By NHI Mgmt Group Editorial TeamDomain: Cyber SecuritySource: SentinelOnePublished November 5, 2025

TL;DR: The broader AI security portfolio spanning shadow GenAI visibility, code assistant redaction, agentic AI governance, AI-ready data pipelines, and identity controls, including MCP-based agent monitoring and policy-based conditional access, is described in SentinelOne’s OneCon 2025 post. The practical issue is not AI adoption itself, but whether security teams can govern AI systems, data flows, and delegated access without creating new blind spots.


At a glance

What this is: SentinelOne’s OneCon 2025 post outlines a combined AI security and identity roadmap focused on shadow AI, agentic controls, data pipeline governance, and conditional access.

Why it matters: It matters because AI security programmes now need to govern both the behaviour of AI systems and the credentials, policies, and data paths they use.

👉 Read SentinelOne's OneCon 2025 post on AI security, agents, and identity controls


Context

AI security is no longer just about blocking malicious prompts or scanning model outputs. The governance gap now sits across the full operating chain, from employee use of public GenAI sites to agentic workflows, code assistants, and the data pipelines that feed security operations. In that environment, identity, access, and policy enforcement become part of AI control, not a separate layer.

The article is best read as a signal that AI governance is converging with identity governance. When agents use MCP, when code assistants can touch secrets or personal data, and when conditional access is extended into hybrid environments, the question shifts from whether AI can be used to whether its access can be bounded, audited, and revoked with enough precision.


Key questions

Q: How should security teams govern AI agents that can act on enterprise systems?

A: Security teams should treat AI agents as governed identities with limited scopes, explicit approval boundaries, and complete audit trails. If an agent can choose actions at runtime, it needs lifecycle controls similar to privileged access: least privilege, task scoping, revocation, and logging. Without those controls, the agent becomes a fast-moving extension of over-privileged access rather than a controlled automation layer.

Q: Why do AI tools create new identity and access risks for enterprises?

A: AI tools create new risk because they can process sensitive inputs, call external services, and act through delegated access without fitting neatly into traditional user-centric controls. The problem is not only what the model says, but what the system can reach. That makes permissions, policy enforcement, and auditability central to AI governance.

Q: What do security teams get wrong about shadow AI governance?

A: Teams often focus on discovery alone and assume visibility equals control. In practice, finding AI usage does not stop prompts, uploads, or generated outputs from carrying sensitive data outside approved boundaries. Governance only works when discovery is paired with enforcement, classification, and clear rules for what data can enter AI systems.

Q: Who is accountable when an AI agent misuses delegated access?

A: Accountability should sit with the business owner of the workflow, the security team that defined the control policy, and the platform owner that exposed the access path. If the agent has access to sensitive data or privileged functions, the organisation must be able to show who approved that access, what limits were set, and how it can be revoked.


Technical breakdown

Shadow AI visibility and prompt control

Shadow AI describes unmanaged use of public or embedded GenAI services across the enterprise. The technical challenge is not simply blocking websites. It is identifying where prompts, files, code, and sensitive context are leaving approved environments, then enforcing controls that can inspect, redact, or deny risky interactions in real time. That requires visibility into usage patterns, data classification, and policy enforcement at the point of interaction, not after the fact. Practical implication: teams need policy enforcement that follows the data into AI interfaces, not just perimeter blocks.

Practical implication: teams need policy enforcement that follows the data into AI interfaces, not just perimeter blocks.

Agentic AI, MCP, and delegated access control

Agentic AI changes the control problem because the system can choose actions and timing at runtime, often through tool use and protocol-mediated access. MCP provides a standard way for models and agents to connect to tools and data, which makes governance more important, not less. The risk is that a capable agent can inherit broad access, chain actions, and operate faster than manual review can keep up. Practical implication: organisations need explicit policy around tool scopes, approval boundaries, and logged decision paths for any agent that can act on enterprise resources.

Practical implication: organisations need explicit policy around tool scopes, approval boundaries, and logged decision paths for any agent that can act on enterprise resources.

AI-ready data pipelines and security operations telemetry

AI-ready pipelines are about controlling how security telemetry is ingested, normalised, prioritised, and routed before analysis or response. Pre-ingestion filtering matters because it determines whether noisy or sensitive data reaches downstream systems, including SIEM workflows and automated response chains. This is a governance issue as much as an architecture issue, because telemetry quality shapes detection confidence and the safety of automation. Practical implication: teams should govern the data pipeline as a control plane, with clear rules for enrichment, routing, retention, and automated action triggers.

Practical implication: teams should govern the data pipeline as a control plane, with clear rules for enrichment, routing, retention, and automated action triggers.


NHI Mgmt Group analysis

AI security is becoming an identity governance problem. Once GenAI tools, agents, and security workflows can act on data and systems, the key question is no longer only model safety. It is whether the identity of the software actor, its scopes, and its audit trail are governed as tightly as a human admin session. That is where AI security and IAM converge, and where blind trust in delegated access creates avoidable exposure. Practitioners should treat AI access as a governed identity surface.

Shadow AI creates an unreviewed control perimeter. Visibility into thousands of AI sites is useful only if it is paired with enforceable policy on what can be entered, retrieved, or generated. Otherwise the organisation discovers risk too late, after data has already crossed an unmanaged boundary. This is a governance failure, not just a monitoring gap. Practitioners should define policy that classifies AI usage by data sensitivity and business function.

Agentic access debt: when AI systems accumulate tool permissions, workflow privileges, and data reach without a lifecycle model, the result is standing access by another name. MCP makes integration easier, but it also standardises the path by which an agent can be over-scoped. The security problem is not the protocol itself, but the absence of lifecycle discipline around delegation, review, and revocation. Practitioners should manage agent permissions as ephemeral, task-scoped access.

Security operations automation needs bounded trust. The move from human-assisted analysis to AI-assisted triage and response can reduce time-to-action, but only if the response chain is intentionally constrained. Automated investigations are useful when every action is traceable, pre-approved, and reversible. If not, automation can amplify the wrong conclusion faster than a human team can intervene. Practitioners should couple automation with explicit approval boundaries and rollback paths.

Identity controls will increasingly sit inside AI platforms, not beside them. Policy-based conditional access, agent governance, and hybrid visibility suggest a broader market shift toward identity-aware AI control planes. That does not replace IAM or PAM; it extends their logic into AI runtimes, tool access, and machine decision loops. Practitioners should re-evaluate whether their identity programme reaches into AI execution contexts or stops at login.

What this signals

Agentic systems will push identity programmes toward task-scoped access models. The next governance gap is not just whether a tool is allowed to exist, but whether its runtime actions can be bounded tightly enough to survive audit and incident review. That is where NHI control patterns, not generic AI enthusiasm, become operationally relevant. Teams that already struggle with NHIs will find AI agents harder to govern unless they formalise ownership, scoping, and revocation.

Shadow AI is a control problem before it is a detection problem. Discovering more AI usage will increase pressure on security teams to decide what is permitted, what is monitored, and what is blocked. The organisations that can translate discovery into policy enforcement will be better positioned to manage data leakage, code exposure, and delegated access risk. That is especially true where AI tools intersect with secrets, code, and customer data.

The broader signal is that AI security platforms are starting to absorb identity-like functions, from conditional access to delegated workflow control. Practitioners should expect more overlap between IAM, PAM, and AI governance roadmaps, especially where autonomous actions touch regulated data or production systems. The programme question is now how far identity controls extend into machine decision loops.


For practitioners

  • Define policy for shadow AI usage Classify approved and unapproved GenAI use by data sensitivity, then enforce controls for prompt redaction, upload blocking, and usage logging across employee and developer workflows.
  • Scope every agent like a privileged workload Treat agentic AI systems as governed identities with explicit tool scopes, approval boundaries, and revocation rules before they are allowed to touch enterprise data or operations.
  • Place guardrails around AI code assistants Block secrets, PII, and IP from flowing into coding tools, and require automated checks that stop insecure or malicious AI-generated code before it reaches production.
  • Control the telemetry pipeline as a security boundary Set rules for what data is ingested, enriched, routed, and retained before it reaches SIEM or automation layers, especially where sensitive or regulated data is involved.
  • Extend conditional access into AI and hybrid environments Apply policy-based conditional access to the systems where AI tools, human users, and service accounts intersect, so access can be adjusted as context changes.

Key takeaways

  • AI security is moving into identity territory because agents, tools, and workflows now need governed access, not just content filters.
  • The article’s strongest signal is that visibility without enforcement leaves shadow AI, code assistants, and agentic workflows outside meaningful control.
  • Practitioners should extend lifecycle, approval, and revocation discipline into AI runtimes before delegated access becomes standing risk.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF, NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10NHI-03Agentic AI governance and MCP-connected tool use map to agent identity and access scope risks.
NIST AI RMFGOVERNAI governance is central to controlling autonomous AI behaviour and accountability.
NIST CSF 2.0PR.AC-4Conditional access and privilege boundaries are directly relevant to the controls described.
NIST SP 800-53 Rev 5AC-6Least privilege is needed where AI tools and agents can reach data or production systems.
NIST Zero Trust (SP 800-207)Dynamic, zero-trust environments are explicitly referenced in the conditional access discussion.

Use zero-trust principles to re-evaluate access continuously as context, device, and workload state change.


Key terms

  • Shadow AI: Shadow AI is the use of AI tools, models, or agents that security and governance teams have not approved or cannot fully see. The risk is not just unapproved software, but unreviewed data movement, unmanaged prompts, and hidden access paths that bypass policy controls.
  • Agentic AI: Agentic AI is software that can choose actions, tools, and timing during runtime rather than only generating outputs. In security terms, it becomes a governed actor whose access, delegation, and audit trail must be controlled like a privileged workload, not treated as a simple interface.
  • Model Context Protocol: Model Context Protocol is an open protocol that connects AI agents and models to tools and data sources. It simplifies integration, but it also creates a standard path for delegated access, which makes scope control, logging, and revocation essential for governance.
  • Policy-based Conditional Access: Policy-based conditional access is an access control approach that changes permissions based on context such as user, device, location, posture, or risk. In AI environments, it helps teams bound access dynamically across human users, services, and agents without relying on static entitlements.

What's in the full article

SentinelOne's full post covers the operational detail this post intentionally leaves for the source:

  • Prompt Security configuration details for employee GenAI visibility and redaction controls.
  • Implementation specifics for AI code assistant scanning, including vulnerable code blocking.
  • Product-level workflow examples for agentic investigations, custom rules, and pre-approved actions.
  • Integration detail for AI-ready data pipelines, SIEM routing, and agentic response orchestration.

👉 SentinelOne's full post covers the product roadmap, AI pipeline integration, and identity security details.

Deepen your knowledge

NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance and machine identity security for practitioners building controlled access models. It gives identity and security teams a shared foundation for governing delegated access, lifecycle control, and auditability.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org