TL;DR: 91% of organisations still say at least half of privileged access is always on, while only 1% have fully implemented just-in-time privileged access and 45% apply the same controls to AI agents as to humans, according to CyberArk research. That combination turns privilege sprawl into a structural governance problem, not a tooling gap.
At a glance
What this is: CyberArk’s research says privileged access remains heavily always-on, with AI identities widening an already persistent control gap.
Why it matters: This matters because IAM, PAM, and NHI programmes now have to govern humans, machines, and AI-driven identities with different privilege patterns and risk profiles.
By the numbers:
- Only 1% have fully implemented a modern Just-in-Time privileged access model.
- 91% report that at least half of their privileged access is always-on, providing unrestricted, persistent access to sensitive systems.
- 45% apply the same privileged access controls to AI agents as they do to human identities.
👉 Read CyberArk's research on the privilege reality gap for AI and cloud
Context
Privileged access governance breaks when organisations treat standing access as the default. In environments where AI-driven identities, service accounts, and human administrators all reach sensitive systems, always-on privilege creates a larger attack window and weakens the logic behind least privilege.
CyberArk’s research shows that many teams still rely on access models built for slower, more predictable operating patterns. The result is not just more privilege, but more shadow privilege, with unmanaged accounts, fragmented tools, and inconsistent policies making it harder to see who or what can act in production.
Key questions
Q: How should security teams reduce always-on privileged access in cloud environments?
A: Start by identifying which privileged accounts truly need persistent access and which can be moved to just-in-time elevation. Focus first on production systems, admin roles, and secrets that unlock multiple services. The goal is to make standing privilege the exception, not the operating model, and to remove access as soon as the task is complete.
Q: Why do AI agents complicate privileged access governance?
A: AI agents complicate privileged access governance because they can act at runtime and execute sensitive tasks faster than human review workflows can keep up. If teams apply human-style controls by default, they miss the fact that the identity may need separate privilege boundaries, session rules, and escalation logic based on behaviour rather than user role.
Q: What breaks when organisations manage human and machine privilege the same way?
A: What breaks is accountability. Human access often assumes a person can be reviewed, questioned, or certified within a predictable operating cycle, while machine and AI identities may change state faster or persist in hidden ways. When the same control model is used for both, excessive access and ownership gaps are more likely to go unnoticed.
Q: Who should own privileged access risk when identity tools are fragmented?
A: The IAM or PAM function should own the operating model, but cloud, platform, and application teams must share accountability for the identities they create and the secrets they expose. Fragmentation makes no one fully responsible unless ownership is tied to each account, tool, and production pathway.
Technical breakdown
Always-on privilege versus time-bound access
Always-on privilege means credentials or entitlements remain usable continuously rather than being issued only for a specific task. In modern infrastructure, that creates a standing exposure surface across cloud consoles, production systems, and automation paths. Just-in-time access narrows that window by provisioning privilege only when needed and removing it after use. The architectural issue is not convenience, but whether access remains live longer than the action it was granted for. When it does, incident blast radius grows and review cycles become less effective because the risky state persists by design.
Practical implication: reduce standing privilege for sensitive systems and reserve persistent access only for tightly controlled exceptions.
Why AI agents break human-style privileged access controls
AI agents can execute actions at runtime, select tools, and move through workflows faster than human approval processes are designed to handle. If they are governed with the same privileged access assumptions as people, the programme treats machine-paced activity as if it were human-paced. That mismatch is where access policy, workflow control, and accountability begin to drift apart. The key distinction is not whether the identity is digital, but whether its actions are bound to a predictable human session or to an independent runtime sequence that can change without notice.
Practical implication: assign privilege controls based on actor type and runtime behaviour, not on whether the identity is simply labelled as an AI user.
Shadow privilege, tool sprawl, and governance blind spots
Shadow privilege is the accumulation of unmanaged, unknown, or unnecessary privileged access over time. It tends to grow when multiple tools manage overlapping scopes, when access reviews are slow, and when teams bypass controls to keep delivery moving. That combination makes governance look present while actual control quality degrades. The more fragmented the privilege stack becomes, the harder it is to prove who owns an account, which secrets are still valid, and whether the access path should exist at all. Visibility is therefore a prerequisite to privilege reduction, not a reporting afterthought.
Practical implication: map privileged accounts, secrets, and tool ownership together before attempting any meaningful access rationalisation.
NHI Mgmt Group analysis
Always-on privilege is the control gap this research exposes. Access models built around persistent entitlements assume that privilege can remain live until a review catches it. That premise fails when production systems, machines, and AI-driven identities all operate under faster execution patterns and narrower operational contexts. The implication is that privilege governance must be judged by how quickly access can be narrowed, not by how many controls exist on paper.
Shadow privilege is now an infrastructure condition, not an edge case. The combination of unmanaged accounts, unknown secrets, and fragmented identity tools creates an environment where excess access quietly becomes the norm. This is where PAM, NHI governance, and identity lifecycle controls meet the same failure mode: nobody has a complete, current picture of what can act in production. Practitioners should treat this as a visibility and ownership problem before it becomes an incident problem.
AI-driven identities expose the assumption that privileged access can be governed like human access. The article shows that 45% of organisations still apply the same privileged access controls to AI agents as to human identities. That assumption was designed for human-paced approval and review workflows. It fails when an identity can initiate and complete sensitive actions at runtime without a comparable human operating rhythm. The implication is that identity governance has to separate actor type from policy inheritance.
Privilege modernisation is becoming a consolidation problem as much as a control problem. When 88% of organisations manage multiple identity security tools, governance breaks across the seams between discovery, control, and review. Fragmentation makes it harder to enforce least privilege consistently across human, machine, and AI estates. The field is moving toward integrated privilege governance, but the real test is whether those platforms can reduce standing access and eliminate blind spots in one operating model.
Identity blast radius: The decisive issue is no longer just whether privilege exists, but how far it can spread before detection or removal. That concept matters across human IAM, NHI controls, and AI agent governance because the same account may unlock multiple systems, secrets, and delegated actions. Practitioners need to measure the blast radius of each privilege path, then shrink the paths that can reach production without time-bound constraint.
From our research:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
- For a wider breach-pattern view, see 52 NHI Breaches Analysis for real-world root cause patterns and control failures.
What this signals
Shadow privilege is becoming a programme-level metric, not just an access review finding. When privileged access is spread across multiple tools and identity types, teams need to measure how quickly they can locate, justify, and remove access. The practical question is whether your governance model can shrink privilege faster than the environment can create it. See also Ultimate Guide to NHIs - Key Challenges and Risks.
The next maturity step is not broader approval workflows, but tighter privilege boundaries aligned to actor type and runtime behaviour. That means human, NHI, and AI-driven access paths should not inherit the same assumptions about session length, review cadence, or escalation. For reference, NIST Cybersecurity Framework 2.0 places governance and control accountability at the centre of operational resilience.
For practitioners
- Inventory standing privilege across all identity types Build a single view of privileged accounts, service identities, and AI-driven access paths so you can see where persistent access still exists. Prioritise production systems, admin roles, and secrets that remain valid outside explicit task windows.
- Move high-risk access to just-in-time issuance Use time-bound elevation for sensitive actions rather than leaving privilege continuously available. Start with admin access, break-glass paths, and identities that can reach production data or orchestration tools.
- Separate AI agent controls from human access policies Do not inherit human approval patterns automatically for AI-driven identities. Define privilege, session boundaries, and escalation rules by runtime behaviour and task scope, then review whether an AI identity needs access at all.
- Reduce tool fragmentation in identity governance Consolidate discovery, entitlement management, and review workflows where possible so privileged access is not split across disconnected systems. Fragmentation hides ownership gaps and slows revocation when risk changes.
Key takeaways
- Always-on privileged access remains the main governance weakness because it keeps high-risk access live longer than the task that justified it.
- AI-driven identities widen the problem when teams apply human access controls to runtime actors that can act faster than review cycles can observe.
- The practical response is to shrink standing privilege, separate actor types in policy, and reduce tool fragmentation so ownership and revocation are clear.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Standing privilege and weak rotation are central to this research. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access governance maps directly to this control outcome. |
| NIST Zero Trust (SP 800-207) | The research aligns with zero trust's continuous verification model. |
Apply zero trust principles to privileged access by continuously verifying need, context, and session scope.
Key terms
- Just-in-time Privileged Access: Just-in-time privileged access is a model in which elevated rights are issued only when a specific task requires them and are removed when the task ends. It reduces standing exposure, narrows blast radius, and makes privilege decisions more context-aware for humans, workloads, and AI-driven identities.
- Shadow Privilege: Shadow privilege is unmanaged or unnecessary elevated access that accumulates outside normal governance processes. It includes accounts, secrets, and entitlements that are unknown, poorly owned, or left active after their original purpose has passed, creating hidden pathways into sensitive systems.
- Standing Privilege: Standing privilege is access that remains continuously available rather than being time-bound to a specific action or session. In identity governance, it is the opposite of least privilege in practice because it keeps sensitive capabilities live even when they are not immediately needed.
- Identity Blast Radius: Identity blast radius is the amount of damage an identity can cause if its access is misused or compromised. It depends on the breadth of entitlements, the number of systems reached, and how long access remains valid before detection or revocation.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or programme maturity, it is worth exploring.
This post draws on content published by CyberArk: the privilege reality gap in AI and cloud environments. Read the original.
Published by the NHIMG editorial team on 2026-01-08.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
