AI discovery and inventory are now core to safe AI adoption

At a glance

What this is: This is an analysis of why AI discovery and inventory are becoming foundational controls as AI tools, agents, and NHIs multiply across enterprise environments.

Why it matters: IAM and NHI practitioners need a complete inventory to assign ownership, control access paths, and reduce shadow AI and agent sprawl before risk becomes unmanageable.

👉 Read Wing Security's analysis of AI discovery and inventory for safe AI adoption

Context

AI discovery is the process of identifying every AI tool, embedded AI feature, agent, integration, and non-human identity operating in an environment. The governance gap is that many of these assets appear through SaaS adoption and employee experimentation before security teams have mapped them, which leaves access paths, data use, and ownership unclear.

For IAM and NHI programmes, the problem is not simply detection. A discovered AI tool still needs to be linked to an owner, permissions model, data exposure profile, and lifecycle state before it can be governed. That is why inventory quality, not just discovery coverage, determines whether the organisation can reduce shadow AI risk or merely count it.

The article’s starting position is typical for organisations moving from ad hoc AI adoption to control design: discovery comes first, but without enrichment and accountability, the inventory remains operationally incomplete.

Key questions

Q: How should security teams govern AI tools that behave like non-human identities?

A: Treat them as managed identities with owners, scopes, review cycles, and revocation paths. AI tools that can act across systems are not just applications, because they inherit permissions and create new access paths. Governance should cover intake, approval, data access, and retirement with the same discipline used for other high-risk NHIs.

Q: What is the difference between AI discovery and AI inventory?

A: AI discovery finds what exists, including shadow AI and embedded features. AI inventory turns that finding into a governed record with ownership, access context, and risk data. Discovery answers “what is out there,” while inventory answers “who is responsible, what can it reach, and how should it be controlled.”

Q: Why do AI agents create new risk for IAM and NHI programmes?

A: Because they can execute actions, inherit permissions, and connect to sensitive systems without a human acting each time. That shifts risk from static account management to runtime behaviour, delegated access, and lifecycle control. IAM programmes must therefore track both the agent and the identities it uses.

Q: How can organisations reduce shadow AI risk without blocking adoption?

A: Start by discovering every AI tool and enriching it with owner, data access, and integration details. Then approve, restrict, or retire assets based on exposure rather than assumptions. This lets teams keep useful AI in production while removing the unmanaged paths that create avoidable risk.

Technical breakdown

AI discovery vs AI inventory: why both are needed

AI discovery identifies what is present. AI inventory turns that discovery into a governed record with ownership, purpose, permissions, and risk context. In practice, discovery can surface SaaS applications with embedded AI, autonomous agents, or OAuth-connected workflows, but it does not explain whether those assets are approved, monitored, or tied to a responsible team. Inventory adds the control layer. For NHI governance, that distinction matters because the same agent can be benign in one business context and high risk in another depending on its scopes, tokens, and data reach.

Practical implication: Treat discovery as intake and inventory as the control plane, not as interchangeable steps.

Why enrichment changes the security value of discovery

Raw discovery tells you a name or connection. Enrichment adds the details that security teams need to judge exposure, such as purpose, provider, embedded AI features, permission patterns, and typical integration behaviour. That context is what lets teams decide whether a tool is shadow AI, an approved service, or an unmanaged NHI. Without enrichment, inventories become spreadsheets of labels with no operational meaning. For IAM leaders, enrichment is the bridge between asset identification and policy enforcement, especially when AI tools inherit privileges from existing SaaS and API relationships.

Practical implication: Require enrichment fields that support ownership, access review, and policy decisions before any AI asset is accepted into inventory.

How AI inventories reduce NHI and OAuth risk

AI tools often connect through API keys, OAuth grants, service accounts, and other non-human identities. Those relationships create hidden access paths that can persist even when the original app seems low risk. A complete inventory must show which identities are linked to each tool, what data they can reach, and whether those permissions exceed the task. This is where AI governance intersects directly with NHI management. If teams cannot trace the identity chain behind an AI integration, they cannot confidently answer who can act, what can be touched, or how to revoke access safely.

Practical implication: Map every AI asset to its underlying identities and access paths before assigning a risk rating.

Threat narrative

Attacker objective: The attacker seeks to exploit unmanaged AI-related identities and integrations to reach sensitive systems while avoiding detection and policy enforcement.

1. Entry occurs when employees adopt AI tools or enable embedded AI features through SaaS and OAuth connections without central review.
2. Escalation follows when those tools inherit permissions through service accounts, API keys, or delegated access that were never scoped for autonomous behaviour.
3. Impact is unauthorised access to sensitive data, unmanaged automation, and blind spots that prevent reliable audit or containment.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI discovery has become an identity governance problem, not just an asset management task. Once AI systems can act, connect, and inherit permissions, they behave like non-human identities that must be owned and reviewed. The core failure is not lack of tooling alone, but lack of governance around what has execution authority and what it can reach. Practitioners should treat every AI asset as a governed identity until proven otherwise.

Inventory enrichment is the difference between visibility and control. A list of AI tools is useful for reporting, but it is not enough to support access decisions, risk review, or deprovisioning. Security teams need context on data access, integration paths, and responsible ownership before they can apply policy. Without that context, the organisation can count AI assets but still fail to govern them.

Shadow AI expands the NHI problem faster than traditional onboarding processes can absorb. Employee-led experimentation and embedded SaaS features create new identities and access paths outside established review cycles. That means lifecycle governance must extend beyond humans and servers to autonomous software actors. The practical conclusion is that NHI programmes need intake, classification, and periodic recertification for AI systems as a standard control.

AI inventories will become a baseline control under compliance pressure. The article’s EU AI Act reference points in the right direction, but the deeper issue is operational accountability. Regulators, auditors, and incident responders will all expect organisations to show what AI exists, who owns it, what it can access, and how it is retired. Practitioners should build inventories that survive audit, not just presentations.

From our research:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• Use 52 NHI Breaches Analysis to connect inventory gaps to real breach patterns and identify where hidden identities typically fail first.

What this signals

Ephemeral visibility debt: the longer AI assets remain undiscovered, the more access paths harden around them. That means teams should expect discovery to reveal not just unused tools but live permissions that have already become embedded in workflows, which makes delayed inventory work more expensive to unwind.

With 98% of companies planning to deploy even more AI agents within the next 12 months, the programme risk is accumulation, not experimentation. Discovery and inventory must scale as continuously refreshed controls, not as a one-time project; otherwise, the governance gap grows faster than remediation capacity.

Security teams should align AI inventory work with lifecycle control and zero trust principles, using NIST AI Risk Management Framework guidance where governance and accountability must span the full AI operating model.

For practitioners

• Build a complete AI asset intake process Capture every AI tool, embedded feature, agent, and integration as it appears, including SaaS discoveries and employee-enabled experiments. Feed each record into a governed workflow that records owner, department, purpose, and approval status.
• Enrich each asset with identity and access context Record the linked service accounts, OAuth grants, API keys, and permissions for every AI-related asset. This gives IAM and NHI teams the minimum information needed to assess blast radius and revoke access safely.
• Classify shadow AI by exposure and business criticality Do not rely on labels alone. Rank unmanaged AI based on data sensitivity, integration depth, and whether it can perform actions independently, then prioritise remediation for the highest-risk items.
• Add periodic recertification to AI governance Review AI owners, permissions, and active integrations on a fixed schedule so stale assets do not retain access indefinitely. Tie recertification to NHI lifecycle management and access review processes.
• Connect discovery to revocation playbooks Make sure every discovered AI identity can be disabled, rotated, or removed through documented workflows. If an asset cannot be safely turned off, it is not fully governed.

Key takeaways

• AI discovery is the starting point, but inventory is the control layer that makes governance possible.
• AI tools that act autonomously must be tracked like non-human identities, with ownership and access paths documented.
• Shadow AI and delegated access create hidden exposure unless teams continuously enrich, recertify, and revoke with discipline.

Key terms

• AI Discovery: AI discovery is the process of automatically finding AI tools, embedded features, agents, and integrations operating in an environment. It provides the first visibility layer for governance, but it does not by itself explain ownership, permissions, or risk.
• AI Inventory: An AI inventory is a governed record of all AI-related assets, enriched with owner, purpose, access, and risk context. It turns discovery into something security, compliance, and IAM teams can use to make approval, review, and revocation decisions.
• Shadow AI: Shadow AI is AI technology that exists or operates without formal visibility, approval, or oversight. It often enters through employee experimentation or embedded SaaS features, creating unmanaged access paths that can bypass normal control processes.
• Non-Human Identity: A non-human identity is any service account, token, certificate, workload, bot, or AI agent that can authenticate and act in an environment. In practice, these identities need lifecycle, ownership, and access governance because they can create persistent risk when left unmanaged.

Deepen your knowledge

AI discovery, identity context, and inventory governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building an AI governance programme from a similar starting point, it is worth exploring.

This post draws on content published by Wing Security: From AI Discovery to Full Inventory, Building the Foundation for Safe AI Adoption. Read the original.