TL;DR: AI adoption is exposing a gap between traditional third-party risk reviews and continuously changing AI systems, with the source arguing that governance must unite security, privacy, risk, legal, engineering, and the business around shared controls. Static assessments are no longer enough when vendors can introduce AI features quietly and models drift over time.
At a glance
What this is: This is an analysis of why AI governance needs to move beyond point-in-time third-party risk checks and toward continuous, cross-functional control.
Why it matters: It matters to IAM practitioners because AI systems increasingly inherit identity, access, and data governance questions through vendors, internal tools, and human-led adoption paths.
By the numbers:
- ~80% of AI initiatives may move through standard procurement and technical assessment, while the top tier requires deeper cross-functional evaluation.
👉 Read OneTrust’s analysis of AI governance and third-party risk management
Context
AI governance is becoming a control problem, not just a policy problem. Traditional third-party risk and security reviews were built for relatively static software, while AI systems can change behavior, data flows, and risk posture after deployment. That gap is why the primary challenge is no longer whether AI is present, but whether organisations can see it, classify it, and govern it across the full lifecycle.
For identity and access teams, the intersection is real even when the article is framed as governance. AI tools introduce new questions about data access, human review, delegated authority, vendor oversight, and the controls that should apply when systems act with more variability than conventional applications. That makes AI governance adjacent to IAM, NHI oversight, and broader security architecture rather than separate from them.
Key questions
Q: How should organisations govern AI usage when employees use unapproved tools?
A: Organisations should start with visibility, not enforcement. If teams cannot see which apps, agents, or workflows are being used, they cannot assess data exposure or apply meaningful controls. Once usage is mapped, policy can shift from blanket bans to context-based decisions that reflect sensitivity, role, and business purpose.
Q: Why do static third-party risk reviews fail for AI systems?
A: Static reviews assume the system and its data flows stay stable after approval, but AI systems can change behavior, outputs, and exposure over time. Vendors may alter features, internal users may adopt new tools informally, and model drift can change risk without a formal re-review. That makes point-in-time approval too shallow for real governance.
Q: What do security teams get wrong about AI access risk?
A: Many teams focus on the model while ignoring the identity path that reaches it. If a service account or token can invoke AI infrastructure, then that credential becomes the real control point. The mistake is treating AI risk as a model problem instead of an access governance problem.
Q: Who should own accountability for AI data access risk?
A: Accountability should sit with the teams that own identity, data governance, and security operations together. If AI can access enterprise data, then ownership must cover entitlement design, monitoring, and incident response across the full workflow. The governance gap is not just technical, because without a named owner, no one can prove who approved or contained the access.
Technical breakdown
Why AI risk is different from classic third-party risk
AI changes the risk model because it is not a fixed application with a stable control surface. Models can drift, vendors can alter features without much notice, and internal users can adopt tools before governance catches up. That makes discovery, classification, and reassessment fundamentally more difficult than checking a static vendor questionnaire. In practice, AI governance has to treat functionality, data exposure, and behavioral change as moving parts rather than one-time facts.
Practical implication: move AI into continuous review cycles instead of relying on intake forms and annual reassessments.
How a cross-functional AI governance operating model works
A workable AI governance model sits between innovation and control. Security, privacy, risk, legal, engineering, IT, and business teams each hold part of the decision, because AI risk spans acceptable use, data handling, model selection, and customer transparency. The committee structure matters less as a formality than as a mechanism for defining who can approve use cases, who owns monitoring, and what evidence is required before production use.
Practical implication: define decision rights, approval gates, and escalation paths before AI adoption spreads across teams.
Continuous monitoring for AI systems and vendor change
AI governance fails when organisations assume the control boundary stays still after deployment. The article rightly points to always-on oversight because vendor features, training practices, and data flows can change after the initial assessment. That is also where identity governance becomes relevant: if systems process customer data, call external services, or rely on delegated access, the control question is not just what the tool is, but what it can do today versus last month.
Practical implication: tie reassessment triggers to feature changes, data changes, and permission changes, not calendar dates alone.
NHI Mgmt Group analysis
AI governance debt is becoming a real operational risk: organisations that rely on static third-party reviews are building up unresolved exposure as AI features change faster than intake processes can track. The article’s core point is that AI risk is dynamic, so governance has to become a living control plane rather than a periodic compliance exercise. For practitioners, the lesson is that unmanaged AI visibility will quickly turn into unmanaged accountability.
Third-party AI discovery is now part of identity governance: when vendors embed AI silently, the practical problem is not only software inventory but authority, data access, and delegated control. That creates a direct bridge to IAM and NHI oversight because the question becomes who or what is allowed to invoke AI capabilities, move data into them, and act on their outputs. Practitioners should treat AI discovery as an extension of access governance, not a separate register.
Cross-functional governance is the only realistic operating model for AI at scale: the article is correct that security alone cannot set acceptable use, legal alone cannot manage technical drift, and engineering alone cannot own risk appetite. Shared governance is not bureaucracy here, it is the mechanism that aligns policy, controls, and business usage. For practitioners, the conclusion is to formalise joint ownership before AI use cases spread beyond pilot scope.
Continuous oversight is the named concept that matters most here: AI systems do not remain in the state they were assessed in, so governance built on a snapshot creates a false sense of control. The operating assumption that “we already reviewed this vendor” fails as soon as model behavior, prompts, integrations, or data handling changes. Practitioners should replace point-in-time approval with change-triggered review and evidence-based monitoring.
What this signals
AI governance will increasingly be measured by change detection, not policy volume: programmes that can identify when a vendor’s features, data handling, or model behavior changes will have a materially better control posture than those relying on annual reviews. That shift is especially relevant where AI systems intersect with delegated access, third-party integrations, and identity-driven workflows.
The practical signal for security leaders is that AI inventory and approval are no longer enough. Governance needs trigger-based reassessment, clear ownership, and an audit trail that ties feature changes to a control response, especially where AI touches access to sensitive data or acts through connected services.
For practitioners
- Build an AI intake control for vendor and internal tools Require teams to disclose whether a product uses AI, what data enters the system, whether outputs are human-reviewed, and whether model behavior can change after deployment. Capture those answers in the same workflow used for security and privacy review so hidden AI does not bypass governance.
- Extend third-party risk questionnaires to AI-specific change signals Add questions about model updates, feature drift, training data use, customer data retention, and notification timing when the vendor modifies AI functionality. Reassess whenever any of those conditions change, rather than waiting for annual renewal.
- Define decision rights for AI use cases before production Assign who approves acceptable use, who can block high-risk deployments, and which functions must remain human-reviewed. Include security, privacy, legal, engineering, and business owners in the same approval path so accountability is explicit.
- Treat AI discovery as an identity governance task Inventory where AI systems consume credentials, access customer data, or act on behalf of employees or services. Where those systems sit in workflows, map the identity, permission, and data boundaries together so the review captures delegated access as well as software risk.
Key takeaways
- AI governance breaks down when organisations treat fast-changing systems like static vendors.
- The biggest risk is not only hidden AI, but the lack of continuous visibility into how that AI changes after approval.
- Security teams should align AI discovery, third-party review, and identity governance into one operating model.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST AI RMF, NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, while ISO/IEC 27001:2022 and GDPR define the regulatory obligations.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST AI RMF | GOVERN | The article centres on governance operating models and accountability for AI risk. |
| NIST CSF 2.0 | GV.OV-01 | AI governance and third-party oversight map to CSF governance and risk monitoring. |
| NIST SP 800-53 Rev 5 | RA-3 | Risk assessment is central to AI intake, reassessment, and vendor change control. |
| ISO/IEC 27001:2022 | A.5.1 | Policies for AI use and oversight fit the ISMS policy and governance clause. |
| GDPR | Art.32 | AI tools handling personal data require security controls and continuous protection review. |
Reassess AI processing controls under Art.32 whenever data handling or vendor behavior changes.
Key terms
- AI Governance: AI governance is the set of controls used to discover, classify, approve, restrict, monitor, and revoke AI-enabled access. It connects identity, data, and policy so organisations can manage what AI can reach, what it can share, and when it should be stopped.
- Third-party AI risk: Third-party AI risk is the exposure created when external vendors embed AI into products, services, or workflows that an organisation relies on. The risk includes hidden model changes, unclear data handling, training use, and shifting control boundaries that can invalidate earlier assessments.
- Continuous monitoring: Continuous monitoring is the practice of watching for material changes in systems, vendors, and controls after approval has been granted. In AI environments, it matters because feature changes, model drift, and data-flow changes can alter risk long before the next scheduled review.
- AI Discovery: AI discovery is the process of automatically finding AI tools, embedded features, agents, and integrations operating in an environment. It provides the first visibility layer for governance, but it does not by itself explain ownership, permissions, or risk.
What's in the full article
OneTrust's full blog covers the operational detail this post intentionally leaves for the source:
- How the AI governance committee is structured across privacy, legal, security, engineering, and business functions.
- Specific intake and assessment questions for AI vendors, including data use, model updates, and transparency requirements.
- The step-by-step governance lifecycle for intake, assessment, and monitoring as AI features change over time.
- How organisations can use governance to support responsible scaling instead of slowing down adoption.
Deepen your knowledge
The NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, machine identity security, secrets management, and workload identity. It gives practitioners a practical baseline for connecting identity controls to broader security and governance programmes.
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org