AI native engineering exposes identity sprawl and access control gaps

At a glance

What this is: AI native engineering increases speed and autonomy, but it also breaks older assumptions about identity visibility, access control, and governance.

Why it matters: IAM, NHI, and human identity programmes all need to account for fast-changing human and machine identities, or security and accountability will drift apart.

👉 Read Oasis Security's analysis of AI native engineering, speed, and security

Context

AI native engineering changes how work gets done, but the security problem is not the AI tool itself. The real issue is that identity, access, and decision-making become more fluid at the same time, which makes traditional role-based controls and periodic review cycles less reliable.

In practice, this creates an identity governance gap across human developers, CI/CD jobs, ephemeral services, and AI agents operating in the same delivery flow. When access changes continuously, teams need to know who or what is acting, what it can reach, and whether that access still matches the task at hand.

Key questions

Q: How should security teams govern AI native engineering environments with mixed human and machine identities?

A: Security teams should govern AI native environments by treating every identity as dynamic and continuously verifiable. That means continuous discovery, context-aware access mapping, and lifecycle controls for human users, service accounts, and agent-driven workflows. Periodic reviews alone will miss short-lived access paths that appear and disappear between review cycles.

Q: Why do AI native workflows create more identity risk than traditional engineering models?

A: AI native workflows increase identity risk because they multiply the number of identities and shorten the time access remains stable. When humans, services, and agents can all act in the same delivery flow, visibility and accountability become harder to preserve. The risk is not AI use itself, but access that outpaces governance.

Q: What breaks when access reviews are used for ephemeral machine identities?

A: Access reviews break down when identities are created and used faster than the review cycle can observe them. By the time a review happens, the access may already be gone, repurposed, or abused. That makes recertification an incomplete control unless it is paired with continuous discovery and runtime monitoring.

Q: How can teams tell whether identity controls are keeping up with AI native change?

A: Teams can tell by measuring whether they can answer who acted, what they accessed, and whether the access still matched the task in real time. If those answers depend on manual reconstruction after the fact, the control model is behind the operating model. Drift, shadow access, and ownership gaps are the warning signs.

Technical breakdown

Identity sprawl in AI native engineering

AI native engineering environments create more identities, more quickly, than traditional governance models expect. Developers, ephemeral services, CI/CD jobs, and AI agents can all appear and disappear across a short operational window. That expands the number of subjects that need identification, entitlement mapping, and auditability. The problem is not only volume. It is the rate at which access relationships change, which makes point-in-time inventory fragile and stale almost immediately.

Practical implication: teams need continuous discovery of every human and machine identity before access reviews can mean anything.

Why static roles fail in dynamic workflows

Static roles assume that identity and task remain stable long enough for provisioning to stay valid. AI native workflows break that assumption because work is increasingly delegated, recomposed, and executed across human and machine actors in real time. The result is access that no longer lines up cleanly with fixed job functions or predetermined workflow steps. Least privilege still matters, but it has to be interpreted against current behaviour, not just job title or pipeline design.

Practical implication: governance should map entitlements to observed behaviour and workflow state, not only to preassigned roles.

Policy-driven governance for ephemeral access

Policy-driven governance becomes necessary when access is created, reused, and discarded at machine speed. In this model, the control plane must detect drift, understand context, and revoke or narrow access when usage changes. That is different from simply reviewing permissions after the fact. The core challenge is maintaining control without forcing teams back into slow, manual approvals that undermine the operating model AI was meant to unlock.

Practical implication: implement automated drift detection and policy enforcement that can act while the workflow is still active.

Threat narrative

Attacker objective: The objective is to exploit opaque identity relationships inside fast-moving AI native workflows and gain access that no longer maps cleanly to governance controls.

1. Entry occurs through legitimate AI native development workflows where human, service, and agent identities are introduced faster than teams can catalog them.
2. Escalation follows when credentials, integrations, or shadow access are reused across prompts, pipelines, or ephemeral services without clear ownership.
3. Impact is loss of visibility into who acted, what was accessed, and whether the access was still justified, which enlarges the attack surface and weakens accountability.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI native engineering turns identity from a support function into the primary control surface. When workflows become more fluid, the question is no longer whether security exists, but whether identity governance can keep pace with the pace of work. The strongest programmes will treat every identity as dynamic, whether human, machine, or agent, and anchor control decisions in real-time context rather than static assumptions. Practitioners should expect identity to become the organising layer for security in AI-native delivery.

Static role models are the wrong abstraction for AI native environments. Roles assume stable duties, stable ownership, and stable execution paths, but AI native engineering replaces all three with faster delegation and reconfiguration. That creates a governance gap where access can be technically valid but operationally stale. The implication is straightforward: teams should stop treating fixed entitlement sets as proof of control and start measuring whether access still fits the current workflow.

Context aware access mapping is now a governance requirement, not a nice-to-have. In mixed human and machine environments, the same credential may be used by different actors at different times or through different integrations. Without mapping access to behaviour, ownership, and execution context, recertification becomes an administrative ritual rather than a security control. Practitioners should prioritise the relationship between identity, action, and system state over raw entitlement counts.

Identity sprawl in AI native engineering is a lifecycle problem as much as an access problem. New services, short-lived jobs, and agent-driven tasks all create governable identities that may never appear in legacy onboarding or offboarding processes. That means joiner-mover-leaver thinking has to extend to ephemeral workloads and agentic systems, not just employees. Security leaders should treat lifecycle discipline as a prerequisite for any meaningful AI-native control model.

From our research:

• 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
• Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
• That confidence gap is why teams should also review the Ultimate Guide to NHIs , 2025 Outlook and Predictions for the forward-looking governance model.

What this signals

Identity governance for AI native engineering should be judged by observability, not by policy volume. If teams cannot continuously answer who or what is acting, access controls are already behind the pace of delivery. The practical test is whether lifecycle, entitlement, and drift signals are unified across human and machine identities before the workflow completes.

AI native engineering creates an identity blast radius that is wider than traditional app delivery. As more access paths are created on demand, stale privileges and shadow integrations become harder to distinguish from legitimate activity. That means security teams need programmatic discovery and tighter runtime governance, not another layer of post-hoc reporting.

With 1 in 4 organisations already investing in dedicated NHI security capabilities, per The State of Non-Human Identity Security, the market signal is clear: AI native operating models are pushing identity into the centre of security architecture. Teams that still treat NHI and human access as separate conversations will struggle to govern mixed workflows effectively.

For practitioners

• Build continuous identity discovery across delivery pipelines Inventory every human, service, and agent identity that can touch code, prompts, deployments, or data. Reconcile that inventory continuously so ephemeral identities do not fall outside review and logging processes.
• Map access to live workflow context Tie entitlements to current task state, deployment stage, and runtime behaviour instead of relying only on role assignments. Use the access path itself to confirm whether a permission is still justified.
• Automate drift detection for machine-speed change Monitor for new permissions, new integrations, and sudden usage spikes, then trigger controls before access proliferates across prompts and pipelines. Manual review after the fact will miss most of the risk.
• Extend lifecycle governance to ephemeral identities Apply joiner-mover-leaver discipline to short-lived services and AI-driven workloads so abandoned identities, stale access, and shadow integrations do not persist beyond their business purpose.

Key takeaways

• AI native engineering expands identity sprawl, which makes visibility and ownership the central security problem.
• Static roles and periodic reviews are too slow for environments where access changes at machine speed.
• Teams need continuous discovery, context-aware access mapping, and lifecycle governance for both human and non-human identities.

Key terms

• AI native engineering: An operating model where software teams build, collaborate, and deliver with AI embedded into the development process rather than added on top. In identity terms, it increases the number and speed of access events, which makes ownership, observability, and governance harder to manage with static controls.
• Identity sprawl: The growth of identities, credentials, and access paths faster than an organisation can reliably track them. In AI native environments, it can affect humans, services, and agents at the same time, creating hidden dependencies and making recertification and offboarding less reliable.
• Context-aware access mapping: The practice of linking an identity’s permissions to the task, system state, and runtime behaviour that justify those permissions. For AI native engineering, this is more useful than relying only on fixed roles because access can change quickly and may be shared across different actor types.
• Automated drift detection: Continuous monitoring that flags when permissions, integrations, or usage patterns change outside expected bounds. In AI native workflows, drift detection matters because access can expand silently between manual reviews, especially when ephemeral identities and agents are involved.

Deepen your knowledge

AI native engineering and dynamic identity governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your teams are dealing with ephemeral services, agent-driven workflows, or fast-changing access paths, the course is a practical place to start.

This post draws on content published by Oasis Security: Building an AI Native Engineering Organization: Lessons in Speed, Culture, and Security. Read the original.