Hybrid identities expose the seam between AI and IAM controls

At a glance

What this is: This is an independent analysis of hybrid identities, where AI agents inherit delegated human authority and create a governance gap between IAM and AI security.

Why it matters: It matters because IAM, NHI, and security operations teams need one behavioural model for human and machine activity when the same over-permissioned identity can be abused in either form.

By the numbers:

• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

👉 Read Abnormal AI's analysis of hybrid identity risk and behavioural baselining

Context

Security teams built IAM around a simple assumption: a person has an identity, a machine has a different kind of access, and the two can be governed separately. That model breaks when AI agents hold credentials, inherit delegated authority, and act in ways that look like normal user behaviour until they do not. The primary keyword here is hybrid identity, and it describes the seam where human identity governance and machine identity control overlap.

The practical problem is not only authentication or authorisation. It is ownership. When an AI agent operates under a human's delegated authority, the identity team may see an account while the AI team sees an application. That split leaves a gap in monitoring, lifecycle control, and incident response, especially when the same over-permissioned identity can be abused by either a phished employee or a hijacked agent.

Key questions

Q: How should security teams govern AI agents that act with delegated human authority?

A: They should treat delegated AI agents as hybrid identities and govern the full path from human intent to machine execution. That means assigning clear ownership, tracking the underlying credentials or tokens, and monitoring behaviour for deviation. The goal is not separate oversight for each team, but one control view over the shared identity boundary.

Q: Why do hybrid identities create blind spots in existing IAM programmes?

A: Hybrid identities sit between IAM and AI security ownership models, so each team may assume the other is watching the same actor. That split can hide credential use, privilege drift, and abnormal runtime behaviour. Programmes need a single view of delegated authority, not two partial views that stop at the seam.

Q: What do security teams get wrong about detecting abuse in AI-enabled environments?

A: They often try to separate human compromise from machine compromise, even when the attack shape is the same. A phished employee and a hijacked agent can both appear as over-permissioned identities behaving abnormally. Behavioural baselining per identity is the stronger signal because it detects deviation regardless of actor type.

Q: How can organisations tell whether identity and AI security controls are aligned?

A: Look for a control owner that can see the credential, the delegated authority, and the runtime behaviour in one place. If identity logs live with one team and AI activity lives with another, the programme is still split. Alignment exists when a single review process can trace one identity from issuance to abnormal use.

Technical breakdown

Why hybrid identity breaks the human and machine split

Hybrid identity emerges when an AI application or agent inherits credentials or delegated authority that were originally designed for a human workflow. In practice, the agent is not just a tool consumer. It can trigger actions, access data, and persist permissions across workflows while appearing to sit outside traditional IAM ownership. That creates a governance seam because identity platforms, AI security tools, and operations teams often monitor different control planes. The result is not a missing login event. It is a shared identity boundary with no single control owner.

Practical implication: establish explicit ownership for any identity that can be used by both a human and an AI-driven workflow.

Behavioral baselining as the common detection signal

The article's core technical claim is that behaviour, not identity label, is the most reliable way to detect abuse across humans and agents. Baselining means learning the normal action pattern for each identity, then flagging deviations in timing, destination, data access, or tool use. This is especially useful when the same credentials may be exercised by different actors over time. A phished employee and a hijacked agent can both look like legitimate identity activity at first, so static rules are weak. Behavioural drift becomes the shared signal.

Practical implication: tune detection around identity-specific behaviour patterns rather than separate rule sets for human and machine accounts.

Why separate AI security and identity products leave a blind spot

The article argues that splitting identity security and AI security into separate product categories can leave the hybrid identity unmonitored. That is a control architecture problem, not just a tooling problem. If one team governs human access and another watches model behaviour, neither may see the full attack path when an agent acts with delegated human authority. The gap appears at the handoff point, where credentials, permissions, and runtime behaviour intersect. In identity terms, that is where over-permission becomes exploitable.

Practical implication: map the handoff between identity governance and AI runtime oversight, then assign a control owner for that seam.

NHI Mgmt Group analysis

Hybrid identity is the governance seam that most programmes are not designed to own. The article is right to frame AI agents with delegated human authority as a distinct exposure, not just another workload. Traditional IAM assumes the subject of governance is stable and human-readable, while AI security assumes the subject is the runtime behaviour of the machine. The hybrid identity sits between those assumptions and inherits the weakest control from each side. Practitioners should treat that seam as a first-class governance domain, not an edge case.

Behavioral baselining is becoming the universal detection model across human and non-human identities. A phished employee and a hijacked agent can produce the same pattern of abnormal access because the abuse signal is not the actor label. It is the deviation from the identity's own normal pattern. That makes behaviour analysis more durable than policy-only controls when identities move across contexts. Practitioners should expect anomaly detection to become the connective tissue between IAM, NHI governance, and AI security.

The shared assumption that identity ownership maps cleanly to team boundaries is breaking. Human identity teams may own accounts, while AI teams own applications, but hybrid identities blur that split. The result is accountability without visibility or visibility without authority. That is a structural operating model problem, not a product gap. Practitioners should redesign ownership so one control domain can see the entire delegated identity lifecycle.

Identity and AI security are converging around the same failure mode: over-permissioned access behaving abnormally. That framing matters because it shifts the discussion away from tool taxonomy and toward exposure shape. Whether the actor has a pulse or not, excessive privilege expands the blast radius once behaviour turns hostile or compromised. The field needs shared language for that risk shape, and hybrid identity is the right concept. Practitioners should use it to align IAM, SOC, and AI governance teams.

Named concept: hybrid identity gap. This is the control gap created when delegated human authority is exercised by AI agents but governed as if it still belonged cleanly to one team or one identity class. The gap is not a missing product feature. It is an ownership failure that leaves the most important exposure path partially unseen. Practitioners should measure whether any identity can cross that seam without a clear control owner.

From our research:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
• Only 5.7% of organisations have full visibility into their service accounts, which means most teams cannot reliably trace machine identity ownership or privilege drift.
• That visibility gap is why practitioners should also review 52 NHI Breaches Analysis for the recurring failure patterns behind abuse and exposure.

What this signals

Hybrid identity will force IAM and AI governance teams to converge on the same operating model. The organisations that keep human identity, machine identity, and AI runtime oversight in separate silos will continue to miss the handoff where delegated authority becomes exposure. Behavioural baselining is emerging as the shared control language, because it works across both populations without requiring the actor to fit a neat category.

Over-permission remains the amplifier, even when the actor changes form. Our research shows that 97% of NHIs carry excessive privileges, which means the hybrid identity problem is less about novelty and more about old governance failures wearing a new interface. Practitioners should expect privilege scope, ownership, and revocation paths to become the most scrutinised parts of AI-enabled identity programmes.

Hybrid identity gap: the operational blind spot created when delegated human authority is exercised by an AI agent but monitored as if it belonged to only one team. Closing that gap will require one lifecycle model for issuance, review, and revocation across human and machine identities, with behaviour as the common detection layer.

For practitioners

• Map hybrid identities explicitly Inventory every AI application or agent that can act with delegated human authority, then record which human account, service account, token, or workflow it depends on. Flag any identity path that crosses IAM and AI security ownership boundaries because those are the seams most likely to go unmonitored.
• Baseline behaviour per identity class Build behavioural profiles for both human and machine identities, then compare action sequence, timing, destination, and data access against those baselines. Use the same detection logic for a phished employee and a hijacked agent so the control signal stays consistent across identity types.
• Assign one owner to the delegated authority path Treat every delegated authority chain as a governed asset, not just a permission. Make one team accountable for the full path from human intent to machine execution so lifecycle decisions, alert triage, and revocation do not split across silos.
• Review over-permissioned identities first Prioritise accounts and agents that can reach sensitive systems but are not tightly constrained by task scope. Those identities create the largest blast radius when their behaviour changes, and they are the most likely place for the hybrid identity gap to hide.

Key takeaways

• Hybrid identities break the old assumption that human and machine access can be governed in separate lanes.
• Behavioural baselining is the most defensible common signal when phished employees and hijacked agents can look operationally similar.
• The governance priority is ownership of the delegation seam, because that is where the highest-value exposure is hiding.

Key terms

• Hybrid Identity: An identity that spans human and machine use, usually when an AI agent acts with delegated human authority. It is not a separate authentication type. It is a governance problem created when ownership, monitoring, and revocation do not follow the full delegated access path.
• Behavioral Baselining: The process of learning what normal activity looks like for a specific identity and then flagging deviations. In hybrid environments, the baseline must cover both human and machine behaviour, because the useful signal is the identity's pattern, not whether the actor is a person.
• Delegated Authority: Access granted to one identity so it can act on behalf of another, often through credentials, tokens, or workflow permissions. When delegated authority is used by AI agents, governance must track both the original human intent and the runtime execution path.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an identity security programme, it is worth exploring.

This post draws on content published by Abnormal AI: Key Insights on AI agents, delegated authority, and the hybrid identity gap. Read the original.