Shadow AI governance gaps are exposing machine identity risk

At a glance

What this is: This is Delinea’s analysis of shadow AI risk, showing that unsanctioned AI adoption is exposing policy, visibility, and machine identity control gaps.

Why it matters: It matters because the same governance gaps that let shadow AI spread can also weaken NHI, autonomous system, and human IAM programmes if identity control boundaries are not tightened.

By the numbers:

• 44% of organizations with at least some AI usage struggle with business units deploying AI solutions without involving IT and security teams
• 89% have implemented some form of policies or controls to restrict or monitor access to sensitive data by AI tools
• 57% of organizations have an acceptable use policy for AI tools in place
• 61% of organizations claim to have full visibility into all machine identities for the purpose of monitoring for compromise

👉 Read Delinea’s analysis of shadow AI risk and identity control gaps

Context

Shadow AI is unsanctioned AI use that happens outside normal IT and security oversight. In identity terms, the problem is that AI tools and agentic systems are being introduced without the same governance, access control, and audit discipline that enterprises apply to other identities and privileged access paths.

Delinea’s article argues that the gap is now visible in both policy and execution. Organisations may have partial controls, but weak identity governance for AI entities leaves security teams unable to see which models, tools, and users are creating access risk across the environment.

Key questions

Q: How should security teams govern shadow AI without blocking useful adoption?

A: Start by inventorying every AI tool, model, assistant, and API-connected workflow that can touch enterprise data. Then require access approval, logging, and review for each identity path, including the machine identities behind integrations. Useful adoption is possible only when the organisation can see, attribute, and revoke AI access with the same discipline used for other privileged identities.

Q: Why does shadow AI create more than a software approval problem?

A: Because the risk is not only that an unapproved tool is running. The deeper issue is that AI systems can reach sensitive data, call other services, and persist access outside normal identity governance. Once that happens, the problem becomes lifecycle control, entitlement scope, and auditability across machine identities, not just application approval.

Q: What do teams get wrong about machine identity security in AI programmes?

A: They often assume confidence means coverage. Delinea’s article shows that many organisations rely on basic lifecycle processes while still lacking full visibility into machine identities, which means unknown identities can keep working after the team believes they are under control. Real security depends on discovery and revocation evidence, not confidence statements.

Q: Who is accountable when shadow AI exposes data or credentials?

A: Accountability should rest with the business owner of the AI use case, the security team that approves or blocks the access path, and the identity team that governs the machine or user credentials involved. If no one owns discovery, review, and revocation, shadow AI becomes a standing governance gap rather than an isolated incident.

Technical breakdown

Why shadow AI creates an identity governance gap

Shadow AI becomes an identity problem the moment employees, business units, or embedded tools can reach sensitive data without central oversight. The issue is not only unauthorised software use. It is unmanaged access to data, workflows, and credentials by entities that sit outside normal onboarding, review, and offboarding processes. That creates blind spots in audit trails, policy enforcement, and accountability. When AI is allowed to act or interact with production systems, identity governance must cover the tool, the account, and the access path, not just the end user.

Practical implication: map every AI-connected identity path into IAM and governance inventories before it becomes a hidden access channel.

Agentic AI and machine identity controls

Agentic AI raises the stakes because these systems can take actions with greater independence than basic generative tools. That does not make every AI workflow autonomous, but it does increase the chance that access decisions, data retrieval, and tool use happen faster than human review cycles can observe. Machine identity controls therefore need to address entitlement scope, activity logging, and revocation, especially when AI entities are allowed to interact with multiple systems or APIs.

Practical implication: treat AI entities as governed machine identities and require explicit access scope, logging, and revocation paths.

Why machine identity confidence can exceed actual control

Delinea highlights a common mismatch: organisations often say they are confident in machine identity security while still relying on basic lifecycle processes instead of automated controls and full visibility. That pattern matters because machine identities can multiply quickly and persist longer than intended if they are not continuously discovered, monitored, and reviewed. In practice, identity security fails when teams assume they know what machine identities exist, how they are used, and whether they are still needed.

Practical implication: validate machine identity inventory, lifecycle, and monitoring evidence instead of relying on confidence measures.

Threat narrative

Attacker objective: The objective is to use unsanctioned AI access paths to reach data or systems without normal governance, monitoring, or entitlement controls.

1. Entry occurs when business units or employees deploy AI tools without involving IT or security teams, creating an ungoverned access path into enterprise data and workflows.
2. Escalation follows when AI tools or agentic systems are granted access controls, credentials, or data reach without central identity governance, making their activity difficult to audit or constrain.
3. Impact is data exposure, compliance failure, and weakened control over machine identity lifecycles, with shadow AI expanding the attack surface beyond what the organisation can reliably see.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Shadow AI is an identity governance problem before it is an AI problem. The article’s core signal is that unsanctioned AI adoption bypasses the same control layers used to govern human, machine, and privileged access. That means discovery, policy enforcement, and lifecycle control must extend to AI-connected identities, not sit beside them. Practitioners should treat shadow AI as an access governance failure, not a tooling preference.

Machine identity confidence is often out of proportion to actual control. Delinea’s figures show organisations claiming confidence while still relying on basic lifecycle processes and incomplete visibility. That is a classic governance gap: inventory exists in theory, but monitoring and revocation do not match the pace of AI sprawl. The practical conclusion is that confidence is not evidence, and evidence must come from discovery, audit, and revocation outcomes.

Agentic AI changes the risk model because access can be exercised faster than review cycles can respond. Even where systems are not fully autonomous, greater runtime independence reduces the usefulness of static governance assumptions. Existing IAM programmes often assume access is provisioned, then periodically reviewed. When AI entities can act repeatedly and at machine speed, the control problem shifts to continuous scope enforcement and observed behaviour. Practitioners should re-evaluate whether their review cadence matches the speed of AI-driven access.

Identity governance for AI entities is now a category-defining control requirement. The article shows that acceptable use policies alone are not enough, and that access controls, logging, and governance for AI entities are still inconsistently deployed. That combination points to a named concept we can call shadow AI governance debt: the gap between AI adoption and the identity controls needed to supervise it. Practitioners should assume this debt is already accumulating unless AI access paths are explicitly governed.

From our research:

• 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
• That is why practitioners should also review Ultimate Guide to NHIs , Key Challenges and Risks for the governance issues that turn exposure into persistence.

What this signals

Shadow AI governance debt: organisations that allow AI use to grow ahead of identity controls accumulate invisible access paths, audit gaps, and revocation delays. With 96% of organisations storing secrets outside secrets managers in vulnerable locations including code, config files, and CI/CD tools, the control problem is already broader than AI alone, according to the Ultimate Guide to NHIs.

The operational question is no longer whether teams have an acceptable use policy. It is whether they can discover every AI-connected identity, prove its scope, and remove it when the use case ends. That is the point where AI governance becomes a lifecycle discipline rather than a policy document.

Security leaders should expect shadow AI to merge with broader machine identity sprawl, especially where business units can create access paths faster than central teams can catalog them. The programme response needs one control plane for discovery, entitlement, and revocation across human, NHI, and AI-connected identities.

For practitioners

• Inventory every AI access path Identify all sanctioned and unsanctioned AI tools, the identities they use, and the data or systems they can reach. Include employee-driven tools, embedded assistants, API-connected models, and any machine identities used to call them.
• Bind AI entities to explicit governance controls Require access scope, logging, and review for any AI entity that can access sensitive data or invoke downstream systems. If the access path cannot be attributed and audited, it should not be treated as governed.
• Review machine identity lifecycle evidence Validate that machine identities tied to AI use are discoverable, monitored, and revocable. Focus on whether offboarding and entitlement removal work in practice, not whether a policy exists on paper.
• Close shadow AI intake at the business-unit level Give business units a clear intake path for AI requests, but block direct deployment of AI tools that bypass security review. This reduces the chance that local convenience becomes a persistent identity governance blind spot.

Key takeaways

• Shadow AI is an identity governance failure because it creates access paths outside IT and security oversight.
• Delinea’s research shows a large gap between confidence and control, especially in machine identity visibility and lifecycle management.
• Security teams need discovery, logging, scope control, and revocation evidence before AI adoption can be treated as governed.

Key terms

• Shadow AI: Shadow AI is the use of AI tools, models, or assistants inside an organisation without formal IT or security oversight. In identity terms, it creates unknown access paths, unreviewed entitlements, and audit gaps that can persist until a breach, compliance failure, or discovery exercise exposes them.
• Machine Identity: A machine identity is a non-human identity used by software, services, workloads, or automated systems to authenticate and access resources. It includes credentials, tokens, certificates, and service accounts, and it must be governed through discovery, lifecycle control, and revocation just like other privileged identities.
• Identity Governance: Identity governance is the discipline of controlling who or what can access which resources, for how long, and under what approvals. For AI and machine identities, it also includes visibility, auditability, offboarding, and ongoing entitlement review so access does not outlive the business need.
• Agentic AI: Agentic AI is AI that can take actions with some independence rather than only generating content on request. The governance challenge is that access decisions, tool calls, and execution timing may happen faster than traditional review cycles, so identity controls must account for runtime behaviour as well as provisioning.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Delinea: Shadow AI risk: Navigating the growing threat of ungoverned AI adoption. Read the original.