Identity controls are the missing foundation for measurable ROAI

At a glance

What this is: This is an analysis of why organisations cannot measure Return on AI until identity controls make agent actions traceable, authorised, and countable in production.

Why it matters: It matters because IAM, NHI, and autonomous governance teams need identity infrastructure before they can defend AI value, attribute outcomes, and report credible ROI.

By the numbers:

• Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.

👉 Read Strata Identity's analysis of how identity controls make ROAI measurable

Context

Return on AI depends on whether an organisation can prove that AI-enabled work was authorised, completed, and attributable. Without identity controls, pilot activity stays anecdotal because outputs cannot be trusted as legitimate business outcomes, and finance teams rightly treat the claimed value as unverified.

In practice, that means identity becomes the measurement layer for AI programmes, not just the access layer. Scoped tokens, traceable delegation, and production observability are what let teams move from activity counts to defensible outcomes, which is why AI ROI discussions quickly become IAM discussions.

Key questions

Q: How should security teams measure AI ROI without relying on pilot metrics?

A: Measure only production outcomes that can be tied to an authorised identity, a bounded task, and a verifiable completion record. Pilot metrics usually describe activity, not value. A credible ROAI model counts completed transactions, attributes them to the right workflow, and lets finance, audit, and security agree on the same evidence.

Q: Why do identity controls matter before organisations claim AI productivity gains?

A: Identity controls matter because productivity claims are only credible when the organisation can prove who or what executed the work. Without traceable delegation and scope, reported gains may include duplicated actions, unauthorised completions, or unverified outputs. Identity is the control that turns AI activity into defensible business evidence.

Q: What breaks when AI work cannot be traced back to a delegated identity?

A: What breaks is attribution. The business can still see activity, but it cannot reliably prove legitimacy, ownership, or accountability for the outcome. That makes budget reporting, audit evidence, and operational trust all weaker at once, even if the system appears productive on the surface.

Q: How do you know if AI efficiency claims are actually working?

A: They are working only when the same improvement appears in production logs, identity records, and financial reporting. If the gains exist only in a sandbox or in estimated time savings, they are not yet operational evidence. The test is whether the improvement remains visible when the workflow is scaled and audited.

Technical breakdown

Why identity is the measurement layer for AI ROI

ROAI only works when an organisation can tie an AI action to a legitimate identity, a bounded scope, and a verifiable result. That requires the same basic properties identity teams already use for high-risk machine access: issuance, attribution, logging, and revocation. If an agent can act but cannot be traced back to an authorised principal, its output may be useful, but it is not auditable business value. The measurement problem is therefore an identity problem before it is a finance problem.

Practical implication: teams should treat identity traceability as a prerequisite for any AI use case that claims financial value.

Scoped tokens and delegated actions make outcomes countable

A scoped token limits what an AI system can do, while delegation records who initiated the action and what authority was granted. That combination turns activity into an outcome that can be counted without inflating the numbers with phantom completions or duplicated retries. The useful unit is not a prompt or a model call. It is a completed, authorised transaction with an attributable identity chain behind it. That is the difference between experimentation and measurable production work.

Practical implication: define AI success around completed transactions, not model activity or usage volume.

Observability turns AI efficiency claims into defensible metrics

Efficiency claims are only credible when the organisation can compare before-and-after performance with identity-linked evidence. That means logging agent actions, user initiation, task completion, and exception handling in a way that allows finance, audit, and security to agree on the same record of truth. Without that chain, productivity numbers drift into estimates and post-hoc storytelling. Observability is not just a technical control here. It is the proof mechanism for the board.

Practical implication: instrument production AI flows so every claimed productivity gain can be evidenced and audited.

Threat narrative

Attacker objective: The objective is to exploit untraceable AI activity so outputs are treated as business value even when they cannot be independently verified.

1. Entry begins when a legitimate user or system initiates an AI workflow that has been granted scoped access to tools, data, or action paths.
2. Escalation occurs when the workflow can complete more transactions than the organisation can attribute, making output countable without proving legitimacy.
3. Impact follows when the business treats unverified completions as measurable ROI, which can drive bad budget decisions and mask control failure.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Identity controls are the proof layer that turns AI activity into ROAI. The article is right to push back on pilot-era storytelling, because output counts are not value unless they are tied to authorised identity and traceable completion. Finance teams do not need more AI enthusiasm. They need a defensible chain from initiator to action to outcome, which is exactly where identity governance earns its place in the AI programme.

Scoped delegation is the real control boundary, not model performance. The article treats completed transactions as the unit of value, and that is the correct frame for machine identity governance. If a system can act outside a bounded token scope, the organisation can no longer tell whether the outcome belongs to the business or to uncontrolled automation. The practitioner conclusion is simple: without delegated scope, ROAI becomes accounting theatre.

Observability debt is now a governance problem, not a logging problem. The article’s emphasis on proof, attribution, and auditability exposes a familiar failure mode in NHI programmes: organisations adopt automation before they can prove who or what executed the work. That is not an AI-only issue. It is the same governance gap that appears whenever identity is absent from high-volume machine workflows, and it should be treated as a control design defect.

ROAI creates a cross-domain test for IAM, PAM, and NHI teams. Human-initiated AI work, delegated machine execution, and board-level value claims all meet at the same control question: can the organisation prove legitimate authority for each action? That makes AI ROI a lifecycle and governance issue, not a model-selection issue. Practitioners should expect AI value debates to collapse into identity traceability debates the moment the finance team asks for proof.

Production identity, not sandbox success, is what separates potential from value. Sandboxes are useful for learning, but they do not prove business return because they avoid the real accountability chain. The article’s core message is that measurable AI value only appears when identity controls exist at production scale, with attribution, observability, and revocation all intact. That is the standard practitioners should enforce before claiming ROI.

From our research:

• The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
• Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
• That pattern reinforces why teams should review the Ultimate Guide to NHIs for lifecycle, rotation, and accountability controls.

What this signals

ROAI programmes will increasingly be judged on evidence quality, not ambition. As AI spending rises, identity teams should expect executive scrutiny to focus on whether an organisation can prove that delegated actions were authorised and completed, not whether the use case sounds innovative. In practice, that moves AI governance closer to machine identity management and away from slide-deck value statements.

Identity-linked observability is becoming the control that unlocks budget confidence. With 27 days as the average time to remediate a leaked secret according to The State of Secrets in AppSec, weak secrets hygiene already shows how quickly traceability gaps become operational risk. The same pattern will show up in AI programmes unless teams can prove task scope, ownership, and completion in production.

Production AI value depends on governance patterns that are already familiar in NHI management. Organisations that can count authorised completions, attribute delegation, and evidence revocation will be able to defend their AI investments more convincingly than teams that rely on activity volume. That is why identity programmes should prepare now for board questions that blend security proof with commercial proof.

For practitioners

• Define ROAI around attributable outcomes Use completed, authorised transactions as the unit of value, and reject ROI claims that rely on prompts, model calls, or pilot activity. Tie every reported gain to an identity-linked record of completion so finance and audit can validate the number.
• Bind AI workflows to scoped delegation Issue tokens or delegated permissions that limit each workflow to a specific task, tool set, and authority boundary. If the workflow can expand its own scope without a new authorisation event, the outcome is no longer safely countable.
• Instrument production observability before scale-up Log initiator identity, action path, completion status, and exception handling for every AI-assisted transaction. Build reports that compare pre- and post-deployment performance using the same identity evidence, not estimated productivity.
• Create board-ready evidence packs for AI value claims Prepare a repeatable pack that shows the control boundary, the metric definition, and the audit trail behind each claimed productivity gain. That gives executives a defensible answer when they ask what the organisation is getting back.

Key takeaways

• AI ROI becomes credible only when every claimed outcome is tied to authorised identity and verifiable completion.
• Production observability matters because sandbox success and activity volume do not prove business value.
• Identity teams should treat delegation scope, attribution, and auditability as prerequisites for board-level AI claims.

Key terms

• Return On AI: Return On AI is the measurable business value created by AI work after costs, controls, and execution evidence are accounted for. In practice, it only becomes credible when outputs are tied to authorised identities, traceable actions, and repeatable production outcomes.
• Scoped Token: A scoped token is a credential or authorization artefact that limits an identity to a specific task, resource set, or action boundary. For AI and machine workflows, scope is what keeps execution countable, auditable, and aligned to the intended business outcome.
• Identity-linked Observability: Identity-linked observability is the practice of logging actions in a way that connects every meaningful event to the identity that initiated or executed it. This creates an evidence trail for audit, attribution, and financial reporting, especially in automated and AI-assisted workflows.
• Delegated Execution: Delegated execution is when one identity is granted authority to perform actions on behalf of another, with clear limits on what can be done and how it is recorded. In AI programmes, it is the mechanism that turns automation into accountable work rather than opaque activity.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Strata Identity: Why most companies can’t answer the only question that matters. Read the original.