AI identity sprawl is widening faster than IAM governance

At a glance

What this is: This JumpCloud report argues that rapid AI adoption is creating a large, under-governed population of non-human identities that traditional IAM cannot see well enough to control.

Why it matters: It matters because identity teams now have to govern AI tools, bots, scripts, and agents alongside human users, or the organisation’s attack surface will expand faster than review and control processes can keep up.

By the numbers:

• 99.6% of organizations are already using or actively planning to adopt artificial intelligence.
• 67% are embedding AI in security threat detection.
• 42% of IT leaders are concerned about a lack of identity governance for non-human actors.
• 23% of IT teams are actively securing these agentic AI identities.

👉 Read JumpCloud's Q3 2025 IT Trends Report on AI and non-human identity risk

Context

AI identity sprawl is the widening gap between AI adoption and the controls needed to govern the identities those systems create. In this report, the primary issue is not AI usage itself, but the growth of non-human identities that sit outside normal user-directory visibility and therefore outside routine IAM oversight.

That matters for IAM, NHI, and emerging agentic AI programmes because AI tools now touch sensitive systems, privileged accounts, and operational data without a human in the loop. When those identities are buried in code, API settings, or orchestration layers, the control model has to change before exposure becomes normalised.

The report’s starting point is typical of the market: organisations are racing to adopt AI faster than they are building identity governance for it. That mismatch is now the core security story.

Key questions

Q: How should security teams govern AI identities that access sensitive systems?

A: Treat AI identities as governed non-human identities, not as ordinary application settings. Assign each credential an owner, define the exact systems it may reach, and put it into the same lifecycle discipline used for other privileged machine access. Without that structure, access grows faster than review cycles can contain it.

Q: Why do AI tools create more IAM risk than standard automation?

A: AI tools often combine broad system reach with weak visibility, which means the actual machine identity can sit outside normal directory and review processes. The risk is highest when those identities can read data, trigger actions, or touch admin interfaces without a clear revocation path.

Q: What breaks when AI identities are not inventoried centrally?

A: Ownership breaks first, then entitlement review, then offboarding. If security teams cannot see the credential, they cannot prove who approved it, what it can access, or when it should be removed. That turns an AI workflow into an unmanaged privileged path.

Q: Who should be accountable for AI identity governance?

A: Accountability should sit with the team that owns the workflow and the team that owns identity controls, because AI access crosses both domains. Security, platform, and application owners each hold part of the lifecycle, but one business owner must remain responsible for the access decision and its removal.

Technical breakdown

Why non-human identities become invisible in AI deployments

Non-human identities are machine credentials used by software components to authenticate and act. In AI environments, they include API keys, service accounts, tokens, bots, and agent credentials that are often embedded in code, configuration, or orchestration systems rather than assigned through a human identity store. That makes them harder to inventory, review, and revoke. The problem is not just scale. It is that the identity lifecycle is fragmented across development, platform, and security teams, so governance can disappear between owner domains.

Practical implication: build a complete inventory of AI-related credentials and map each one to an accountable owner and lifecycle state.

Why elevated privileges make AI identities a governance problem

AI systems often need broad access to be useful, which pushes them toward high-value databases, admin APIs, and operational controls. That creates a structural tension in IAM: the more capable the AI workflow, the more likely it is to inherit access that exceeds what a normal service account would receive. Once privilege is granted, it is easy for the access model to drift because the entitlement was created for functionality rather than for tightly bounded task scope. This is where NHI governance and privileged access management converge.

Practical implication: classify AI identities by task scope and privilege level, then review elevated access as a privileged workload, not a generic app permission.

How shadow AI expands attack surface beyond user-focused controls

Shadow AI is the unmanaged use of AI tools or agents that security teams cannot reliably discover through standard identity or SaaS controls. Because these systems can be created outside central approval paths, they can accumulate secrets, data access, and automation privileges without formal onboarding. Human-centric IAM often sees the user who created the tool, but not the machine identity the tool uses to operate. That creates a governance blind spot, especially when AI touches sensitive systems through indirect integration points.

Practical implication: extend discovery, recertification, and offboarding processes to AI tools, not just to human accounts.

Threat narrative

Attacker objective: The attacker’s objective is to exploit hidden, over-privileged AI credentials to reach sensitive systems without triggering normal identity controls.

1. Entry occurs when AI systems are embedded into workflows with credentials stored in code, settings, or tool connectors rather than centrally governed identity records.
2. Escalation follows when those AI identities are granted broad access to sensitive databases, privileged accounts, or operational systems to keep the workflow functioning.
3. Impact emerges as unmanaged AI identities create a hidden backdoor that expands the organisation’s attack surface and weakens control over critical assets.

Breaches seen in the wild

• Azure Key Vault privilege escalation exposure — Azure Key Vault Contributor role misconfiguration enabled privilege escalation.
• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI identity sprawl is now the primary control problem, not a side effect of AI adoption. The report shows that organisations are deploying AI faster than they are assigning durable ownership for the identities those systems use. That means identity governance is failing at the discovery layer before it ever reaches entitlement review. Practitioners should treat AI identity inventory as a first-order governance requirement, not an audit afterthought.

Non-human identities become dangerous when they inherit machine utility without human lifecycle discipline. AI tools often receive privileged access because they must reach data, execute actions, and return outcomes quickly. The governance failure is that those identities are frequently not brought into the same lifecycle, recertification, and offboarding processes as human accounts. The implication is that AI access cannot be governed as an informal extension of application configuration.

Shadow AI creates a hidden identity layer that normal IAM was not built to expose. Human-centric identity programmes can still miss the machine identity that actually performs the action. When the credential is buried in code or an integration layer, access reviews see the user sponsor but not the operational actor. Practitioners should recognise this as an identity visibility failure, not just a tooling gap.

AI-enabled environments are forcing a convergence of NHI governance and privileged access management. The report’s concern about uncontrolled AI tools integrating with sensitive systems shows that privilege, not just authentication, is the issue. AI identities that can reach critical systems need explicit scope, ownership, and revocation paths. Security teams should reframe AI access as governed machine privilege, not as ordinary application plumbing.

From our research:

• 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
• Only 13% of security leaders feel extremely prepared for the reality of agentic AI, which shows that confidence is rising faster than governance maturity.
• For the lifecycle angle, see the NHI Lifecycle Management Guide for how ownership, rotation, and offboarding need to work across machine identities.

What this signals

AI governance is now a lifecycle problem as much as a discovery problem. With 70% of organisations already granting AI systems more access than human employees, the main risk is no longer whether AI will be used, but whether the access model can be constrained before it spreads. Teams should expect pressure to move AI identities into formal joiner-mover-leaver and recertification processes, not leave them in implementation teams.

The next maturity step is to treat AI tools, bots, and agents as first-class identities in the same operational inventory as service accounts and secrets. That requires ownership, expiry, review, and revocation to be visible in the identity programme rather than scattered across platform teams and code repositories.

Identity blast radius: when AI access is granted for speed rather than scoped for task completion, the organisation inherits the full downstream impact of any compromised or misused credential. That is why continuous discovery and constrained privilege will matter more than broad AI enablement programmes.

For practitioners

• Inventory every AI-related credential Map API keys, tokens, service accounts, and agent credentials to business owners, systems they can reach, and current lifecycle state. Include credentials embedded in code repositories, CI pipelines, and orchestration configs.
• Reclassify AI access as privileged machine access Separate AI identities from standard application accounts and subject them to stricter approval, logging, and recertification requirements when they can reach sensitive systems or administrative interfaces.
• Extend offboarding to AI tools and agents Remove access when an AI workflow is retired, replaced, or no longer approved, and verify that associated secrets are revoked across all dependent systems, not just in the primary console.
• Create a shadow AI discovery process Use SaaS, secret, and cloud discovery to find unmanaged AI tools and then tie each one back to an accountable owner, an approved use case, and a review cadence.

Key takeaways

• The report’s core warning is that AI adoption is outpacing identity governance, leaving a growing population of non-human identities outside normal control paths.
• The evidence shows a material mismatch between concern and action, with AI identities often granted more access than human workers even as security teams lag in securing them.
• The practical response is to govern AI access as privileged machine identity, with inventory, ownership, lifecycle control, and offboarding applied from the start.

Key terms

• Non-Human Identity: A non-human identity is any credentialed digital actor that authenticates to systems without being a person. It includes service accounts, API keys, tokens, certificates, bots, workloads, and AI agents. In governance terms, it needs ownership, scope, lifecycle control, and revocation just like a human account does.
• Shadow AI: Shadow AI is the use of AI tools or agents that security teams cannot reliably discover, govern, or retire through normal controls. It often appears in code, SaaS integrations, or platform settings, which makes the real identity easy to miss even when the user who created it is known.
• Identity Blast Radius: Identity blast radius is the amount of damage that can follow if a credential is misused, compromised, or granted too much access. For AI and other machine identities, it is shaped by privilege scope, system reach, and how quickly the access can be found, reviewed, and removed.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or operational governance, it is worth exploring.

This post draws on content published by JumpCloud: Q3 2025 IT Trends Report coverage of AI adoption and non-human identity risk. Read the original.