AI governance spending rises, but the authorization gap remains

At a glance

What this is: This is an opinion-led analysis of Gartner's AI governance research, with the key finding that visibility and compliance are not the same as runtime authorization.

Why it matters: It matters because IAM teams now have to govern AI agents, workloads, and human access with continuous authorization models instead of relying on point-in-time audits.

By the numbers:

• Gartner projects that AI governance spending will hit $492 million in 2028 and surpass $1 billion by 2030.
• AI regulation will quadruple, extending to 70% of the world's economies by the end of the decade.

👉 Read EnforceAuth's analysis of the AI governance authorization gap

Context

AI governance has become a visibility problem, but security teams are treating it as if reporting and control were the same thing. Point-in-time audits can show what an AI system touched, yet they do not continuously decide what that system is allowed to do at the moment of action.

For IAM and security programmes, that distinction matters because AI agents, workloads, and delegated services now behave like non-human identities with changing context. A governance stack that stops at inventory and compliance tracking leaves the enforcement layer unresolved.

The article's core argument is that the market is moving toward AI governance, but the operating model still needs runtime authorization. That starting point is typical of where many enterprises are today: visible on paper, but weak at enforcement in practice.

Key questions

Q: How should security teams implement AI authorization alongside AI governance?

A: Security teams should split the problem into two layers. Governance handles inventory, risk, and compliance evidence, while authorization enforces what an AI system may do at runtime. The control target is every meaningful action, not just the login event. If the policy cannot be enforced continuously, it is not governing behaviour, only recording it.

Q: Why do point-in-time audits fall short for AI systems?

A: Point-in-time audits only capture a snapshot of access and behaviour, but AI systems can change context between actions. A workflow may start under one permission set and finish under another. That makes periodic review too slow to catch drift in time. Continuous authorization closes that gap by reassessing access as the system acts.

Q: What do security teams get wrong about AI safety controls?

A: Teams often assume content filters, guardrails, and alignment checks also secure operations. They do not. AI safety controls limit what a system says, while authorization limits what it can access and execute. When those are conflated, an AI can remain polite and still be over-entitled, overconnected, or able to trigger downstream action.

Q: Who is accountable when AI governance fails at runtime?

A: Accountability sits with the team that owns the authorization decision, the policy lifecycle, and the operational controls around AI action. Compliance and model-risk functions may document the posture, but they do not enforce it. If the policy lives as fragile configuration, the organization is accountable for the failure mode created by that design.

Technical breakdown

AI governance vs AI authorization

AI governance and AI authorization solve different problems. Governance focuses on inventory, risk scoring, policy tracking, and compliance evidence. Authorization enforces what an AI system is allowed to do at the moment it attempts an action. The gap appears when teams assume that observing behaviour is the same as constraining behaviour. In practice, a system can be fully catalogued, policy-reviewed, and still be over-entitled at runtime. That is why continuous enforcement matters more than retrospective reporting when AI agents are acting across apps, data, infrastructure, and other models.

Practical implication: separate your governance controls from your runtime enforcement layer and test both against the same AI workflow.

Point-in-time audits and continuous authorization

Point-in-time audits are snapshots, not operating controls. They can confirm that a system was compliant at a moment in time, but they cannot keep pace with changing data sensitivity, updated policy, or shifting agent context. Continuous authorization treats identity as a live decision state rather than a one-time gate. For AI agents, this is especially important because their permitted scope can change between tasks, sessions, or downstream tool calls. Without continuous checks, the policy decision becomes stale before the work finishes.

Practical implication: design authorization controls that re-evaluate access at each meaningful action, not only at login or deployment.

Policy-as-code for AI workloads

Policy-as-code turns authorization rules into versioned, testable assets rather than manual configuration. That matters because AI workloads change quickly and teams need an auditable way to review, test, and transport policy across environments. When policies live in code, they can be checked into source control, evaluated in CI/CD, and carried across platform changes with less fragility. This is especially relevant when an organization is trying to avoid lock-in while enforcing consistent decisions for applications, infrastructure, data, and AI workloads.

Practical implication: move AI authorization rules into version control so they can be reviewed, tested, and ported if the platform changes.

Breaches seen in the wild

• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
• Schneider Electric credentials breach — exposed credentials gave attackers access to Schneider Electric Jira, exfiltrating 40GB.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

The authorization gap is the real control failure in AI governance. The article correctly separates observation from enforcement, and that separation now defines the market. Inventory, risk tracking, and compliance reporting tell you what exists, but they do not decide what an AI system may do at runtime. Practitioners should treat runtime authorization as the missing security layer, not an optional enhancement.

Point-in-time audit logic breaks down when AI context changes continuously. The governance model behind audits was designed for stable identities and review cycles, not actors whose scope can shift between actions. When an AI system can access one dataset in the morning and a different one later, the assumption that a periodic review captures the real state no longer holds. The implication is that certification cadence alone cannot govern AI behaviour.

Continuous identity: the assumption that authorization can be verified once and trusted thereafter was designed for static access patterns. That assumption fails when AI agents make runtime decisions across changing contexts, because access scope and execution timing move faster than review cycles. The implication is that governance programmes must rethink the meaning of a valid authorization state.

Policy portability is becoming a governance requirement, not a convenience. The article's consolidation warning is directionally right because authorization rules that live only as vendor-specific configuration are fragile under acquisition, product change, or platform drift. In identity terms, this is about preserving control continuity when the control plane itself changes. Practitioners should assume vendor transitions are part of the threat model for AI governance architecture.

AI safety and AI security are being conflated, and that creates blind spots. Content filters and alignment controls address what an AI says, while authorization governs what it can do. Treating them as the same discipline leaves over-permissioned workflows untouched. For identity teams, the practical conclusion is to evaluate AI governance through both behavioural safety and enforceable access boundaries.

From our research:

• 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
• Our research also shows that 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, which is why runtime trust boundaries are becoming harder to defend.
• For a broader governance lens, see Ultimate Guide to NHIs , Regulatory and Audit Perspectives for how audit expectations change when access must be enforced continuously.

What this signals

Runtime authorization is becoming the differentiator for AI governance programmes. Teams that stop at inventory and compliance will keep producing reports that say what exists, not what is safe to do. The programme signal to watch is whether policy decisions can be re-evaluated as context changes, because static approval models will age badly as AI adoption expands.

Continuous enforcement will increasingly shape procurement and architecture choices. Buyers will ask where the policy lives, how it moves across environments, and whether it survives platform change. That is not a tooling preference, it is a governance resilience question, and it will matter more as acquisition and consolidation reshape the market.

The governance language around AI is converging with NHI discipline because both now need operational boundaries, not just inventories. For teams managing mixed human, machine, and AI access, this is a cue to tighten policy portability and define where runtime decisions are made.

For practitioners

• Separate governance from enforcement Map inventory, risk, and compliance controls to governance, then document the runtime authorization control that actually blocks or allows each AI action. If you cannot name the enforcement point, the control is observational only.
• Test for continuous authorization Review each AI workflow for the exact moments where context changes, such as data classification, tool selection, or downstream delegation, and require a fresh authorization decision at those points. Do not rely on login-time approval alone.
• Move policy into code Store AI authorization logic in version control so teams can review changes, test policy before release, and preserve portability across platform shifts. This reduces dependence on opaque configuration states.
• Evaluate policy portability before consolidation events Ask where your current policy rules live, how they are exported, and whether a product change would strand your enforcement layer. Treat portability as a selection criterion for AI governance architecture.

Key takeaways

• AI governance that stops at visibility leaves the real security decision unresolved at runtime.
• Point-in-time audits and compliance reporting are too slow for AI systems whose context changes continuously.
• Practitioners should separate governance from authorization and make policy portable before consolidation changes the stack.

Key terms

• AI authorization: AI authorization is the runtime control that decides what an AI system may access or execute at the moment it acts. It goes beyond inventory and compliance because it enforces policy continuously, including across changing context, downstream tools, and delegated actions.
• Continuous identity: Continuous identity is the practice of treating access as a live decision state instead of a one-time login event. For AI and other non-human identities, it means permissions can be re-evaluated as context changes, so trust does not persist beyond the conditions that justified it.
• Policy-as-code: Policy-as-code is the practice of writing authorization rules as versioned code rather than manual configuration. It supports review, testing, auditability, and portability, which matters when identity controls need to survive fast-moving AI deployments or platform changes.

Deepen your knowledge

AI authorization, continuous enforcement, and policy-as-code are covered in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are adapting identity governance for AI systems, it is a practical next step.

This post draws on content published by EnforceAuth: Gartner's AI governance research and the authorization gap analysis. Read the original.