Credential sprawl is now an AI governance problem, not just a password one

At a glance

What this is: This is an analysis of how AI is widening credential sprawl across human and non-human identities, with the key finding that unmanaged credentials now create governance, compliance, and incident-response risk at ecosystem scale.

Why it matters: It matters because IAM, IGA, PAM, and NHI programmes now have to govern credentials used by people, service accounts, and AI agents in the same operational model, or security controls will keep missing the real exposure surface.

By the numbers:

• 97% of AI-related security breaches involved AI that didn’t have proper access controls.
• 70% of secrets that were leaked in 2022 were still valid in 2025.
• 50% of CISOs who’ve experienced a material breach in the last three years identified compromised credentials as a root cause.

👉 Read 1Password's analysis of credential sprawl and AI access risk

Context

Credential sprawl is the accumulation of passwords, API keys, tokens, certificates, passkeys, and service accounts across systems where no one can consistently see, govern, or retire them. In practice, that means the identity programme loses track of where credentials live, who can use them, and whether they still belong in the environment.

The article argues that AI-based tools and agents make this worse because they multiply the number of places credentials are stored and used, while existing SSO and PAM patterns do not fully cover runtime access, shadow AI, or software identities. For IAM practitioners, the issue is no longer only secret storage. It is end-to-end credential governance across human identity, NHI, and AI-enabled workflows, which maps directly to the NHI Lifecycle Management Guide and the challenge set in the Top 10 NHI Issues.

Key questions

Q: How should security teams handle credential sprawl across humans, NHIs, and AI workflows?

A: Treat credential sprawl as a lifecycle and visibility problem, not just a storage problem. Security teams should inventory every credential-bearing system, assign ownership, and define how secrets are provisioned, used, monitored, rotated, and removed across human users, service accounts, and AI-assisted workflows. The goal is to eliminate unowned secrets and prove control over each access path.

Q: Why does credential sprawl increase breach impact so quickly?

A: Credential sprawl increases breach impact because one exposed secret can open multiple systems, and the same credential is often reused or left valid for too long. That creates a larger blast radius, slows containment, and makes remediation harder when credentials are duplicated across environments. Attackers benefit from persistence as much as from initial exposure.

Q: What breaks when AI tools can store and reuse credentials outside approved channels?

A: What breaks is accountability. Once an AI tool can store or reuse credentials outside approved channels, the organisation loses reliable ownership, evidence of use, and confidence that access will be removed when it should be. That undermines compliance, incident response, and least-privilege enforcement at the same time.

Q: Who is accountable when unmanaged credentials cause a compliance failure?

A: The organisation remains accountable, even if the credential is used by an AI agent, a contractor, or a third-party workflow. Standards expect proof that access is provisioned and removed correctly, and that regulated data and workflows are protected throughout their lifecycle. Accountability does not disappear because the identity is non-human.

Technical breakdown

Why credential sprawl becomes an identity control failure

Credential sprawl is not just too many secrets in too many places. It is a control failure where identity evidence, privilege scope, and lifecycle ownership drift apart. A credential that exists outside admin oversight cannot be reliably recertified, rotated, or revoked, so the programme loses the ability to prove who or what can act on behalf of the business. In NHI terms, the problem is larger than storage. It includes duplicated credentials, reused secrets, and opaque inheritance through scripts, code, chat tools, and environments that standard access governance never fully sees.

Practical implication: map every credential type to an owner, lifecycle event, and review path before it becomes an ungoverned access path.

Why AI agents and shadow AI change the credential model

AI agents change the credential model because they can consume secrets inside runtime workflows, not just at login. That means access is no longer a static entitlement attached to a person or service account. It becomes a moving dependency inside prompts, connectors, coding tools, and local agents. Shadow AI makes the problem worse because unmanaged tools can store or request credentials outside approved channels. The result is a wider attack surface and less reliable accountability, especially when broad-permission tokens or shared logins are reused across multiple systems.

Practical implication: discover where AI tools touch credentials and remove unmanaged secret paths from development and operational workflows.

How wall-to-wall credential governance differs from point controls

Wall-to-wall governance means the control model covers every person, agent, secret, and workflow instead of protecting only the obvious entry points. Point controls like vaulting or SSO help, but they do not close the gap if credentials are copied into spreadsheets, code, chat, or local automation. The architectural issue is persistence. If a secret can be duplicated, reused, or left valid after the original purpose has ended, then the programme has not governed the credential, only the container it was first stored in. That is why credential management has to span provisioning, runtime use, monitoring, and offboarding.

Practical implication: extend governance from vault placement to runtime use, exposure detection, and revocation across the full credential lifecycle.

Threat narrative

Attacker objective: The objective is to turn one unmanaged credential into broad, persistent access that is difficult to detect, revoke, or contain.

1. Entry begins when a leaked, reused, or poorly stored credential is exposed in code, chat, or another shared system.
2. Escalation follows when the credential is valid across multiple environments or grants broad access, allowing an attacker or rogue workflow to move beyond the original intended scope.
3. Impact occurs when that standing access is used for data theft, environment compromise, or slow breach remediation across duplicated systems.

Breaches seen in the wild

• Sisense breach — unauthorized GitLab access led to exfiltration of access tokens, API keys and certificates.
• IOS app secrets leakage report — iOS apps leaking hardcoded secrets and credentials endangering user privacy.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Credential sprawl is now an identity governance failure, not a hygiene problem. Once credentials are spread across code, chat, spreadsheets, and AI workflows, the programme can no longer prove ownership, recertify access, or retire stale privilege with confidence. That shifts the issue from secret storage to identity lifecycle control across human and non-human actors. The practical conclusion is that governance has to extend to every credential-bearing workflow, not just the obvious vault boundary.

The control model built for human sign-in does not fully cover machine and AI runtime access. The article is right to treat SSO and PAM as incomplete here because many credentials are used after authentication, inside scripts, agents, and integrated tools. That means access decisions happen in places where traditional human IAM telemetry is weak or absent. Practitioners should treat runtime credential use as a distinct governance surface, not a post-login afterthought.

Wall-to-wall credential governance is the right named concept for this problem. The article’s central operational lesson is that partial coverage creates a false sense of control, because one unmanaged secret can re-open the whole environment. This aligns with OWASP-NHI and NIST CSF thinking about visibility, protection, and recovery, but the field needs a sharper phrase for the enterprise pattern: if any person, agent, secret, or workflow sits outside control, the identity surface is incomplete. The implication is to measure coverage by surface completeness, not tool deployment.

AI adoption is amplifying the consequences of old NHI mistakes. Broad tokens, shared logins, duplicated secrets, and slow offboarding were already failure modes in NHI governance; AI simply makes them more persistent and harder to see. The governance question is no longer whether these credentials exist, but how many systems inherit their risk when AI systems can store, copy, and reuse them at scale. Practitioners should reframe AI credential governance as an identity propagation problem.

Compliance pressure is moving from policy statements to proof of control. The article correctly notes that standards expect organisations to show due diligence, not merely claim it. In practice, that means audit trails for credential changes, revocation when access is no longer required, and evidence that AI-linked workflows are governed with the same discipline as human access. The implication is simple: if the environment cannot produce that evidence, the programme is not ready for scrutiny.

From our research:

• 70% of secrets that were leaked in 2022 were still valid in 2025, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
• In the same research set, 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, which shows how widespread this control failure has become.
• That same body of research is a useful starting point for readers who want to connect secret exposure to broader lifecycle governance, including the NHI Lifecycle Management Guide.

What this signals

Credential governance is becoming a completeness problem. The next phase of NHI and AI security will be judged less by whether a vault exists and more by whether every credential path is visible, owned, and removable. A programme that cannot account for secrets in code, chat, and AI tooling is already operating with blind spots.

With 72% of organisations experiencing or suspecting an NHI breach in our reference research, the market signal is clear: unmanaged credentials are no longer a niche operational issue. Teams should expect audit pressure to shift toward evidence of lifecycle control, not just policy statements.

Wall-to-wall credential governance: this is the operational model where every person, secret, workflow, and software identity is covered by the same ownership, monitoring, and retirement discipline. The implication for practitioners is that identity boundaries must expand to include AI-assisted development and runtime access, or the control model will keep lagging the environment.

For practitioners

• Inventory every credential-bearing path Map passwords, API keys, tokens, certificates, passkeys, service accounts, and AI-linked secrets to owners and systems of record. Include chat tools, code repositories, spreadsheets, and local developer environments so the inventory reflects where credentials are actually used, not just where they are supposed to live.
• Separate runtime secret use from static storage Treat vault storage as only one control layer. Define where secrets are injected at runtime, which workflows can request them, and how those requests are logged and approved across human, service account, and AI-assisted workflows.
• Remove duplicate and long-lived credentials Prioritise rotation and revocation for secrets that appear in multiple environments or remain valid after their original purpose ends. Focus on broad-permission tokens, shared logins, and exposed credentials that can be reused across systems.
• Build evidence for compliance and incident response Create audit-ready records for credential provisioning, removal, and compromise response. If the team cannot show when access was granted, how it was used, and when it was removed, the control is not operationally complete.

Key takeaways

• Credential sprawl is now a cross-domain identity problem that spans humans, non-human identities, and AI-enabled workflows.
• The evidence points to a persistence problem as much as an exposure problem, with leaked secrets often remaining valid long after discovery.
• Practitioners need wall-to-wall governance, because partial coverage leaves unmanaged credentials able to widen blast radius and break compliance proof.

Key terms

• Credential Sprawl: Credential sprawl is the uncontrolled spread of passwords, API keys, tokens, certificates, and related access material across systems and workflows. The risk is not only volume but also invisibility, because credentials that cannot be tracked cannot be governed, rotated, or reliably removed when they are no longer needed.
• Wall-to-Wall Credential Governance: Wall-to-wall credential governance is an operating model that covers every person, secret, workflow, and software identity rather than only the obvious login path. It requires ownership, monitoring, lifecycle control, and revocation evidence across code, chat, automation, and runtime access points.
• Shadow AI: Shadow AI is the use of AI tools, agents, or local models that are not approved, monitored, or governed by the security programme. In identity terms, the problem is that these tools can store, request, or reuse credentials outside visible control paths, creating unmanaged access and weak accountability.
• Runtime Secret Delivery: Runtime secret delivery is the practice of supplying credentials only when a workflow actually needs them, rather than storing them permanently in a file or environment. Used well, it reduces exposure, but it still depends on strong ownership, logging, and revocation discipline across the full lifecycle.

Deepen your knowledge

Credential sprawl, secrets governance, and AI-linked access control are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are trying to bring runtime credential use and lifecycle governance into one operating model, it is worth exploring.

This post draws on content published by 1Password: Credential sprawl and how AI increases the risks. Read the original.