TL;DR: The gap is no longer adoption, but governance that can keep pace with AI operating across collaboration channels, according to Proofpoint’s 2026 AI and Human Risk Landscape report. The report finds that 87% of organizations already have AI assistants beyond pilot, 76% are rolling out autonomous agents, and 52% are not fully confident their controls would detect a compromised AI, based on a survey of 1,400+ security professionals across 12 countries.
At a glance
What this is: Proofpoint’s global survey shows AI has moved into production faster than security controls, creating a confidence gap around detection and investigation across collaboration channels.
Why it matters: For IAM, PAM, NHI, and AI governance teams, the finding matters because AI assistants and agents are now part of the access and collaboration surface, but controls still lag the way those identities behave across tools.
By the numbers:
- 87% of organizations already have AI assistants deployed beyond pilot.
- 76% are actively rolling out autonomous agents.
- 52% are not fully confident those controls would detect a compromised AI.
- 41% cannot correlate threats across channels at all.
👉 Read Proofpoint's full AI and Human Risk Landscape report
Context
AI collaboration security is no longer an early-stage problem. As assistants and autonomous agents move into production, the governance gap shifts from adoption planning to control coverage, especially where identity, access, and collaboration data intersect.
The core issue is that many security programmes still treat AI as an application layer problem rather than an identity and access problem. When AI systems act across email, SaaS, file sharing, and collaboration tools, the operational question becomes whether the organisation can verify, constrain, and investigate those actions consistently.
Key questions
Q: How should security teams govern personal AI assistants that act on behalf of employees?
A: Treat each assistant as a distinct non-human actor with its own identity, policy scope, and audit trail. Human delegation alone is not enough when the assistant can move across email, documents, calendars, and internal systems. Governance should bind the sponsor, the executor, and the target resource so access reviews and investigations can separate request from action.
Q: Why do AI-related incidents become harder to investigate across email, SaaS, and collaboration apps?
A: They become harder to investigate because the evidence is split across systems that do not naturally share a common identity or action timeline. Attackers can move from consent, to message abuse, to data access without triggering one unified control. Correlation, not just alerting, is what determines whether teams can reconstruct the incident.
Q: What do security teams get wrong about AI access risk?
A: Many teams focus on the model while ignoring the identity path that reaches it. If a service account or token can invoke AI infrastructure, then that credential becomes the real control point. The mistake is treating AI risk as a model problem instead of an access governance problem.
Q: How do organisations know whether AI governance is actually working?
A: AI governance is working when teams can prove that data access, identity permissions, and runtime controls line up with policy in practice. A useful test is whether the organisation can answer who accessed what, through which identity, and whether any out-of-policy movement was blocked or detected in time.
Technical breakdown
Why AI assistants create a new collaboration attack surface
AI assistants deployed inside collaboration workflows can inherit user context, access tokens, and application permissions, which makes them materially different from ordinary automation. Once they can send messages, fetch data, or trigger actions across channels, they become part of the trust fabric that security teams must monitor. The article’s significance is not simply that AI is present, but that its operating context spans systems that were never designed to model AI identity, behaviour, and privilege together.
Practical implication: treat AI assistants as governed identities with explicit scopes, not as informal productivity features.
Why fragmented tooling breaks AI incident investigation
The report’s investigation problem is architectural. If security tools cannot correlate identity, SaaS, collaboration, and agent activity, analysts lose the sequence needed to reconstruct compromise. That is especially dangerous when AI-related activity crosses channels at machine speed, because the incident is not a single alert but a chain of delegated actions, consent events, prompts, and downstream effects. Visibility must therefore follow the path of execution, not just the alert source.
Practical implication: build cross-channel telemetry and identity-linked logging before expanding AI deployment.
Unified control models for collaboration security and AI governance
Proofpoint’s data points to a control-plane problem: organisations are trying to manage AI risk with stacks built for separate email, cloud, and identity workflows. A unified model matters because AI-related misuse often begins with identity abuse, then propagates through collaboration tools into data access or business process manipulation. The relevant architectural challenge is not a single product category, but coordinated policy, detection, and response across the AI system’s operational path.
Practical implication: align AI governance, IAM, and collaboration security so policy follows the AI system across every channel it can touch.
Threat narrative
Attacker objective: The attacker aims to exploit trusted collaboration and AI pathways to steal data, manipulate workflows, or expand access while avoiding detection.
- Entry begins when an attacker abuses email, OAuth consent, or a compromised AI-assisted workflow to gain trusted access into collaboration and SaaS environments.
- Escalation follows as the actor uses that trust to query data, invoke agents, or move from one channel into another without triggering a single isolated control.
- Impact occurs when the attack sequence produces data theft, message abuse, or business process manipulation that security teams cannot easily reconstruct across tools.
NHI Mgmt Group analysis
AI collaboration security is now an identity governance problem, not just a content threat problem. Once AI assistants and autonomous agents operate inside collaboration channels, they inherit trust relationships that IAM, PAM, and NHI teams would normally want to scope tightly. The report’s central lesson is that access, delegation, and visibility have to be managed together across the full collaboration path. Practitioners should treat AI-enabled collaboration as governed identity infrastructure.
Cross-channel visibility is the control gap that turns AI misuse into operational blind spots. The report shows that organisations struggle to correlate threats across email, SaaS, AI assistants, and file-sharing. That is a structural weakness, because AI-driven misuse rarely stays inside one system long enough for isolated controls to make sense. For identity and security leaders, the practical conclusion is that telemetry, policy, and response must share a common execution context.
Unified platform pressure reflects a detection and response problem, not a tool preference. When 41% of organisations cannot correlate threats across channels, the issue is not a missing alert but a missing incident narrative. This is where collaboration security, identity telemetry, and AI governance intersect most sharply. Teams should evaluate whether their current control model can reconstruct delegated actions, consent events, and agent activity before they scale adoption.
AI governance debt: organisations are accumulating AI capability faster than they can define who or what is allowed to act, where, and under whose authority. That debt becomes visible when controls exist on paper but fail in practice because the operating model spans multiple channels and identities. Practitioners should regard this as a governance backlog that will compound with every additional AI workflow.
What this signals
AI governance debt: the organisations most at risk are not the ones lacking tools, but the ones allowing AI systems to accumulate broad, unreviewed access across collaboration channels. That pattern becomes more dangerous as AI assistants move from pilot to production and into delegated action paths that are difficult to reconstruct after the fact.
Identity and collaboration teams should expect more pressure to unify telemetry, policy, and incident response around AI activity, especially where OAuth grants, messaging, and SaaS permissions overlap. The programme question is no longer whether AI can be used safely in isolation, but whether the security stack can prove who or what acted across the whole workflow.
The most practical near-term shift is toward task-scoped access and cross-channel correlation, supported by identity-centric logging and stronger governance over delegated AI actions. Teams that cannot trace an AI decision from approval to execution will struggle to defend both the control model and the incident narrative.
For practitioners
- Map AI assistants and agents to governed identities Inventory every AI assistant, agent, and workflow that can access email, SaaS, collaboration, or file-sharing systems. Assign ownership, scope, and revocation paths so the AI behaves like a managed identity rather than an informal integration.
- Correlate identity events across collaboration channels Join authentication, consent, message, file, and agent telemetry into one investigation path so analysts can follow the sequence of actions across tools. Without cross-channel correlation, AI-related incidents will remain fragmented and slow to contain.
- Constrain AI permissions to task-level access Limit assistants and agents to the minimum permissions needed for a specific workflow, and separate read, write, and delegation capabilities wherever possible. Review whether static credentials or broad OAuth grants are expanding blast radius beyond the business need.
- Test incident response against AI misuse scenarios Run scenarios that start in collaboration tools and end in SaaS or data access, then validate whether your team can reconstruct the chain without manual stitching. Use the exercise to expose gaps in logging, ownership, and containment decisions.
Key takeaways
- AI assistants and autonomous agents are already in production for most organisations, but security governance is still catching up to how they act across collaboration channels.
- The core control gap is not budget or tooling alone, but the inability to correlate identity, consent, and activity across email, SaaS, agents, and file-sharing systems.
- Practitioners should govern AI systems as scoped identities, because task-level access and cross-channel visibility are now basic requirements for defensible AI security.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and MITRE ATT&CK address the attack and risk surface, while NIST AI RMF, NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | NHI-01 | AI assistants and agents in collaboration channels need governed identity scopes. |
| NIST AI RMF | GOVERN | The report centres on accountability and control ownership for AI systems. |
| NIST CSF 2.0 | DE.CM-1 | Cross-channel detection and correlation are central to the report’s findings. |
| NIST SP 800-53 Rev 5 | AC-6 | The article highlights over-privilege and weak task scoping for AI access. |
| MITRE ATT&CK | TA0006 , Credential Access; TA0009 , Collection | OAuth abuse and cross-channel intrusion patterns map to credential access and collection. |
Build monitoring that correlates AI, identity, and collaboration events across email, SaaS, and file-sharing.
Key terms
- AI collaboration security: The set of controls that govern how AI assistants and agents interact with email, SaaS, file-sharing, and collaboration tools. It focuses on identity, permissions, logging, and response across the whole workflow rather than protecting each channel in isolation.
- Cross-Channel Correlation: Cross-channel correlation is the process of linking identity signals from different surfaces into one decision model. It lets security teams see whether a web action, a phone call, a desktop event, and a token event belong to the same identity moment, which is essential for reliable risk decisions.
- AI Governance: AI governance is the set of controls used to discover, classify, approve, restrict, monitor, and revoke AI-enabled access. It connects identity, data, and policy so organisations can manage what AI can reach, what it can share, and when it should be stopped.
- Scoped identity: An identity that is constrained to a specific task, workflow, or service boundary. For AI systems, the concept is essential because it ties access to purpose, limits blast radius, and makes revocation and audit meaningful.
What's in the full report
Proofpoint's full report covers the operational detail this post intentionally leaves for the source:
- Regional comparisons across 12 countries that help benchmark maturity and exposure.
- Real-world incident case studies showing how AI-related attacks move across collaboration channels.
- Threat intelligence on OAuth consent abuse, AI-built phishing infrastructure, and prompt injection in the wild.
- A framework for separating collaboration security from AI security so teams can align the right controls to each problem.
Deepen your knowledge
The NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, machine identity security, and secrets management. It helps practitioners build the identity controls that AI and automation programmes now depend on.
Published by the NHIMG editorial team on July 14, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org