AI-driven IGA reshapes identity governance and attack response

At a glance

What this is: This is Omada Identity’s view of how AI-driven IGA is changing identity governance as attackers target HR, contractor, and non-human identity pathways.

Why it matters: It matters because IAM teams now have to govern human, NHI, and emerging agentic behaviours through one lifecycle and control model rather than separate operating assumptions.

👉 Read Omada Identity’s take on AI-driven IGA and identity governance

Context

Identity governance is no longer just an access administration problem. The article argues that attackers increasingly target identity systems themselves, especially contractor and HR workflows, because they can be used to create apparently legitimate access rather than break into applications directly.

That shift matters for IAM and NHI programmes because the trust model has widened. Human accounts, service identities, and AI-enabled response paths are now part of the same governance surface, which means provisioning, anomaly detection, and lifecycle control can no longer be treated as separate disciplines.

Key questions

Q: How should security teams handle identity governance when HR and contractor systems are entry points?

A: Security teams should treat HR and contractor records as security-sensitive inputs, not just administrative data. That means validating source changes, adding exception review for unusual updates, and blocking automated provisioning when identity data is incomplete or inconsistent. The goal is to stop attackers from turning trusted business workflows into access creation paths.

Q: Why do non-human identities increase identity governance risk?

A: Non-human identities increase risk because they often hold elevated permissions, run at scale, and are not managed with the same lifecycle discipline as human accounts. A single exposed credential or stale entitlement can affect many systems quickly, which expands blast radius and shortens the time available to detect misuse.

Q: What do teams get wrong about AI in IGA?

A: Teams often assume AI is only a productivity layer, when it may also influence or execute identity decisions. That creates accountability gaps unless organisations define which actions AI may recommend, which it may perform, and how every action is audited and reversed if needed.

Q: Who should be accountable when agentic AI triggers an access lockdown?

A: Accountability should remain with the business and security owners who defined the policy and approved the automation. AI can detect anomalies and execute bounded actions, but it cannot own governance responsibility. Organisations need clear approval chains, audit logs, and rollback procedures for any machine-originated identity action.

Technical breakdown

Why HR and contractor systems are high-value identity entry points

Identity systems often inherit trust from upstream business processes, especially HR and third-party onboarding. When an attacker can alter employee records or contractor status, downstream provisioning treats that record as authoritative and grants access through normal workflows. The failure is not just weak authentication. It is the overreliance on identity source systems as unverified truth. In practice, that turns an identity platform into an access amplifier if validation, review, and exception handling are weak.

Practical implication: verify the integrity of HR and contractor feeds before they can trigger provisioning or access changes.

How AI changes IGA decision support and response

The article describes AI in IGA as doing more than automation. Machine learning can cluster access patterns, generative AI can suggest policy design, and agentic AI can detect anomalies and trigger lockdown actions. That means AI becomes part of the governance decision chain, not just a reporting layer. Once AI is allowed to recommend or execute responses, the quality of the underlying identity data and the accountability for each action become critical control points.

Practical implication: define approval, audit, and rollback rules for any AI-driven governance action before production use.

Why non-human identities increase blast radius in identity governance

Non-human identities such as APIs, workloads, RPAs, and AI agents often carry elevated permissions because they are built for machine-to-machine work. That makes them efficient but also dangerous when their credentials, entitlements, or lifecycle controls are weak. The risk is not only access misuse. It is that these identities often operate at scale, so one compromised credential can affect multiple systems, pipelines, or decisions faster than a human account usually would.

Practical implication: inventory high-privilege machine identities and tie each one to an owner, purpose, and explicit expiry.

Threat narrative

Attacker objective: The attacker wants legitimate-looking access that bypasses direct application attack paths and gives them control through trusted identity workflows.

1. Entry occurs when attackers compromise a contractor system or manipulate HR records so downstream systems treat them as legitimate identities.
2. Escalation follows when automated provisioning grants access based on that tainted source data, allowing the attacker to move through normal identity workflows.
3. Impact occurs when elevated or inherited access is used to reach internal systems, create fraudulent accounts, or lock down compromised identities at scale.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Identity governance is becoming a control plane for trust, not just access. When attackers can abuse HR records, contractor onboarding, and machine identities, IGA is no longer a back-office workflow layer. It becomes the system that decides whether an identity is real enough to receive power. That makes data integrity, exception handling, and source-of-truth validation central to governance. Practitioners need to treat identity input quality as a security control, not an administrative detail.

Agentic AI changes the governance question from automation to accountability. The article frames AI as able to recommend actions and trigger lockdowns, which means decision support is shifting toward executable governance. That is useful only if every AI-assisted action remains attributable, auditable, and reversible. The field now has to govern not just who gets access, but which identity decisions can be machine-originated and under what assurance model.

Non-human identity sprawl is now an identity blast radius problem. The article’s own framing reflects a broader reality: hundreds of machine identities can exist for every human one, and many hold elevated permissions. Identity blast radius: this is the compounding impact created when one compromised trust point cascades into many access paths. The implication is that identity governance must measure how far one credential or policy failure can spread, not just whether a control exists.

Legacy IGA thinking breaks when identity is treated as a static record. The “blockbuster mindset” the article critiques is really a governance mismatch. Modern identity environments are dynamic, distributed, and increasingly machine-driven, so lifecycle and entitlement decisions must be continuously revalidated. Programmes that still assume stable roles and predictable joiner-mover-leaver patterns will miss the operational reality of hybrid identity estates.

AI needs accountable identity, and accountable identity needs human ownership. The article’s emphasis on “AI needs AI” still ends at accountable individuals, which is the right governance boundary. AI can help detect anomalies and accelerate response, but it cannot own the risk it acts on. Practitioners should interpret agentic governance as a delegation problem first and a tooling problem second.

From our research:

• Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, according to The State of Non-Human Identity Security.
• 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
• That visibility gap is why teams should pair identity inventory with lifecycle control, as explored in Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs.

What this signals

Identity programmes will increasingly be judged on their ability to validate source data, not just provision access. As HR, contractor, and machine identity flows converge, the control question shifts toward provenance and exception handling. Teams that still optimise only for request fulfilment will miss the more important signal, which is whether the identity data entering the system can be trusted at all.

Non-human identity growth will force a new way of thinking about blast radius. With hundreds of machine identities for every human one, the issue is no longer just count. It is how many systems and privileged actions each identity can reach, and whether the organisation can see and own those dependencies before an incident exposes them.

If your programme is moving toward AI-assisted governance, anchor that change in identity lifecycle discipline and auditing, not in promises of speed. Framework alignment with the NIST Cybersecurity Framework 2.0 and the OWASP Agentic AI Top 10 is useful only when the underlying identity records, entitlements, and approvals are already under control.

For practitioners

• Validate upstream identity sources Require stronger verification for HR, contractor, and third-party feeds before they can create or modify access. Treat those sources as security-relevant inputs and add review steps for suspicious changes before provisioning executes.
• Tie every machine identity to an owner Map each non-human identity to a named business purpose, technical owner, and expiry condition. Remove orphaned service accounts, API keys, and workload credentials that no longer have an explicit operational justification.
• Control AI-assisted governance actions Separate AI recommendations from executable identity actions, then log who approved, what was changed, and how rollback would work. If an AI system can trigger lockdown or provisioning changes, the response path must be auditable end to end.
• Measure identity blast radius Rank identities by the number of systems, workflows, and privileged actions they can reach. Use that view to prioritise review of contractor, HR-linked, and high-privilege machine accounts before broadening to lower-risk populations.

Key takeaways

• The article’s core warning is that identity systems themselves can become attack paths when HR, contractor, or machine identity data is trusted too readily.
• The scale issue is not abstract, because machine identities already outnumber human identities by hundreds to one in the article’s framing.
• AI-assisted IGA only improves security when organisations preserve human accountability, auditability, and lifecycle control around every executable identity action.

Key terms

• Non-Human Identity: A non-human identity is any machine or software identity used to authenticate and authorise actions in digital systems. It includes service accounts, API keys, tokens, certificates, workloads, bots, and AI agents when they act on behalf of a process or task. These identities need lifecycle governance, ownership, and monitoring just like human accounts.
• Identity Blast Radius: Identity blast radius is the amount of downstream access, systems, and business process impact that one identity or credential failure can create. It is a practical way to measure how far a compromise can spread when permissions are broad, inherited, or poorly segmented across integrated systems.
• Agentic AI Identity: Agentic AI identity is the identity model used for AI systems that can choose actions, select tools, and execute tasks with limited or no human approval. The governance challenge is not only authentication but also accountability, permission scoping, and auditability for decisions made at runtime.
• Source-Of-Truth Trust: Source-of-truth trust is the assumption that a business record, such as HR or contractor data, is accurate enough to drive downstream identity decisions automatically. In practice, this assumption must be validated because attackers can abuse trusted records to create legitimate-looking access paths.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Omada Identity: Gartner Security and Risk Management Summit, Omada’s take on AI-driven IGA. Read the original.