AI data security readiness is lagging enterprise adoption

At a glance

What this is: This report says AI adoption has crossed into mainstream operations, but visibility into usage is still too weak to govern it safely.

Why it matters: For IAM teams, the gap matters because AI can function like a shadow identity, forcing NHI, autonomous, and human governance programmes to converge around usage visibility and control boundaries.

By the numbers:

• 83% of enterprises already use AI in daily operations
• only 13% have strong visibility into how it’s being used
• more than 900 security leaders

👉 Read Cyera's 2025 report on AI data security readiness and visibility gaps

Context

AI data security becomes an identity problem once systems start acting with enough autonomy, speed, and reach to outpace normal governance. In practice, the issue is not just model risk or data leakage. It is that AI usage can sit outside the visibility, entitlement, and review processes that IAM teams rely on to define who or what is allowed to do what.

Cyera's report frames this as a readiness gap: enterprises have adopted AI faster than they have adapted their controls for discovery, access oversight, and data exposure. That is especially relevant for NHI programmes, because AI systems often behave like unmanaged non-human identities even when they are not formally classified that way.

Key questions

Q: How should security teams govern AI systems that access sensitive data?

A: Security teams should govern AI systems the same way they govern other high-risk non-human access paths. Start by inventorying every connector, token, and service account the system uses, then assign ownership, define the data it may reach, and require review before production use. If the access path cannot be explained, it should not be trusted.

Q: Why does AI adoption create an identity governance problem?

A: AI adoption creates an identity governance problem because the system that accesses data is often only loosely visible to IAM. When teams cannot see who or what is connected, they cannot enforce least privilege, perform effective reviews, or revoke access cleanly. The governance gap is therefore operational, not theoretical.

Q: What do organisations get wrong about shadow AI risk?

A: Organisations often treat shadow AI as a tooling issue when it is really an inventory and entitlement issue. The main failure is not the model itself, but the untracked identity, credentials, and data connections that let it operate outside normal governance. Without discovery, controls arrive too late.

Q: How do teams know whether AI access controls are working?

A: AI access controls are working only when security teams can answer three questions quickly: what AI systems exist, what identities they use, and what data each one can reach. If any of those answers require manual detective work, the control environment is incomplete.

Technical breakdown

Shadow AI as an identity visibility problem

Shadow AI is not only an asset discovery issue. It is an identity visibility problem because AI systems may access data, services, and workflows without being fully registered in the governance stack. When security teams cannot see where AI is operating, they cannot confidently apply access reviews, data classification, or privilege boundaries. The result is a control blind spot that looks like routine adoption from the business side but behaves like unmanaged identity from the security side.

Practical implication: build discovery processes that tie AI usage to accounts, tokens, service principals, and data access paths.

Why AI usage outpaces traditional access controls

Traditional access control assumes stable subjects, known workflows, and reviewable entitlements. AI usage breaks those assumptions because it can be adopted quickly, embedded across departments, and connected to multiple data sources with limited central oversight. Even when an organisation has policy controls, they often sit downstream of the real decision point, which is who can connect AI systems to data in the first place. That makes governance incomplete even when individual tools appear secured.

Practical implication: move entitlement review upstream to the points where AI tools are connected to data and workflows.

The data exposure layer in AI governance

AI governance fails when data controls are treated separately from identity controls. If an AI system can reach sensitive data through broad API permissions, weak integration boundaries, or poorly scoped service access, the organisation has an exposure problem rather than a model problem. In NHI terms, the key risk is not just the system itself but the credentials and trust relationships that let it operate. That is why AI readiness must include both access governance and data security posture management.

Practical implication: map AI data pathways to the identities and secrets that enable them, then narrow those pathways first.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI readiness gaps are becoming identity governance gaps. Once AI is embedded in daily operations, the governance question shifts from whether the business is using it to whether security can still see and control the subjects doing the accessing. That matters because AI often reaches sensitive systems through non-human credentials, delegated access, and loosely governed integrations. The practitioner conclusion is straightforward: AI governance cannot be treated as a separate workstream from identity governance.

Shadow AI is the right named concept for this problem space. It captures AI systems that are present, productive, and materially risky without being fully visible to governance teams. The article's 13% visibility figure shows why discovery is not a housekeeping task but the precondition for enforcement. The practitioner conclusion is to treat undocumented AI access as an identity inventory failure until proven otherwise.

AI systems behave like unmanaged NHIs long before they are officially classified that way. That is the practical bridge for IAM teams, because the control failures look familiar even when the technology stack is new: weak inventory, unclear ownership, and access paths that outlive their intended use. OWASP-NHI and NIST CSF are relevant here because the operating model is the same problem in a different wrapper. The practitioner conclusion is to govern AI by its access path, not by its label.

The real failure mode is not adoption, it is ungoverned connectivity. Enterprises can have broad AI usage and still lack the entitlement discipline needed to prevent data overexposure. When AI systems are connected to sensitive repositories without a clear owner, review cycle, or data boundary, the organisation has created a standing trust relationship it cannot easily explain. The practitioner conclusion is to re-evaluate every AI-to-data connection as a privilege decision, not a productivity choice.

AI readiness will increasingly be judged by control convergence, not tool count. The market signal here is that separate policies for AI, data, and identity are no longer enough. Practitioners need one governance model that can handle human users, service identities, and AI-enabled access in a single control view. The practitioner conclusion is to align IAM, NHI, and data security posture now, before AI usage becomes too distributed to reconstruct.

From our research:

• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
• Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks.
• That is why the Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs matters: AI access must be governed through ownership, rotation, and offboarding, not left to ad hoc integration.

What this signals

Shadow AI is likely to move from a discovery problem to a governance benchmark. As enterprises standardise AI usage, the differentiator will be whether teams can attach each deployment to a known identity, data boundary, and owner. The organisations that do this well will be able to review AI access like any other privileged path, while others will keep inheriting invisible connections that nobody can confidently revoke.

The lesson for practitioners is to prepare for a single control plane that spans human users, service identities, and AI-enabled access. That means aligning identity inventory, data classification, and entitlement review so the same approval logic can be applied across all three. Without that convergence, AI will continue to expand faster than the programme can explain.

With 72% of organisations already reporting or suspecting non-human identity breaches, per our 2024 ESG Report: Managing Non-Human Identities, AI visibility gaps should be treated as an exposure signal, not a novelty. The forward move is to bring AI access under the same lifecycle discipline used for other NHIs.

For practitioners

• Inventory AI access paths, not just AI tools Track every AI system, integration, service account, token, and data source it can reach. Discovery should answer which identity is used, which data it touches, and who owns the connection.
• Tie AI onboarding to explicit ownership Require named business and security owners before an AI system can connect to production data. No owner means no approval, no exception, and no standing integration.
• Review entitlements at the data boundary Assess where AI systems can read, write, export, or summarise sensitive information. Use the data boundary as the review point, because model settings alone do not limit exposure.
• Classify AI connectors as non-human identities Register AI integrations, API keys, and delegated access paths in the same governance process used for service accounts and other non-human identities. That keeps review, ownership, and revocation consistent.

Key takeaways

• AI security has become an identity governance problem because visibility into usage is far behind adoption.
• The most material risk is ungoverned connectivity between AI systems, credentials, and sensitive data.
• Teams need one governance model that covers human users, service identities, and AI access paths together.

Key terms

• Shadow AI: Shadow AI is AI use that is active in the enterprise but not fully visible to security and governance teams. It typically appears through unsanctioned apps, embedded integrations, or delegated access paths that were never brought into the official inventory.
• AI data security: AI data security is the practice of controlling what data AI systems can reach, process, or expose. In practice, it combines access governance, data classification, and entitlement review so that AI cannot widen exposure simply by being widely deployed.
• Non-human identity: A non-human identity is any digital identity used by a machine, workload, bot, token, certificate, or AI system rather than a person. These identities often have privileged access and require lifecycle controls, ownership, and revocation discipline to stay governable.
• Identity visibility: Identity visibility is the ability to see which subjects exist, what they are entitled to do, and what systems they can reach. For AI governance, visibility is the prerequisite for review and control because unseen access cannot be risk-assessed reliably.

Deepen your knowledge

AI data security and shadow AI governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are trying to extend identity governance into AI-connected environments, it is worth exploring.

This post draws on content published by Cyera: The 2025 State of AI Data Security Report. Read the original.