AI identity governance gaps leave 56% facing shadow AI monthly

At a glance

What this is: This is Delinea's survey-based analysis of AI identity security, showing that confidence in current controls outpaces actual visibility and governance.

Why it matters: It matters because AI, machine identity, and human IAM programmes are converging on the same control plane, and weak AI governance now creates risk across all three.

By the numbers:

• 44% of organizations say their security architecture is fully equipped to support secure AI.
• 61% have full visibility into all machine identities to monitor for compromise.
• 48% have identity governance for AI entities.
• 56% report that they face shadow AI issues at least once a month.

👉 Read Delinea's report on AI identity security and secure AI governance gaps

Context

AI identity security is the discipline of governing which AI systems can act, what they can reach, and how those actions are monitored. Delinea's survey shows a familiar pattern in a new form: confidence is high, but governance and visibility lag behind actual deployment.

The first-order problem is not AI adoption itself. It is that identity programmes are being asked to cover machine identities, AI agents, and human access patterns at the same time, while many organisations still lack reliable control over the machine layer that underpins them.

That gap makes AI risk an identity governance issue, not just an application security issue. If security teams cannot see AI identities clearly, they cannot reliably assign scope, verify behaviour, or contain misuse when the system drifts outside its intended purpose.

Key questions

Q: How should security teams govern AI identities that can act at runtime?

A: Security teams should treat runtime AI behaviour as an identity governance issue, not only an application risk. That means inventorying AI entities, binding them to owners, limiting their reachable tools and data, and reviewing their access as workflows change. Static roles are rarely precise enough once an AI system can choose actions dynamically.

Q: Why do partial machine identity inventories create more risk for AI programmes?

A: Partial inventories leave unknown identities outside ownership, access review, and monitoring. In AI programmes, those blind spots can hide sanctioned agents, shadow deployments, or stale credentials that still reach data and APIs. The risk is not just loss of visibility. It is loss of control over who or what can act inside the environment.

Q: What do security teams get wrong about shadow AI?

A: They often treat shadow AI as a policy problem instead of a lifecycle problem. If an AI tool appears before ownership, review, and offboarding exist, the organisation may end up with persistent access paths that no one can clearly govern. The fix is not only prohibition. It is lifecycle control and identity tracking.

Q: When should organisations move beyond role-based controls for AI systems?

A: They should move beyond role-based controls when an AI system can choose actions, tools, or timing at runtime. In that case, static entitlements can become too broad for one task and too limited for another. Task-scoped, context-aware access is more defensible because it matches the way the system actually behaves.

Technical breakdown

Why AI identity governance breaks when visibility is partial

AI identity governance depends on knowing which non-human identities exist, what they are connected to, and which workflows they can trigger. Partial visibility leaves blind spots in discovery, ownership, and access review. That matters because AI tools often sit across SaaS, cloud, and internal automation layers, where identity sprawl is easy to miss. Without complete inventory, security teams cannot tell whether an access grant belongs to a sanctioned agent, a shadow deployment, or a stale credential. Practical implication: treat AI identity discovery as a continuous control, not a one-time inventory task.

Practical implication: build continuous discovery for AI and machine identities before trying to certify their access.

Agentic AI access controls and the limits of role-based design

Agentic AI is different from ordinary automation because it can choose actions, tools, and timing at runtime. That creates a mismatch with role-based access control, which assumes human-defined purpose and stable entitlements. If an AI system can initiate tasks dynamically, a fixed role can become too broad in one context and too narrow in another. The result is either over-permissioned access or blocked operations that teams bypass informally. Practical implication: focus on task-scoped, context-aware access decisions for AI entities rather than static role assignment.

Practical implication: replace broad roles with context-aware access decisions for AI entities.

Shadow AI as an identity lifecycle failure

Shadow AI is not only an adoption problem. It is an identity lifecycle failure because unsanctioned AI tools often appear before governance, ownership, or offboarding processes exist. Once these systems interact with data, APIs, or machine identities, they create unmanaged access paths that are difficult to detect after the fact. This is why acceptable use policy alone is insufficient. Governance has to follow the lifecycle from introduction to retirement. Practical implication: tie AI approval, review, and removal to the same lifecycle discipline used for other non-human identities.

Practical implication: manage AI onboarding and offboarding with the same lifecycle discipline used for other non-human identities.

Threat narrative

Attacker objective: The attacker wants to abuse or subvert AI-connected identities to gain access, manipulate decisions, or expand reach across enterprise systems.

1. Entry occurs when sanctioned or unsanctioned AI tools connect to enterprise systems without full identity visibility or governance.
2. Escalation happens when agentic systems use broad or poorly scoped access to reach data, workflows, or tools beyond their intended purpose.
3. Impact follows when compromised or unsanctioned AI identities are used for phishing, credential theft, data exposure, or uncontrolled autonomous action.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI identity governance is now a control-plane problem, not an edge case. The report shows that AI has moved from pilot status into operational environments faster than governance has caught up. Once 94% of companies are using or piloting AI in IT operations, the question is no longer whether AI exists in the estate. The real issue is whether identity teams can see, classify, and govern the machine layer fast enough to keep it bounded. Practitioners should treat AI governance as part of core identity architecture, not an overlay.

Partial visibility is a structural failure, not a tooling gap. When only 61% of organisations can fully see machine identities and 48% govern AI entities, the control environment is already fragmented. That means ownership, review, and accountability are split across teams that do not share a single truth about what exists. The practical conclusion is that AI identity risk cannot be managed through policy alone because the environment itself is not fully enumerable.

Role-based access control is too blunt for agentic behaviour. Delinea's own framing points to a problem that IAM teams will recognise immediately: a role assumes relatively stable intent, but agentic AI can act, chain, and adapt at runtime. That means the same entitlement may be safe for one task and excessive for the next. Practitioners should rethink whether static role design can support systems that choose actions dynamically.

Shadow AI exposes a lifecycle assumption that no longer holds. Acceptable use policies still matter, but they do not create ownership, review, or offboarding for systems that appear outside formal procurement. The result is a governance gap where AI entities can exist, connect, and persist without a clean administrative boundary. The implication for identity programmes is simple: lifecycle controls must extend to AI before unsanctioned use becomes institutionalised.

AI governance is converging with NHI governance and human IAM governance. The article shows that the same organisation is now trying to secure human users, machine identities, and AI entities under one identity estate. That convergence raises the bar for identity architecture because teams can no longer isolate AI decisions from broader privilege, lifecycle, and monitoring controls. Practitioners should build governance models that treat identity as a shared discipline across actor types, not a set of separate towers.

From our research:

• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
• Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks.
• For lifecycle and offboarding discipline, see NHI Lifecycle Management Guide for the governance controls that reduce persistent NHI exposure.

What this signals

Shadow AI is likely to become a governance density problem before it becomes a tooling problem. Delinea's numbers show 56% of organisations dealing with shadow AI at least monthly, which means the operational burden is already recurring rather than exceptional. The programme response should be to connect discovery, access review, and incident triage into one control loop so hidden AI use is surfaced before it becomes routine.

AI governance will increasingly sit inside broader identity programmes rather than beside them. As machine identities, human access, and AI entities share the same applications and data paths, programme owners will need one policy model that spans all three. The practical signal is that identity architecture teams should prepare for more cross-functional ownership and fewer isolated governance exceptions.

Access review cadences may be too slow for agentic systems unless ownership is explicit. If an AI entity can be created, expanded, or retired faster than the next certification cycle, the control fails on timing rather than intent. Teams should therefore watch for gaps between deployment velocity and review velocity, because that gap is where unmanaged access accumulates.

For practitioners

• Inventory AI identities continuously Build discovery processes that identify sanctioned and unsanctioned AI entities across cloud, SaaS, and internal automation layers. Map each identity to an owner, a purpose, and a review cycle so hidden access does not persist between audits.
• Replace static roles with task-scoped access Limit AI entities to the smallest set of actions, tools, and data paths needed for a specific workflow. Re-evaluate access whenever the workflow changes, because agentic behaviour can expand the effective scope of an entitlement without any new approval.
• Tie AI governance to lifecycle controls Apply joiner-mover-leaver logic to AI systems, including approval, review, suspension, and retirement. Pair that lifecycle with logging and ownership records so no AI deployment remains outside an accountable administrative chain.
• Monitor shadow AI as an identity issue Track unsanctioned AI use as a sign of unmanaged identity growth, not just policy noncompliance. Feed those findings into access governance, procurement, and security operations so discovery leads directly to containment decisions.

Key takeaways

• AI security now depends on identity governance that can see and classify machine and AI entities, not just human users.
• The report's 44% readiness figure and 61% visibility figure show that confidence is outrunning actual control coverage.
• Practitioners should link AI discovery, task-scoped access, and lifecycle review before shadow AI becomes normalised.

Key terms

• Agentic AI identity: An identity used by an AI system that can choose actions, tools, or timing at runtime. It behaves like a non-human identity in the control plane, but its access risk is higher because the system can expand or combine actions dynamically within a session or workflow.
• Shadow AI: AI tools or agents that operate in an organisation without clear approval, ownership, or governance. Shadow AI becomes an identity problem when the system can connect to data or APIs, because unmanaged access can persist even after the tool is discovered.
• Machine identity visibility: The ability to discover, classify, and monitor non-human identities across environments. It is a prerequisite for governance because security teams cannot review, certify, or revoke access for identities they cannot reliably enumerate.
• Task-scoped access: Access limited to the specific actions, data, and tools needed for one defined workflow. For AI systems, task scope matters because runtime behaviour can change the practical reach of a privilege even when the entitlement itself appears unchanged.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or programme maturity, it is worth exploring.

This post draws on content published by Delinea: AI in Identity Security Demands a New Playbook. Read the original.