By NHI Mgmt Group Editorial TeamPublished 2026-06-23Domain: Governance & RiskSource: Zluri

TL;DR: Enterprises now have identity attack surfaces that extend far beyond what IAM, PAM and IGA tools can see, because shadow SaaS and AI tools are adopted outside IT control and can carry ungoverned access and data paths, according to Zluri. The central issue is not tool weakness but a visibility model built for a slower, centrally managed procurement era.


At a glance

What this is: This analysis argues that the modern identity attack surface is larger than governed IAM, PAM, and IGA scope, because shadow SaaS and AI tools create untracked identities, permissions, and data paths.

Why it matters: It matters because IAM programmes that only govern sanctioned access will miss the highest-risk parts of the identity footprint across human, non-human, and emerging agentic workflows.

By the numbers:

👉 Read Zluri's analysis of the expanding identity attack surface


Context

Identity attack surface is the full set of identities, entitlements, and access paths that exist in an environment, not just the accounts a team has formally provisioned. In practical terms, that means IAM, PAM, and IGA can be strong inside their managed perimeter while remaining blind to the access created through shadow SaaS, self-service tooling, and AI adoption outside IT control.

The article's central claim is that this gap is structural, not accidental. As employees adopt SaaS and AI tools independently, the organization inherits unmanaged credentials, OAuth grants, and application-level entitlements that traditional identity tooling was never designed to discover or govern.

For identity programmes, the problem is broader than missing inventory. It is a mismatch between how fast access is created and how slowly governance cycles usually discover, review, and revoke it. That is why identity attack surface management is becoming a distinct operational discipline rather than a side effect of IAM maturity.


Key questions

Q: How should security teams reduce identity attack surface beyond SSO coverage?

A: Start by discovering all applications and access paths that exist outside the SSO catalogue, then map them to owners, data sensitivity, and offboarding status. SSO visibility is only one slice of identity governance. The control objective is to find unmanaged access before an attacker or audit does, then fold it into routine lifecycle management.

Q: Why do shadow SaaS and AI tools create a bigger identity risk than sanctioned apps?

A: Because they combine ungoverned identity creation with unreviewed permissions, and AI tools can also create persistent data access through OAuth grants. A sanctioned app sits inside a known control boundary; a shadow tool often does not. That means both access revocation and detection can fail unless the tool is discovered first.

Q: What breaks when identity reviews only cover managed applications?

A: Access reviews become incomplete the moment they ignore apps, accounts, or grants created outside IT workflows. The programme may certify the directory while missing actual permissions in downstream systems. That creates false assurance, because the control is validating only the visible part of the identity estate.

Q: How do organisations govern identity attack surface as a programme, not a one-off project?

A: Assign ownership for discovery, entitlement review, and offboarding across sanctioned and unsanctioned applications, then measure coverage continuously. The goal is to manage the full identity footprint, including shadow SaaS, shadow AI, and orphaned access, rather than treating each discovery as an isolated cleanup exercise.


Technical breakdown

Why IAM visibility stops at the managed perimeter

IAM systems govern the identities and applications that flow through SSO, provisioning, and lifecycle workflows. That design works when procurement, onboarding, and authentication are centrally controlled. It breaks when employees adopt applications directly with a corporate email, because the identity still exists and can still be abused even if it never enters the IAM catalogue. The technical issue is scope, not algorithmic weakness: authentication, entitlement tracking, and deprovisioning only operate on what is connected. Everything outside that boundary becomes an unmanaged access path that security tools may not monitor.

Practical implication: teams need discovery methods that find access before governance can control it.

How shadow SaaS and AI sprawl expand identity risk

Shadow SaaS adds unmanaged user accounts and permissions. Shadow AI adds something more dangerous: ungoverned access plus ungoverned data exposure. When users connect AI tools to email, documents, or storage through OAuth, they create persistent grants that can survive long after active use stops. Those grants often sit outside SSO, IGA, and CASB coverage, which means the security team can lose both control and observability at the same time. The result is a parallel identity layer with its own credentials, entitlements, and offboarding gaps.

Practical implication: inventory connected AI tools separately from approved SaaS and treat OAuth grants as first-class access.

Why entitlement depth matters more than application counts

Knowing how many applications exist is only the first layer of visibility. The real attack surface is inside each application's entitlements, including admin rights, delegated permissions, inherited roles, and stale access from previous job changes. A user can appear compliant at the directory level while carrying excessive rights inside several downstream systems. This is why application-level entitlement visibility matters: it exposes permission bloat, orphaned access, and non-revoked access paths that aggregate into exploitable exposure across the enterprise.

Practical implication: review application-level entitlements, not just directory membership or SSO coverage.


NHI Mgmt Group analysis

Identity attack surface is a discovery problem before it is a governance problem. IAM, PAM, and IGA all assume the organisation knows which identities and applications are in scope. That assumption fails when employees self-provision SaaS or connect AI tools outside IT oversight. The implication is that visibility must precede governance, because controls cannot manage what they never discover.

Shadow AI turns access sprawl into data-sprawl risk. A shadow SaaS app creates ungoverned access, but a shadow AI tool can also create a durable data egress path through OAuth and API grants. That widens the blast radius beyond identity hygiene and into information governance, which is why identity and data teams can no longer treat the problem as separate. Practitioners should treat AI adoption as an access pathway review, not just a productivity trend.

Entitlement depth is the new boundary of identity governance. The article is right to push past app counts, because over-privilege usually hides inside the application, not the directory. This is where access reviews become meaningful or ceremonial: if the review does not reach delegated rights, stale admin access, and app-specific permissions, the programme is only certifying the visible subset. Security leaders should measure control against real entitlement depth, not inventory size.

Identity attack surface management is becoming a distinct operating model. The category shift matters because traditional IAM programmes optimise for managed onboarding and routine certification, while the modern enterprise needs continuous discovery, cross-system correlation, and offboarding of assets that were never formally introduced. That is a governance redesign, not a tooling patch. The practical conclusion is that identity teams must own discovery as a standing control domain.

Visibility before intelligence is the correct sequence. Behavioural analytics and risk scoring only work on the data they can see. When the governed perimeter is incomplete, intelligence can produce precise answers about an incomplete environment, which is worse than acknowledged ignorance. The discipline shift is to map the full identity surface first, then apply policy, analytics, and remediation.

From our research:

  • Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to NHI Mgmt Group research.
  • That is why the Top 10 NHI Issues resource is a useful next step for teams trying to close unmanaged identity exposure.

What this signals

Identity attack surface management will become a board-relevant control domain. As enterprises keep adopting SaaS and AI outside formal IT routes, the practical question shifts from whether access exists to how quickly it can be discovered, classified, and removed. Teams that still rely on directory completeness will underestimate both risk and workload.

Shadow AI needs its own governance lane. It is not enough to fold these tools into generic SaaS oversight, because AI introduces long-lived data pathways alongside access sprawl. Practitioners should expect policy, DLP, and identity teams to coordinate around connected apps, not just user accounts, and to do so before the next wave of unmanaged adoption expands the footprint further.

With 96% of organisations storing secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, per the Ultimate Guide to NHIs, the broader lesson is clear: visibility gaps are now a structural identity risk, not an edge case.


For practitioners

  • Map identity scope beyond SSO coverage Inventory SaaS, AI, and collaboration tools that employees can adopt without IT approval, then reconcile them against directory, IAM, and IGA records. Use browser telemetry, finance data, and direct API discovery where appropriate to identify apps that never entered formal onboarding.
  • Treat OAuth grants as revocable access paths Build a process to enumerate AI and SaaS OAuth connections, classify the data they can reach, and revoke dormant grants when the business need no longer exists. Include these grants in offboarding so access does not survive the user relationship.
  • Review entitlements inside applications, not just accounts Focus access reviews on delegated permissions, admin roles, and stale entitlements within the application itself. A clean directory record does not mean the app-level permission set is acceptable, especially where informal sharing or role drift has accumulated.
  • Separate shadow AI from general SaaS governance Create a distinct inventory for AI tools because they combine account risk with data exposure risk. Prioritise tools connected to email, document stores, or source code repositories, since those integrations can create persistent access and data pathways outside standard controls.

Key takeaways

  • IAM, PAM, and IGA can only govern the access they can see, which leaves shadow SaaS and AI as persistent blind spots.
  • The scale of the issue is driven by untracked identities, unreviewed entitlements, and OAuth-based data access that survive normal lifecycle controls.
  • Identity teams need continuous discovery and application-level entitlement review if they want their governance model to match real enterprise exposure.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-01Unmanaged service and app credentials widen the identity attack surface.
NIST CSF 2.0ID.AM-1Asset management is central when applications exist outside formal IAM scope.
NIST Zero Trust (SP 800-207)PR.AC-1Zero Trust requires accurate identity and access discovery across the environment.

Inventory non-human and shadow identities continuously, then bind them to owners and lifecycle controls.


Key terms

  • Identity attack surface: The total set of identities, permissions, access paths, and connected applications that exist in an environment. In identity security, it includes managed and unmanaged access alike, so the relevant measure is not catalogue size but the amount of real, reachable exposure.
  • Shadow SaaS: Software adopted by employees outside formal IT procurement or security review. These applications often sit outside SSO and IGA coverage, which means their accounts, entitlements, and offboarding status may never be fully governed even though they remain active in the business.
  • Shadow AI: AI tools or services used by staff without central approval or visibility. These tools can create both identity risk and data exposure risk when users connect email, documents, source code, or internal systems through tokens or OAuth grants that outlive the original need.
  • Application-level entitlement: The permissions a user, account, or token holds inside a specific application, beyond simple logon access. This is where hidden risk often lives, because directory membership may look correct while admin rights, delegated access, or stale roles remain in force.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

  • How its discovery model identifies shadow SaaS and AI tools that never entered SSO or IGA scope
  • The mechanics of mapping unmanaged applications to user accounts, entitlements, and offboarding gaps
  • The layered identity security architecture described for closing visibility gaps across the full attack surface
  • The article's treatment of why visibility is the prerequisite for identity intelligence and remediation

👉 Zluri's full article breaks down the visibility gap across SaaS sprawl, AI sprawl, and layered identity controls.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or lifecycle governance, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-06-23.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org