TL;DR: More than 700 security professionals report that 90% of organisations experienced an insider incident in the past year, 94% say AI is increasing exposure, and 54% report confirmed or suspected AI-related insider incidents, according to Gurucul's 2026 Insider Risk Report. The lesson is that insider risk has shifted from isolated events to continuous, cross-domain identity behaviour that legacy monitoring is not built to contain.
At a glance
What this is: Gurucul's 2026 insider risk research argues that AI is now part of the insider threat surface and that traditional models are struggling to keep up.
Why it matters: IAM, NHI, and security teams need to treat AI-driven activity as part of identity governance because access, behaviour, and response now cut across human users, machine identities, and delegated AI actions.
By the numbers:
- 90% of organizations experienced at least one insider incident in the past 12 months.
- 94% of organizations say AI adoption is increasing their insider risk exposure.
- 53% of organizations say insider attacks are harder to detect than external cyber threats.
- 11% of insider incidents exceed $2 million to remediate.
👉 Read Gurucul's 2026 Insider Risk Report on AI as a new insider threat
Context
Insider risk is no longer just about a malicious employee or a compromised account. In enterprises that are adopting AI tools, the real problem is that identity, behaviour, and access now move across people, service accounts, and AI-driven workflows faster than static review processes can keep pace.
That matters because insider-risk programmes were built around stable subjects and observable events. When AI operates inside trust boundaries with delegated access, the governance question changes from who clicked what to which identities can act, escalate, and blend into ordinary business activity without a clear human operator behind them.
Key questions
Q: How should security teams govern AI tools that behave like insiders?
A: Treat AI tools as governed identities whenever they can access data, trigger actions, or influence workflows. Assign ownership, define their authority, monitor their behaviour across systems, and make revocation possible without waiting for manual review. The key is to govern delegated access as part of insider risk, not as a separate AI issue.
Q: Why do insider risk programmes struggle with AI-driven activity?
A: They were designed for stable users and discrete events, not for delegated, fast-moving activity that can blend into normal work. AI tools can spread actions across email, documents, and workflow systems, which breaks event-only monitoring. The result is delayed recognition and weaker containment when abuse happens.
Q: What signals show that insider risk controls are not keeping pace with AI adoption?
A: Look for tool fragmentation, weak cross-system correlation, slow containment, and high reliance on manual triage. If analysts can identify suspicious behaviour but cannot connect it to an identity owner or stop it quickly, the programme is seeing risk without controlling it.
Q: Who should be accountable for AI-related insider incidents?
A: Accountability should sit with the teams that own the identity, the workflow, and the data the AI can reach. If no one can revoke access, interpret behaviour, or approve exceptions, the programme has a governance gap rather than an alerting problem.
Technical breakdown
Why AI changes insider risk detection
Traditional insider-risk tools assume the subject under review is a person or a fixed account with a predictable behaviour pattern. AI tools break that assumption because they can act inside collaboration platforms, generate content, trigger workflows, and access data at machine speed. That creates activity streams that look ordinary at the point of execution but are abnormal in sequence, context, or volume. The practical challenge is not just more alerts. It is that event-level monitoring misses the behavioural chain that reveals abuse, especially when AI actions are distributed across multiple systems.
Practical implication: shift from event review to cross-system behavioural correlation for AI-enabled identity activity.
How insider risk spreads across human and non-human identities
Modern insider risk is an identity problem, not just a user-behaviour problem. Human users, service accounts, tokens, and AI agents can all sit inside the same workflow, share access paths, and produce indistinguishable logs if governance is weak. That means one compromised or over-privileged identity can hide inside another identity's normal operating pattern. When organizations treat machine activity as separate from insider risk, they lose sight of privilege propagation, delegated access, and the handoffs where misuse often starts.
Practical implication: map insider-risk controls to every identity type that can reach sensitive data, not only employees.
Why detection to response remains the weak link
The report's detection numbers point to a familiar control gap: organisations can often spot suspicious activity, but they cannot contain it quickly enough. AI-assisted triage can help prioritise cases, yet response still depends on identity context, ownership, and authority to revoke or constrain access. In practice, that means many teams can see the problem earlier but still fail to interrupt the workflow before damage is done. The architecture gap is in response orchestration, not just detection accuracy.
Practical implication: align incident response authority with identity controls so suspicious AI activity can be contained before workflow completion.
Threat narrative
Attacker objective: The objective is to hide abuse, move through trusted workflows, and extract value or data while appearing operationally normal.
- Entry occurs when AI copilots, generative tools, or delegated machine identities operate inside normal enterprise trust boundaries and gain access to email, documents, workflows, or data stores.
- Escalation occurs when that access blends into routine business activity, allowing privileged behaviour, data movement, or process manipulation to continue without obvious human accountability.
- Impact occurs when insider incidents become costly, difficult to contain, and cross-domain, with organizations reporting high remediation expense and reduced detection clarity.
Breaches seen in the wild
- Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
- DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
AI has become an insider-risk subject, not just an enabler of insider-risk operations. The report's framing is directionally right because AI systems now sit inside email, documents, and workflows with delegated authority. That changes insider-risk governance from monitoring people to governing behaviour across identity types. Practitioners should treat AI activity as part of the insider surface, not as a separate analytics problem.
Cross-domain identity correlation is now the real control boundary. Traditional insider programmes fragment the picture when they split human user activity from machine activity and AI-driven actions. The result is loss of context at the exact point where behaviour becomes suspicious. The practitioner conclusion is simple: if your programme cannot connect identity, access, and behaviour across systems, it cannot explain modern insider risk.
Shadow AI is the operational analogue of shadow IT for insider risk. Once employees adopt AI tools faster than security can inventory them, governance loses the ability to define who or what is acting with authority. That is not a tooling gap alone. It is an accountability problem that grows wherever delegated access is invisible. Practitioners need to assume that unmanaged AI is already inside the trust boundary.
Continuous insider risk demands lifecycle governance, not just detection technology. The report shows why point-in-time review is too slow for an environment where access, usage, and abuse can evolve continuously. Identity lifecycle controls, access review, and delegated-authority governance have to extend to machine and AI identities as well as humans. The discipline is the same, but the actor types are different.
From our research:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks.
- That pattern is why practitioners should also revisit NHI Lifecycle Management Guide for provisioning, rotation, and offboarding controls that reduce standing exposure.
What this signals
Shadow AI will force insider-risk teams to operationalise identity inventory. If you cannot enumerate which AI tools, service accounts, and delegated workflows can reach sensitive data, you cannot distinguish legitimate automation from abnormal insider behaviour. That makes identity discovery a prerequisite for detection quality, not just a compliance exercise.
The practical threshold is shifting from alert volume to explainability. Teams will need to show how an action moved across identities, where authority changed, and which control should have stopped it. That is where frameworks like the NIST Cybersecurity Framework 2.0 and the Top 10 NHI Issues become operational rather than theoretical.
Identity correlation is becoming the control plane for insider-risk maturity. The organisations that succeed will be the ones that can join human, machine, and AI activity into one response model. That is a lifecycle and governance problem first, and a detection problem second.
For practitioners
- Unify identity telemetry across users, machines, and AI tools Correlate authentication, workflow, data access, and behavioural logs so insider-risk analysts can follow a single chain of activity across systems. Without that join, AI-driven activity will look like background work until the impact is already material.
- Classify AI tools as insider-risk subjects with named owners Assign business and technical ownership to every AI system that can act inside enterprise workflows. Document what data it can reach, what actions it can take, and who can revoke those rights when its behaviour changes.
- Extend access review to delegated and non-human access paths Review not only employee entitlements but also service accounts, tokens, copilots, and workflow automations that inherit authority from a human sponsor. If an identity can move data or trigger business processes, it belongs in governance scope.
- Tune incident response for machine-speed containment Pre-authorise response steps for suspicious AI activity, including session termination, token revocation, workflow suspension, and privilege reduction. Insider-risk teams need containment options that can act before a task completes, not after manual triage finishes.
Key takeaways
- AI now belongs inside the insider-risk model because it can act with delegated authority across ordinary business workflows.
- The main failure is not a lack of alerts, but an inability to correlate identity, behaviour, and access quickly enough to contain abuse.
- Practitioners should extend insider-risk governance to machine identities, delegated AI access, and response actions that can stop activity before workflow completion.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | DE.AE-1 | Insider risk depends on anomalous event detection across humans and machines. |
| OWASP Non-Human Identity Top 10 | NHI-01 | AI tools acting with delegated authority are non-human identities in practice. |
| NIST Zero Trust (SP 800-207) | PR.AC-4 | Continuous verification is needed when access and behaviour change across workflows. |
Correlate identity and behaviour telemetry to improve anomaly detection across identity types.
Key terms
- Insider Risk: Insider risk is the chance that trusted access will be used, misused, or abused from inside the organisation's own identity boundary. It covers human users, service accounts, tokens, and AI-driven activity when they can reach data or processes with legitimate access.
- Delegated Authority: Delegated authority is access that an identity receives from another actor rather than obtaining directly through its own lifecycle. In AI and machine contexts, it becomes a governance challenge because the holder can act inside approved boundaries while still creating material risk.
- Shadow AI: Shadow AI is AI tooling or agents that operate without full visibility, approval, or governance from security and identity teams. The risk is not just unapproved software, but hidden access paths, hidden data use, and hidden accountability when the tool behaves inside trusted workflows.
- Identity Correlation: Identity correlation is the process of linking events, access, and behaviour across user, machine, and AI identities so analysts can follow one action chain end to end. It is essential when abuse crosses systems and single-log review no longer tells the full story.
What's in the full report
Gurucul's full report covers the survey detail this post intentionally leaves for the source:
- Breakdowns of insider-risk perceptions across 700-plus IT and cybersecurity professionals by response maturity.
- The full set of reported AI-related insider risk findings, including the 45% and 88% classifications of AI as an insider risk subject.
- Detailed ROI framing for the AI Insider Threat Agent, including the reported 83% return figure for teams using it.
- The report's supporting commentary from Gurucul and Cybersecurity Insiders on continuous insider risk and machine-speed response.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
Published by the NHIMG editorial team on 2026-03-18.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org