AI workforce governance is collapsing human and machine silos

At a glance

What this is: The post argues that AI agents and shadow AI are creating a governance gap because identity controls built for human users do not fit machine-speed, permission-aware behaviour.

Why it matters: IAM teams need to treat AI agents, machine accounts, and human identities as one governance problem because siloed controls miss inbound access, data context, and blast-radius risk.

By the numbers:

• AI agents and shadow AI are driving 144:1 non-human-to-human identity ratios in enterprise environments.
• Only 5.7% of organisations have full visibility into their service accounts.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

👉 Read SailPoint's analysis of securing the AI workforce and shadow AI

Context

AI workforce governance is the discipline of controlling identities, access, and data use for humans, machine accounts, and AI agents as one system. The gap in this post is not the presence of AI itself, but the assumption that traditional identity review cycles can keep pace with agents that discover, combine, and exercise permissions at runtime.

That matters because the article describes a world where employees adopt unsanctioned AI tools, developers build ungoverned agents, and inbound access creates new pathways into internal resources. In practice, identity security teams are now being asked to govern not only who can act, but which tools can act, what data they can reach, and who can benefit from their permissions.

Key questions

Q: How should security teams implement governance for AI agents that can be used by humans and other systems?

A: Treat the agent as a shared access surface, not a standalone workload. Security teams should map inbound access, inherited permissions, and data context together so they can see who can reach the agent and what that reach unlocks. Without that view, certification proves little more than existence.

Q: Why do AI agents make over-provisioning more dangerous than with human users?

A: Because agents can inspect entitlements and act on them at machine speed without the human hesitation that often limits real-world misuse. Excess permissions therefore become executable risk, not just unused privilege. The larger the entitlement set, the larger the potential blast radius when the agent chooses to use it.

Q: What do organisations get wrong about shadow AI governance?

A: They often try to block unsanctioned tools at the network layer without changing employee behaviour or providing an approved alternative. That pushes use to personal devices and leaves the enterprise blind. Discovery and policy-guided redirection are more useful than simple denial if the goal is control rather than displacement.

Q: How do security teams respond when an AI agent needs to be contained quickly?

A: Containment should include pausing the agent and removing the access it can exercise, not just turning off execution. If permissions remain active, the investigation is still exposed to the same risk. A practical response plan needs quarantine, deprovisioning, and an investigation path that preserves evidence.

Technical breakdown

Why inbound access changes agent identity governance

Inbound access means an AI agent is not just a subject of access control, it is also a resource other identities can use. That breaks the usual one-way model where an identity requests access and then performs a bounded task. If humans, service accounts, or other agents can reach the agent and inherit its permissions indirectly, the governance problem becomes relational rather than isolated. The control plane must understand both the agent's entitlements and the identities that can invoke them. In mixed environments, this is where inherited privilege and unintended lateral exposure begin to merge.

Practical implication: Model AI agents as shared access surfaces, not standalone subjects.

Why over-provisioning becomes more dangerous with AI agents

The article describes agents as capable of seeing all entitlements and systematically trying whatever they think may help achieve the goal. That means privilege sprawl is not merely wasted access, it is executable risk. Human users often ignore unused entitlements; agents do not have that behavioral brake. The technical issue is not just excessive permissions, but the combination of discoverability, runtime reasoning, and low friction execution. In identity terms, the effective blast radius of a broad entitlement set expands because the actor can operationalise the full set without hesitation.

Practical implication: Reduce entitlement breadth before agents are allowed to reason over it.

Why a unified control plane matters for AI, machine, and human identities

A unified control plane is an architecture choice that lets governance, audit, data context, and response operate across identity types instead of in separate stacks. The article's core point is that a human's access and an agent's access cannot be evaluated independently when they interact with the same resources. If data context is missing from certification, the programme only proves that an identity exists, not that its access is safe for the task. Unified governance is therefore less about consolidation for convenience and more about preserving context across the delegation chain.

Practical implication: Connect identity, data, and response workflows so review decisions are context-aware.

Threat narrative

Attacker objective: The attacker objective is to exploit ungoverned AI access paths to reach sensitive data or internal resources with excessive privilege.

1. Entry occurs when employees adopt unsanctioned AI tools or developers create internally governed agents without full review.
2. Escalation follows when agents discover their entitlements, probe available permissions, and inherit access through inbound use paths.
3. Impact emerges as the agent reaches data it should not have touched, increasing leakage risk and broadening blast radius across humans and machines.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI workforce governance is now an identity architecture problem, not an AI policy problem. The article shows that AI tools, machine accounts, and human users are converging on the same resource set, which makes separate controls brittle. When one identity type can inherit the permissions of another, governance decisions must be made on the delegation chain, not on the label of the actor. Practitioners should treat unified identity governance as the baseline rather than an integration goal.

Inbound access is the named concept security teams should sharpen. Inbound access is the condition where other identities can use an agent's permissions, either directly or through delegated paths. That means the agent is both an identity and an access surface, which invalidates point solutions that only look at the agent in isolation. The implication is that review, logging, and data context must be evaluated across who can reach the agent and what they inherit when they do.

Least privilege at provisioning time is too static for AI agents. That assumption was designed for systems whose useful access could be predicted before execution. It fails when the actor can discover entitlements, reason over them, and choose which ones to exercise during the task. The implication is that identity governance must stop assuming that pre-approval fully describes runtime access behaviour.

Shadow AI turns visibility into a first-order control, not a nice-to-have discovery step. The article makes clear that organisations cannot govern what they cannot see, and AI adoption is often happening faster than formal review boards can respond. Once unknown AI becomes known, governance can begin, but the programme still needs policy enforcement that blocks high-risk behaviours such as file upload or unapproved tool use. Practitioners should view discovery as the start of governance, not the end state.

Blast radius is the right security metric for multi-agent architectures. Smaller scoped agents are presented as more predictable than one super-agent, but the governance lesson is deeper than architecture preference. Scoped design matters because AI systems that can act at speed also compound mistakes at speed, so the real question is how far unintended action can spread before containment. Security teams should measure whether agent decomposition is actually reducing cross-resource exposure.

From our research:

• Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
• From our research: 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time, according to Ultimate Guide to NHIs.
• From our research: Read NHI Lifecycle Management Guide for lifecycle and revocation practices that complement visibility work.

What this signals

Inbound access is becoming the deciding control point for AI workforce programmes. Once humans, machines, and agents can all reach the same permissions boundary, the old distinction between user governance and workload governance loses practical value. Teams that keep identity, data, and response in separate operating models will continue to miss how access is actually being exercised.

With 96% of organisations storing secrets outside secrets managers in vulnerable locations, the surrounding ecosystem is already fragile enough that AI adoption magnifies existing exposure rather than creating a clean new problem. The next planning cycle should assume that AI governance will fail where visibility, revocation, and behaviour control are still manual.

The organisations that move fastest will not be the ones that approve the most AI use, but the ones that can prove which agents exist, what they can reach, and how quickly they can be shut down if behaviour changes. That is a governance maturity signal, not a tooling metric.

For practitioners

• Map inbound access paths for every AI agent Document which humans, service accounts, APIs, and other agents can invoke each agent and inherit or influence its permissions.
• Reduce entitlement sets before production use Remove unused permissions from agents and machine accounts before allowing them to reason over tools or data at runtime.
• Add data context to access certification Require reviewers to see what data an identity can reach, not just that the entitlement exists, before approving access.
• Build a unified response playbook for AI and machine identities Define quarantine, pause, and deprovision steps that cut off both the agent and the permissions it can exercise.
• Establish governance for shadow AI discovery Continuously identify unsanctioned tools and move them into approved workflows or block risky behaviour such as file uploads.

Key takeaways

• AI workforce governance fails when identity is treated as a human-only problem and AI agents are left outside the control plane.
• The scale of the risk is already visible in NHI sprawl, low service-account visibility, and the persistence of exposed secrets across enterprise environments.
• Security teams should focus on inbound access, data context, and rapid containment so AI adoption can move forward without expanding blast radius unchecked.

Key terms

• AI Workforce: The AI workforce is the set of agents, machine accounts, and related automated identities used to perform business tasks. In identity governance, it must be managed as part of the same control plane as human users because its permissions, data access, and response needs create shared risk.
• Inbound Access: Inbound access is the ability of humans, machines, or other agents to use an agent's permissions and resources. It matters because governance cannot stop at the agent itself. Practitioners must understand who can invoke the agent and what privilege those invocation paths inherit.
• Shadow AI: Shadow AI is AI use that exists inside the organisation without formal approval, inventory, or governance. It includes unsanctioned tools and unmanaged agents that can expose data or bypass policy. The control problem is visibility first, then enforcement, then behavioural redirection.
• Unified Control Plane: A unified control plane is an identity architecture where discovery, access governance, audit, and response operate across humans, machines, and AI agents together. It reduces blind spots caused by siloed tooling and gives security teams context for decisions about permissions, data, and containment.

Deepen your knowledge

AI workforce governance and identity-centric AI controls are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building a programme around agents, machine accounts, and shadow AI, it is worth exploring.

This post draws on content published by SailPoint: A day in the life with AI-powered identity security, securing your AI workforce. Read the original.