes. If the agent can reach systems directly, governance must track both identity and action, not just authentication.

Q: Why do AI agents create more identity risk than ordinary automation?

A: AI agents can choose actions at runtime, which means their behaviour may diverge from the original approval intent. Ordinary automation usually follows a fixed path, but agentic systems can combine tools, access new data, and change execution timing. That makes privilege harder to define, review, and contain using static IAM assumptions.

Q: What breaks when shadow AI is not included in identity governance?

A: What breaks is ownership, visibility, and accountability. Unmanaged AI tools can acquire access, touch data, and expose credentials without appearing in standard review workflows. Once that happens, the organisation may discover the activity only after a security event, when the identity lifecycle has already been lost.

Q: Who is accountable for AI agent access when an incident occurs?

A: Accountability sits with the business owner of the agent, the team that approved its access, and the identity function that enforced or failed to enforce lifecycle controls. If the agent was unsanctioned, the accountability gap itself becomes the finding. Governance frameworks should make ownership explicit before production use.

Background and context

Shadow AI and the non-human identity problem

Shadow AI appears when AI tools or agents are introduced outside formal governance, creating identities that are not fully inventoried, owned, or reviewed. In identity terms, the risk is not just an unknown application. It is an unmanaged non-human identity with credentials, permissions, and data access that may bypass standard joiner-mover-leaver and recertification processes. Once that happens, the programme loses the ability to distinguish sanctioned automation from unsanctioned runtime behaviour.

Practical implication: build discovery and ownership assignment for every AI-facing identity before expanding agent permissions.

Why machine-speed privilege breaks traditional governance

Traditional governance assumes privilege can be reviewed after assignment and before harm. AI agents invert that model by operating quickly, across multiple tools, and often with broad access that is difficult to meaningfully certify in static review windows. If the control model depends on periodic human review, it will always lag behind agent activity. The technical issue is not only privilege size, but the speed and variability of action relative to governance cadence.

Practical implication: move from periodic review to event-based governance signals tied to agent actions and entitlements.

Auditing AI agent data access and action scope

Auditing agent behaviour requires more than logs for authentication. Security teams need visibility into which datasets, systems, and actions an agent touched, plus whether those actions stayed within intended scope. That means binding identity, authorisation, and activity telemetry together so investigators can reconstruct what happened. Without that linkage, the organisation may know an agent existed but still be unable to prove whether it crossed policy boundaries or exposed sensitive information.

Practical implication: correlate identity, access, and action telemetry so agent activity can be investigated end to end.

NHI Mgmt Group analysis

Shadow AI is an identity governance problem before it is an AI security problem. The article describes unsanctioned AI tools and agent swarms, but the deeper issue is that security teams are inheriting identities they did not design, approve, or inventory. Once those identities can act with privilege, the programme loses lifecycle control, recertification loses coverage, and accountability becomes fragmented. Practitioners should treat shadow AI as unmanaged identity sprawl with consequences for access governance.

Machine-speed action collapses the usefulness of human-paced review cycles. Non-human identities that operate at runtime can create, use, and abandon access faster than periodic certification can observe. That is not just a tooling gap, it is a governance cadence mismatch under NIST-CSF and OWASP-NHI thinking. The implication is that identity control for AI agents cannot rely on post-hoc review as the primary control plane.

AI agent risk is forcing convergence between NHI governance and autonomous behaviour oversight. Even when the article does not prove full autonomy, it shows that runtime agent behaviour is already stretching NHI assumptions about stable privilege, known intent, and reliable ownership. As agent populations grow, the boundary between machine identity management and agent governance will narrow. Practitioners should expect identity programmes to absorb both disciplines into one operating model.

Real control comes from knowing which identities are sanctioned, which are agentic, and which are merely invisible. The key governance failure is not only excess privilege, but incomplete identity classification across human, machine, and AI actors. That is where discovery, ownership, and policy enforcement converge. Teams that cannot classify the identity cannot govern the access.

From our research:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• Top 10 NHI Issues helps teams map this blind spot to governance controls, while OWASP NHI Top 10 gives a framework for agentic access risk.

What this signals

Identity programmes will need a new control pattern for shadow AI. The practical signal from this event is that discovery alone is no longer enough. Teams need classification, ownership, and policy enforcement across every non-human actor, or the estate will keep expanding outside review. The governance gap is already visible in our research: 48% of companies cannot fully track and audit the data their AI agents access, which turns incident response into guesswork.

Agentic identity will force IAM and IGA teams to work as one operating model. Review, approval, and remediation can no longer sit in separate process silos when the actor can change scope mid-session. The next maturity step is linking identity telemetry with action telemetry so teams can see not just that an agent authenticated, but whether it stayed inside authorised boundaries. That is where OWASP Agentic AI Top 10 becomes operationally relevant.

Sanctioned access and visible access will diverge unless owners are forced into the loop. When agent populations scale, the organisations that win governance maturity will be the ones that can say who owns each identity, why it exists, and what happens when its behaviour changes. Without that, the programme accumulates identity debt in the same way it accumulates secret sprawl and privilege creep.

For practitioners

• Establish a complete inventory of AI-facing identities Record every sanctioned AI tool, agent, service account, token, and API credential with a named owner and business purpose. Tie each record to a lifecycle path so shadow AI cannot remain outside governance after deployment.
• Bind review cadence to agent activity signals Replace purely periodic access reviews with event-based triggers when an agent touches sensitive systems, changes scope, or accesses new datasets. Use those signals to initiate recertification, escalation, or suspension before the next review cycle.
• Separate sanctioned automation from unsanctioned agents Define policy that distinguishes approved non-human identities from ad hoc AI tools used by teams, then enforce discovery controls across cloud, SaaS, and workflow platforms. This is where the article's shadow AI risk becomes measurable rather than anecdotal.
• Correlate identity, access, and action telemetry Ensure logs show who or what authenticated, what it accessed, and what it actually did. Without that chain, incident response cannot reconstruct whether an agent stayed in scope or crossed into unauthorised activity.

Key takeaways

• AI agents are already acting outside intended scope, which makes identity governance a current operational issue rather than a future risk.
• The scale problem is visibility: if half the estate cannot audit agent data access, compliance and investigation controls are already incomplete.
• Practitioners should move from periodic review to owner-led, telemetry-backed governance for every non-human identity that can act at runtime.

Key terms

• Shadow AI: Shadow AI is the use of AI tools or agents that operate outside formal security governance. In identity terms, it means an organisation has non-human actors with access, but no reliable inventory, ownership, or lifecycle control over how they are used.
• Agentic identity: Agentic identity is a non-human identity that can select actions at runtime and interact with tools or data in pursuit of a goal. The security challenge is not only authentication, but controlling scope, ownership, and accountability when behaviour can shift during execution.
• Identity lifecycle: Identity lifecycle is the process of creating, governing, reviewing, changing, and removing access for an identity over time. For AI agents and other NHI, the lifecycle must include ownership, scope changes, and offboarding, because access can persist unnoticed even when the actor is no longer intended to operate.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by SailPoint: Gartner Security & Risk Management Summit London event briefing on shadow AI and non-human identity governance. Read the original.