AI-driven identity governance is colliding with NHI sprawl

At a glance

What this is: This is Zluri’s RSA 2025 recap, and its key finding is that machine identities, shadow AI, and manual access reviews are exposing the limits of legacy identity governance.

Why it matters: It matters because IAM teams now have to govern non-human identities, human access, and automation-driven workflows together, or risk missing the controls that actually shape attack surface and compliance.

By the numbers:

• 2025 is the year when machine identities outnumber humans by 45:1.
• Over 60% of IT resources in a typical organization exist as either unmanaged or shadow IT.
• The automated access reviews module has helped my team save 90% of our time for SOC2 audits.

👉 Read Zluri's RSA 2025 analysis of AI identity governance and NHI sprawl

Context

RSA 2025 put a familiar identity problem in sharper focus: enterprises still rely on governance models built around people, while the access surface is increasingly dominated by machine identities, AI systems, and unmanaged application sprawl. In that environment, identity governance is no longer just about certification cadence. It is about whether organisations can even see who or what has access, how that access is used, and whether they can act before risk becomes durable.

The article frames AI as a force multiplier for identity work, but the deeper issue is governance fit. Manual reviews, incomplete discovery, and directory-centric tooling all struggle when access is dynamic, cross-platform, and increasingly non-human. NHIMG’s view is that this is a lifecycle and visibility problem first, and an automation problem only after the estate is correctly classified.

Key questions

Q: How should teams govern non-human identities when access is scattered across SaaS and AI tools?

A: Start by inventorying identities outside the human directory, then map each one to an owner, purpose, and revocation path. Governance works only when service accounts, tokens, certificates, and AI-connected applications are visible enough to certify and remove. Without that baseline, access reviews become paperwork rather than control.

Q: Why do shadow AI tools create more identity risk than ordinary application sprawl?

A: Shadow AI often brings hidden identity relationships with it, such as OAuth grants, embedded secrets, and delegated API permissions. Those connections can create durable access to data and workflows even when the application itself looks harmless. The risk is not just the tool, but the ungoverned entitlement path behind it.

Q: What do security teams get wrong about automating access reviews?

A: They often automate the decision process before fixing the entitlement data behind it. If ownership, usage, and access context are stale or incomplete, automation scales bad inputs and produces false confidence. Effective review automation depends on trustworthy identity telemetry and a closed-loop remediation path.

Q: How can organisations tell whether identity governance is actually reducing risk?

A: Look for faster revocation, fewer orphaned identities, higher-quality ownership data, and review decisions grounded in usage evidence rather than static lists. If access issues are still discovered late or remain unresolved after reviews, the programme is generating compliance artefacts but not governance outcomes.

Technical breakdown

Why directory-centric IGA misses machine identity sprawl

Traditional IGA assumes the identity source of record is a human directory or HR system, then builds access review and certification around that record. That model works poorly for service accounts, API keys, certificates, access tokens, and AI agents because many of those identities are created outside HR, used outside business hours, and never appear in a clean joiner-mover-leaver flow. The result is discovery drift, where the organisation knows some identities exist but cannot map them to actual usage, ownership, or revocation paths.

Practical implication: teams need discovery methods that find non-human identities outside the IdP and HRMS stack.

Shadow AI and shadow IT create blind access paths

Shadow AI is not just another application sprawl issue. It combines unmanaged software adoption with hidden identity relationships, often through OAuth connections, embedded secrets, or unsanctioned automations that can read, write, or exfiltrate data. Once an application is connected, the risk is no longer the app itself but the entitlement path it creates. That is why application discovery and access graphing matter more than static app inventories when AI tools are being adopted faster than governance can track them.

Practical implication: map third-party and AI application access paths before they become routine business dependencies.

Automated access reviews only work when entitlement data is current

Access review automation does not fix stale identity data. It accelerates decisions on top of the data it is given, which means incomplete entitlements, weak activity telemetry, and missing ownership all get amplified rather than corrected. In practice, review workflows need usage evidence, contextual activity, and remediation hooks. Without those inputs, organisations can produce compliance artefacts while leaving the underlying risk unchanged, especially in SaaS-heavy environments where entitlements change faster than periodic certification cycles.

Practical implication: automate reviews only after you can validate entitlement accuracy and remediation closure.

Threat narrative

Attacker objective: The attacker seeks durable access through identity blind spots that let hidden systems operate with more privilege than defenders can see.

1. Entry occurs through unmanaged software, hidden AI adoption, or identity sprawl that bypasses central governance.
2. Escalation follows when overextended entitlements, stale credentials, or opaque OAuth connections give those systems broad access to data and workflows.
3. Impact emerges as data theft, ransomware exposure, compliance failure, or unauthorised automation spreads across the environment.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• Sisense breach — unauthorized GitLab access led to exfiltration of access tokens, API keys and certificates.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Machine identity governance is now the primary stress test for legacy IAM. The article’s core signal is not that AI is changing security rhetoric, but that the access estate has moved beyond people as the default unit of governance. Service accounts, tokens, certificates, and AI agents all behave differently from human users, yet many programmes still try to manage them with the same review logic. The implication is that governance boundaries must be redrawn around identity type, not just application ownership.

Shadow AI is really shadow identity expansion. When an AI application is introduced, the governance failure is rarely the interface itself. The failure is the hidden access path behind it, often through delegated OAuth, embedded secrets, or unmanaged integrations. That is why visibility into connected identities matters more than app counts. Practitioners should treat every unmanaged AI adoption as a potential identity control gap until proven otherwise.

Manual access review debt is a control design problem, not just a process problem. The article correctly surfaces the pain of week-long certification cycles and email-heavy remediation, but the deeper issue is that review programmes were designed for slower, cleaner entitlement states. When access data is incomplete or stale, automation simply scales the error. The implication is that access governance must be built on trustworthy entitlement telemetry before review cadence can be considered effective.

Identity governance now spans human access, machine access, and automation workflows in one control plane. The most useful insight here is cross-domain: AI-driven governance only works when the organisation can correlate human approval, non-human execution, and workflow-based remediation. That is a lifecycle and assurance challenge, not a feature checklist. Practitioners should expect convergence in tooling, but not convergence in identity behaviour.

From our research:

• 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
• Another finding from our Ultimate Guide to NHIs shows that 97% of NHIs carry excessive privileges, which helps explain why hidden access becomes such a persistent control problem.
• If you are building the governance baseline behind this article, the NHI Lifecycle Management Guide is the natural next resource for ownership, rotation, and offboarding coverage.

What this signals

Ephemeral visibility is becoming the real governance metric. Once organisations cannot consistently see third-party OAuth relationships or hidden AI connections, the control problem shifts from certification to discovery. That means identity teams should measure how quickly they can map and revoke unknown access, not just how many reviews they can complete.

With 97% of NHIs carrying excessive privileges according to our Ultimate Guide to NHIs, the pressure on review programmes is structural rather than cyclical. Teams should expect more entitlements to be overbroad by default and design controls around reduction, not assumption of correctness.

Identity blast radius: the practical measure of how far a hidden credential, OAuth grant, or unmanaged automation can move before governance detects it. Practitioners should reduce that radius by tightening discovery, ownership, and revocation paths across SaaS, automation, and AI adoption.

For practitioners

• Inventory non-human identities outside the HR and IdP stack Search for service accounts, API keys, certificates, access tokens, and AI-connected applications that never pass through normal joiner-mover-leaver controls. Prioritise identities with no clear owner or no visible usage trail, then map them to business services and revocation paths.
• Trace shadow AI access paths to connected data sources Document every unsanctioned AI application, then identify the OAuth grants, embedded secrets, or delegated permissions that make it useful to the business. Focus on what data it can reach, not just whether the app was approved.
• Make access reviews evidence-based instead of form-based Use activity data, entitlement context, and remediation closure tracking so reviews can validate whether access is still needed. If the review cannot prove who used the entitlement and when, the result is compliance theatre rather than risk reduction.
• Automate remediation only after identity data is normalised Connect review workflows to authoritative entitlement and ownership data before scaling automation. Closed-loop actions should remove access, rotate secrets, or revoke connections only when the underlying record is accurate enough to support a safe decision.

Key takeaways

• AI-driven identity governance fails when the estate is dominated by machine identities that legacy IAM tools were never built to classify.
• The scale problem is already visible in the data, with machine identities outnumbering humans 45:1 and shadow IT still exceeding 60% in many environments.
• Enterprises need discovery, ownership, and closed-loop remediation before access review automation can produce reliable governance outcomes.

Key terms

• Non-Human Identity: A non-human identity is any machine, workload, token, certificate, service account, or agent that authenticates and acts in a digital system. In practice, these identities often outnumber humans and require lifecycle, ownership, and revocation controls that differ from employee access management.
• Shadow AI: Shadow AI is the use of AI applications or automations that are not fully known, approved, or governed by the organisation. The risk is not just unauthorized software, but hidden identity connections such as OAuth grants, secrets, and API permissions that extend access beyond intended boundaries.
• Access Review: An access review is a governance process used to confirm whether an identity still needs the access it holds. For machine and autonomous identities, it must rely on usage evidence, ownership, and remediation closure, because static entitlement lists alone do not show real risk.
• Closed-Loop Remediation: Closed-loop remediation means that identity issues are not only detected but also corrected through an enforced follow-through process. In identity governance, that can include revoking access, rotating secrets, or removing entitlements after a review or policy trigger, rather than leaving action to manual follow-up.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.

This post draws on content published by Zluri: Access Management AI and Identity Governance, What We Learned at RSAC 2025. Read the original.