TL;DR: Enterprise AI spending was 1.6 times AI security investment in 2024 and was projected to reach 2.6 times by 2025, while 69% of organisations suspect or have evidence of prohibited public GenAI use, according to WitnessAI's analysis. Traditional compliance models were built for static systems, but AI policy compliance now has to govern behavioural risk across humans, copilots, and autonomous agents.
At a glance
What this is: This is an analysis of AI policy compliance, showing that traditional compliance and DLP approaches are not keeping pace with behavioural AI use, shadow AI, and agent oversight.
Why it matters: IAM, security, and compliance teams need a policy-and-control model that can govern AI behaviour in real time across human users, enterprise tools, and digital workers.
By the numbers:
- In 2024, enterprise spending on AI adoption was 1.6 times that on AI security, and that ratio was projected to widen to 2.6 by 2025.
- 69% of enterprises suspect or have evidence that employees are using prohibited public GenAI tools.
- Only 31% of organisations have formal, comprehensive AI policies.
👉 Read WitnessAI's analysis of AI policy compliance and runtime governance
Context
AI policy compliance is the discipline of governing how people, models, and agents use AI within legal, regulatory, and internal boundaries. The central problem is not configuration, but behaviour, because AI interactions change at runtime and can move sensitive data, decisions, and actions outside the scope of static policy.
The governance gap is widening because adoption is faster than control design. Employees are already using consumer AI tools, enterprise copilots, and agentic workflows in the same environment, which means compliance now has to follow the interaction, not just the account or the application.
Key questions
Q: How should organisations enforce AI policy compliance across employee and agent use?
A: Start by classifying AI usage by identity type, data sensitivity, and execution context, then enforce policy at runtime rather than only through written rules. Human users, enterprise copilots, and autonomous agents should not share the same control path if they can process different data or take different actions. The goal is visible, auditable behaviour control.
Q: Why do traditional DLP and CASB tools fall short for AI policy compliance?
A: They are designed for files, keywords, and known channels, while AI interactions are conversational and often span multiple turns. Sensitive content can appear in paraphrased prompts, model outputs, or delegated agent actions, which makes static pattern matching incomplete. AI policy compliance needs intent-aware enforcement and session-level visibility.
Q: What do security teams get wrong about shadow AI governance?
A: They often treat shadow AI as a banned-app problem when it is usually an identity and accountability problem. Employees can use approved tools, personal accounts, or embedded AI features in ways that bypass policy even when the app itself is not explicitly blocked. Governance has to follow the interaction, not just the endpoint.
Q: Who is accountable when an AI agent makes a risky decision?
A: Accountability should rest with the organisation that authorised the agent, the human owner of the workflow, and the control process that allowed the behaviour. If an agent can act independently, the programme must preserve attribution, action logs, and policy decisions so audit and remediation are possible after the event.
Technical breakdown
Intent-based enforcement for conversational AI
Keyword-based controls were built for files, fields, and predictable data paths. Conversational AI breaks that model because sensitive information can appear across multiple turns, be paraphrased by the model, or emerge in output even when the input never contains obvious trigger terms. Intent-based enforcement classifies the purpose of the interaction, not just the text on the page, which is why it is better aligned to AI policy compliance. This is especially relevant where users paste code, contracts, or regulated data into general-purpose models without obvious pattern matches.
Practical implication: move from regex-driven DLP to intent-aware policy enforcement for prompts, responses, and multi-turn sessions.
Runtime guardrails for AI and agent actions
AI policy compliance fails when controls only exist before or after the interaction. Runtime guardrails evaluate prompts, responses, uploads, and agent-initiated actions while the session is still active, which allows intervention before sensitive data is exposed or an irreversible task executes. This matters more as AI systems begin to act on behalf of users, connect to tools, and initiate workflow steps. The key technical shift is from monitoring static access to governing dynamic behaviour across the full session lifecycle.
Practical implication: enforce controls at session time, especially where an agent can take action beyond a simple chat response.
Visibility across shadow AI and the digital workforce
Governance cannot work if teams do not know which AI surfaces exist. Discovery has to cover browser tools, embedded copilots, standalone apps, IDE integrations, MCP-connected systems, and agent traffic outside normal SaaS inventories. That broader view is essential because shadow AI often hides in sanctioned applications rather than only in obvious consumer tools. Once discovered, each system needs a policy classification that ties use case, data class, and accountability together so the compliance model matches actual behaviour.
Practical implication: build AI discovery into your control stack before policy rollout, or enforcement will miss the highest-risk paths.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
AI policy compliance fails when organisations confuse software governance with behavioural governance. Traditional compliance assumes the system can be evaluated as a bounded asset, but AI use is conversational, distributed, and often non-deterministic. That means the control target is the interaction itself, not the model or the app in isolation. Practitioners should treat AI policy as an active governance layer, not a document exercise.
Shadow AI is not a user behaviour problem alone, it is an access governance problem. When employees move between consumer accounts, enterprise copilots, and embedded AI features, the organisation loses consistent identity, data, and accountability boundaries. This is where AI policy compliance intersects with IAM and data governance, because approval states and retention terms vary by account type. Practitioners need unified control definitions across sanctioned and unsanctioned AI use.
Identity attribution for AI agents is now part of compliance design. When an agent can initiate actions, tool calls, or delegated work, the programme has to know which human or service identity is accountable for that behaviour. In practice, this makes AI policy compliance a lifecycle and delegation problem as much as a data problem. Teams should expect audit demands to focus on who authorised the behaviour and how the agent was constrained.
Runtime control is the new evidence model for regulated AI use. Regulators and auditors will not care that a policy existed if the organisation cannot show how it was enforced during an actual session. That shifts evidence from static approval lists to live logs, intervention records, and policy decision traces. Practitioners should assume that demonstrable runtime enforcement will become the default expectation in mature AI governance programmes.
Intent-based policy creates a named control concept: behavioural enforcement layer. The article points to a model where policy is translated into real-time action, not just approved language. That is the only way to align compliance with dynamic prompts, model outputs, and delegated agent actions. Practitioners should design for policy that follows intent across the full AI surface, not just the sanctioned model.
From our research:
- Three-quarters of companies plan to deploy agentic AI within two years, yet only one in five has a mature governance model for autonomous agents, according to AI Agents: The New Attack Surface report.
- From our research: Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- If you are extending policy from human use into AI workflows, OWASP Agentic AI Top 10 gives the control categories that help turn intent into enforceable guardrails.
What this signals
Behavioural compliance is becoming the baseline for AI governance. The next stage of control maturity will not be about whether an organisation has an AI policy, but whether it can prove that the policy was enforced during live use. That shifts programme design toward runtime logs, session evidence, and identity-linked accountability across human and machine actors.
Runtime evidence will matter more than policy language. Regulators and auditors are already moving toward proof that organisations can see and intervene in AI interactions as they happen. For practitioners, that means AI governance has to sit closer to security operations, identity controls, and data protection than to static policy management alone.
With 80% of organisations reporting that AI agents have already acted beyond their intended scope, the governance gap is no longer speculative. Teams that are formalising AI controls now should align them to NIST AI Risk Management Framework governance concepts and the discovery patterns in Top 10 NHI Issues.
For practitioners
- Classify AI use by account type and data class Separate consumer AI, enterprise AI, embedded copilots, and agentic workflows into distinct policy categories. Apply different retention, training, and data handling rules to each class so employees cannot move sensitive work across account boundaries without visibility.
- Replace keyword-only filtering with intent-aware controls Use behavioural classification to detect risky prompts, responses, and uploads based on purpose and context rather than trigger words. This is essential for contracts, code, and regulated content that do not contain obvious policy violations in plain text.
- Build runtime intervention into high-risk sessions Set escalation paths that can warn, block, or route AI interactions before irreversible action occurs. Prioritise sessions involving regulated data, external tool use, or agent-initiated actions where post-event review is too late.
- Inventory every AI surface before writing enforcement rules Map browser apps, embedded copilots, IDE integrations, MCP-connected systems, and standalone tools into one discovery process. Without that inventory, policy coverage will miss the most common shadow AI paths.
Key takeaways
- AI policy compliance has shifted from document control to behavioural control, because models and agents act dynamically at runtime.
- The scale of exposure is already material, with shadow AI and weak governance outpacing most enterprise control programmes.
- Practitioners need intent-based enforcement, runtime intervention, and complete discovery before AI governance can produce defensible evidence.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A2 | Agent actions and tool use create runtime policy risk in AI workflows. |
| NIST AI RMF | Governance and measurement are central to compliance over AI behaviour. | |
| NIST CSF 2.0 | PR.AC-4 | Access and identity controls underpin who can use AI and under what conditions. |
Map AI policy decisions to governance, measurement, and accountability functions before scaling use.
Key terms
- AI Policy Compliance: AI policy compliance is the practice of governing how AI is used so that interactions stay within legal, regulatory, and internal boundaries. It combines policy, security, and auditability, but the real test is whether the organisation can enforce rules during live AI behaviour, not just document them after the fact.
- Shadow AI: Shadow AI is the use of AI tools, models, or features without formal approval or visibility from the organisation. It is often hidden inside personal accounts, embedded copilots, or consumer services, which makes it an identity and governance issue as much as a technology issue.
- Intent-Based Enforcement: Intent-based enforcement is a control approach that evaluates what a user or agent is trying to do, not only the words or files involved. In AI environments, it improves coverage because risky behaviour can appear across multiple turns, in paraphrased content, or in agent-initiated actions.
- Runtime Guardrails: Runtime guardrails are controls that inspect and influence AI behaviour while a session is active. They can warn, block, route, or log interactions before data leaves the organisation or an agent completes a harmful action, making them essential for auditable AI governance.
Deepen your knowledge
AI policy compliance and runtime AI governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are extending identity and policy controls into agentic and employee AI use, it is worth exploring.
This post draws on content published by WitnessAI: AI policy compliance in an organization governs every AI interaction. Read the original.
Published by the NHIMG editorial team on 2026-05-16.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
