AI security maturity stalls where awareness outpaces control

At a glance

What this is: This analysis argues that most organisations are stuck in AI security Stage 1 or Stage 2 because they can write policy faster than they can build visibility and control.

Why it matters: It matters because IAM, NHI, and security teams need to govern AI use, AI integrations, and browser-based identity flows before shadow adoption and AI-enabled attacks outrun current controls.

By the numbers:

• 45% of employees are now regular AI users on corporate devices, up from 15% the prior year.
• The average organisation now has 16 unique AI apps, 17 AI browser extensions, and 17 AI OAuth integrations in active use.

👉 Read Push Security's analysis of the SANS AI security maturity model

Context

AI security maturity is the gap between knowing AI is in use and being able to see, classify, and govern that use across the organisation. In practice, the problem is not just unsafe prompting or unapproved tools, but the lack of an inventory, telemetry, and decision rights that lets security teams understand what is actually happening.

For IAM and NHI programmes, that gap matters because AI adoption now touches browser sessions, OAuth grants, file uploads, and shadow accounts all at once. A policy can exist without operational control, but that leaves the organisation unable to prove where AI is present, which identities are involved, or whether the data flow is defensible.

The article’s central point is that progress stalls when organisations stay on the awareness side of the chasm. The starting position described here is typical: many teams have policy language and board attention, but they do not yet have the evidence needed to govern AI use at scale.

Key questions

Q: How should security teams implement AI governance without pushing usage underground?

A: Start with automated discovery, not a blanket ban. Inventory AI apps, browser extensions, and OAuth integrations across managed and personal accounts, then classify them by sensitivity and business use. Apply graduated controls such as monitor, warn, and block so policy reflects actual behaviour instead of driving usage into shadow paths.

Q: Why do AI tools create problems for IAM and identity governance programmes?

A: AI tools expand the identity surface into browser sessions, personal accounts, and consented integrations that are often outside normal review cycles. That means IAM teams can lose visibility into who authorised what, which data moved where, and whether access should still exist. Governance breaks when identity events are no longer centralised.

Q: What breaks when organisations block AI use without visibility?

A: A block-only strategy usually relocates usage into shadow accounts and unmanaged tools instead of eliminating it. Security teams then lose the telemetry needed to classify risk, investigate data movement, and prove compliance. The failure is not just policy evasion, but the absence of evidence-based control.

Q: Who should own AI security maturity inside the enterprise?

A: Ownership should sit across IAM, security operations, data governance, and risk, with clear accountability for discovery, classification, and response. AI security is not just an endpoint or policy issue. It is an identity and data governance problem that needs shared operating ownership.

Technical breakdown

Why AI security maturity gets stuck at policy level

The SANS model separates governance intent from operational capability. Stage 1 and Stage 2 organisations can describe what should happen, but they cannot reliably inventory AI apps, extensions, or OAuth integrations across the workforce. That leaves them with a policy surface, not a control surface. The model is useful because it treats maturity as evidence-based progression: discovery first, classification second, controls third. Without that sequencing, organisations end up with rules that cannot be enforced and exceptions they cannot see.

Practical implication: build automated discovery before expanding policy scope.

Browser telemetry and shadow AI discovery

The browser is now the main control point for both shadow AI adoption and AI-enabled attack paths. Employees use browser sessions to access personal AI accounts, upload files, authorise extensions, and grant OAuth access, often outside approved tooling. That same layer also exposes phishing, malicious extensions, device code attacks, and session abuse. If telemetry stops at the network boundary, security teams miss the actual identity and data events that define AI risk. Browser-layer visibility is therefore not a convenience feature, but the foundation for meaningful governance and detection.

Practical implication: instrument the browser layer for discovery, data movement, and identity abuse signals.

Govern AI and Protect AI as linked control domains

The article’s strongest technical point is that governance and protection fail independently when they are isolated. A team can classify data and publish acceptable-use rules yet still lose to device code phishing or ClickFix attacks. It can also deploy detection, but without governance, alerts go nowhere. The SANS model treats these as interdependent control domains because AI risk now spans employee behaviour, browser activity, and adversarial technique. In other words, governance without detection produces blind spots, and detection without governance produces noise.

Practical implication: align governance controls with detection and response around the same AI activity surface.

Threat narrative

Attacker objective: The objective is to exploit unmanaged AI use and browser-mediated identity flows to collect credentials, sensitive data, and durable access paths that bypass normal security oversight.

1. Entry happens when users interact with AI tools, browser extensions, or phishing lures outside approved channels, often through personal accounts or unmanaged sessions.
2. Escalation occurs when those same browser-based paths are used to harvest credentials, authorise malicious extensions, or move sensitive data into unapproved AI services.
3. Impact follows when attackers or insider misuse gain access to source code, structured data, documents, or identity flows that the organisation cannot see or control.

Breaches seen in the wild

• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
• Schneider Electric credentials breach — exposed credentials gave attackers access to Schneider Electric Jira, exfiltrating 40GB.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI security maturity is an identity governance problem before it is an AI tooling problem. The article is right to focus on the chasm between policy and capability, because the missing control plane is not a memo. It is inventory, classification, and enforcement across the browser, OAuth, and shadow account layers. Practitioners should treat AI usage as an identity surface, not a software feature set.

Framework of No is a control failure, not a communication failure. Blocking AI usage without discovery simply shifts behaviour into personal accounts and unmanaged paths, which is why the article’s evidence on shadow accounts matters. The governance lesson is that prohibition without visibility creates a false negative programme. Practitioners need to measure whether policy is reducing exposure or merely relocating it.

Browser telemetry is the new shared control point for NHI, human, and AI risk. The same session layer now carries human sign-in, AI tool use, OAuth consent, extension risk, and data movement. That convergence makes browser visibility one of the few controls that can inform both identity governance and threat detection. Practitioners should align IAM, NHI, and endpoint teams around the browser as a governed identity plane.

AI maturity will separate organisations that can prove control from those that can only describe it. The maturity model’s Stage 3 and Stage 4 expectations point toward evidence-based governance, not aspiration. Organisations that cannot show inventory, classification, and runtime control will remain stuck in reactive patterns. The practitioner conclusion is simple: if you cannot measure the AI estate, you cannot govern it.

Shadow AI is now a recognised identity governance exposure, not just an end-user policy issue. That matters because AI tools increasingly sit outside managed accounts while still touching corporate data and identity flows. The implication is that AI governance has to be folded into wider lifecycle and access review work, rather than treated as a separate awareness campaign.

From our research:

• Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
• 75% of organisations express strong confidence in their secrets management capabilities, even though the average estimated time to remediate a leaked secret is 27 days.
• For teams building out identity controls around AI usage, Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs is the next practical step after discovery and classification.

What this signals

Shadow AI discovery is now part of the same governance challenge as secrets and identity lifecycle control. When users move between managed and personal accounts, the programme loses the ability to tell whether access is approved, temporary, or simply invisible. The practical signal for teams is that discovery quality, not policy volume, will determine whether AI governance matures. Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs

With 75% of organisations expressing strong confidence in their secrets management capabilities despite a 27-day average remediation time for leaked secrets, the wider lesson is that confidence is not control. AI governance programmes that cannot evidence inventory and response speed will repeat the same mismatch. The reader should expect boards to ask for proof of enforcement, not policy artefacts.

Browser telemetry is becoming the operational layer where AI governance, phishing defence, and identity visibility overlap. That convergence means teams should plan for one control plane to support multiple use cases, including AI tool discovery, OAuth oversight, and session-risk detection. For broader identity strategy, the next reference point is the NIST Cybersecurity Framework 2.0.

For practitioners

• Build automated AI inventory Discover AI apps, browser extensions, and OAuth integrations continuously, including usage through personal accounts and unmanaged sessions. Treat the inventory as a prerequisite for policy, classification, and exception management.
• Classify AI activity by data sensitivity Differentiate benign usage from high-risk behaviour by looking at source code, structured data, and document movement into AI tools. Use the classification to decide where monitoring, warning, or blocking is justified.
• Instrument browser-layer controls Collect telemetry from the browser where AI prompts, file uploads, phishing lures, OAuth consent, and extension activity all converge. This is the layer where both shadow AI and AI-enabled attacks become visible.
• Replace blanket blocking with graduated response Use monitor, warn, and block modes so the security team can see behaviour before forcing hard denial. Blanket blocking often drives activity into shadow accounts rather than reducing it.
• Tie AI governance to access review and lifecycle processes Make AI tools, extensions, and consented integrations part of recertification and offboarding so unmanaged access does not persist after role changes. This keeps AI use inside normal identity governance workflows.

Key takeaways

• Most organisations are not failing on AI awareness, they are failing on operational visibility and enforcement.
• Shadow accounts, browser extensions, and OAuth integrations now define the practical AI attack surface for IAM teams.
• AI governance becomes credible only when discovery, classification, and runtime control are measured together.

Key terms

• Shadow AI: AI tools, extensions, or integrations that are being used without formal approval, inventory, or governance. In practice this includes personal-account usage, unmanaged browser extensions, and unreviewed OAuth grants that move data or identity trust outside the security programme.
• Browser Telemetry: Security-relevant data collected from browser sessions, including site access, extension behaviour, prompt activity, file uploads, and consent events. It is valuable because many AI and identity risks now manifest in the browser before they are visible to network or endpoint controls.
• Graduated Control: A response model that uses monitor, warn, and block actions instead of a binary allow-or-deny approach. For AI governance, it lets organisations shape behaviour, preserve visibility, and apply stricter enforcement only where data sensitivity or identity risk justifies it.
• AI Security Maturity: The degree to which an organisation can discover, classify, govern, and protect its AI usage with evidence rather than intent. Mature programmes can show where AI is used, how risk is measured, and which controls are operating across the full identity and data path.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Push Security: Most organizations know they have an AI security problem. A new SANS framework shows why so few are making progress. Read the original.