TL;DR: Shadow AI creates unmanaged identity, data, and governance exposure because employees can spin up AI accounts, connect them to work data, and bypass approved controls, according to Netwrix. The security problem is no longer just tool sprawl; it is unmanaged access paths that IAM, NHI, and governance programmes were not designed to see.
At a glance
What this is: This is a Netwrix blog on 12 shadow AI security risks, with the key finding that unmanaged AI use creates identity and data governance blind spots.
Why it matters: It matters because IAM and security teams now have to govern unsanctioned AI use as an access, secrets, and data exposure problem across human, NHI, and emerging agentic workflows.
👉 Read Netwrix's 12 shadow AI security risks for 2026
Context
Shadow AI is unmanaged AI use outside approved governance, and in identity terms it behaves like a hidden access layer. Employees can move prompts, files, and credentials into consumer or unsanctioned tools without the visibility, policy enforcement, or lifecycle controls that enterprise IAM and NHI programmes rely on.
That creates a programme-level problem for security and identity teams. If the organisation cannot see which AI services are being used, what accounts they create, or what data they touch, then access reviews, data controls, and secrets governance all become partially blind. The article's framing is typical of a wider market pattern, not a one-off anomaly.
For practitioners, the important shift is that shadow AI should be treated as both an identity discovery issue and a data handling issue. NHIMG's NHI Lifecycle Management Guide is relevant here because the same lifecycle gaps that affect service accounts also appear when employees create unmanaged AI identities and leave them active beyond business need.
Key questions
Q: What breaks when employees use shadow AI for work tasks?
A: Shadow AI breaks identity visibility and lifecycle control. Employees can create or use AI accounts, connect them to work data, and move sensitive information outside approved governance. That leaves security teams unable to reliably inventory the identity, review its access, or revoke delegated permissions when the business need ends.
Q: Why do shadow AI tools create risk for IAM teams?
A: Shadow AI complicates IAM because the real subject is often not just the employee, but the AI service, token, or connector acting on the employee's behalf. That expands the identity surface without formal provisioning, certification, or offboarding, which means access governance becomes incomplete even when human login controls are strong.
Q: How can security teams detect shadow AI without blocking every AI tool?
A: Use identity discovery, SaaS visibility, DLP, and OAuth grant review to identify where AI tools are connected to business data. Then classify whether the risk is a personal account, a sanctioned tool used unsafely, or an unmanaged identity path that needs revocation.
Q: Should organisations treat shadow AI as a data problem or an identity problem?
A: Both, but identity should come first because it determines who or what can access the data. If the AI account, connector, or token is unmanaged, data controls alone cannot guarantee containment. The safer approach is to govern the identity path, then enforce data handling rules on top of it.
Technical breakdown
Shadow AI as unmanaged identity sprawl
Shadow AI becomes a governance problem when employees create accounts, connect plugins, or upload work data into tools that were never enrolled in enterprise controls. The identity is often not just the user, but the AI account, token, connector, or delegated session attached to the tool. That produces identity sprawl without central inventory, making recertification, offboarding, and privilege review incomplete. In practice, the security team loses the ability to answer basic questions about who or what is acting on behalf of the business.
Practical implication: discover AI accounts, connectors, and tokens as part of the IAM inventory, not as an app-only issue.
Why secret leakage and data reuse are central risks
Many shadow AI scenarios fail because users paste credentials, customer data, or source code into tools that may store, reuse, or learn from that input. From an identity perspective, this is not only a data privacy issue. It is a secrets exposure problem, because sensitive tokens and API keys can leave approved boundaries and become available to systems with no enterprise lifecycle management. That turns an informal prompt into an access path that security teams cannot reliably rotate or revoke.
Practical implication: treat prompt content and file uploads as potential secret-handling events and restrict them with policy and DLP.
Why network blocking alone does not solve shadow AI
Blocking AI tools at the network layer is a blunt control because shadow AI can enter through personal accounts, mobile devices, browser extensions, or sanctioned platforms used in unsanctioned ways. The control failure is not just reachability, but governance over identity, data, and delegated access. A user can still create an unmanaged AI identity, move data into it, and continue the workflow outside the approved security model. That is why the problem sits at the intersection of IAM, NHI, and data governance.
Practical implication: pair acceptable-use enforcement with identity-based discovery and controls on uploads, OAuth grants, and connector approvals.
Breaches seen in the wild
- MongoBleed breach — MongoBleed exposed secrets across 87K MongoDB servers.
- IOS app secrets leakage report — iOS apps leaking hardcoded secrets and credentials endangering user privacy.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Shadow AI is an NHI governance problem before it is an AI policy problem. The article's topic sits squarely in the zone where employees create or use non-approved AI accounts, tokens, and connectors without lifecycle control. That means the real failure is not simply tool unsanctioning, but unmanaged identity creation outside IAM visibility. Practitioners should treat shadow AI as an inventory and lifecycle issue, not only a usage-policy issue.
Identity does not stop at the human user when AI tools become part of work execution. A worker can authenticate once and then hand work off to a consumer AI service that stores prompts, reuses sessions, or issues downstream access. That extends the attack surface beyond the person into the tokenized AI layer. The governance question is how to trace and certify those delegated identity paths across human, NHI, and AI use.
Shadow AI exposes a visibility gap that traditional access reviews do not close. Access certification assumes the organisation knows which identities exist and which resources they touch. Shadow AI breaks both assumptions because the identities are often unregistered and the data paths are informal. The implication is straightforward: if the identity is not discoverable, it is not governable.
Unmanaged AI usage creates a named failure mode: hidden delegated access paths. These paths arise when employees grant AI tools access to files, email, code, or SaaS data without central approval or revocation logic. Once that delegation is outside IAM, the business loses control over who can persist, reuse, or further transmit the data. Practitioners need to recognise that hidden delegation is the real control gap, not just unsanctioned software use.
From our research:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- From our research: 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- From our research: Start with the NHI Lifecycle Management Guide if you need a governance model for discovery, rotation, and offboarding of unmanaged identities.
What this signals
Hidden delegated access paths: Shadow AI should be treated as a governance category, not a temporary usage trend. Once employees route business data into unmanaged AI services, the organisation has an identity problem that will not be solved by awareness training alone. The practical signal is to track AI accounts, OAuth grants, and connector sprawl as first-class governance objects, using the NHI Lifecycle Management Guide as the lifecycle anchor.
With 85% of organisations lacking full visibility into third-party vendors connected via OAuth apps, the broader control lesson is that discovery gaps are already normal in modern identity programmes. Shadow AI compounds that problem by adding unsanctioned services and personal accounts to the same blind spot. Teams should expect their governance model to extend beyond sanctioned SaaS into consumer AI and browser-mediated access paths.
The near-term priority is not to build a separate AI policy silo. Security teams need one operating model that ties acceptable use, secrets handling, OAuth review, and access certification together. For identity leaders, the relevant standard is the NIST Cybersecurity Framework 2.0, especially where governance and access control have to work across human and non-human identities.
For practitioners
- Inventory shadow AI as identities, not just applications Build discovery around user-created AI accounts, browser-based AI sessions, OAuth grants, API tokens, and file-sharing connectors. The goal is to identify which identities can act, store, or reuse work data outside approved lifecycle controls.
- Extend acceptable-use policy to prompt and upload behaviour Define what data employees may place into AI tools, including credentials, customer data, source code, and regulated records. Back policy with DLP, CASB, and identity-based controls so the rule is enforceable rather than advisory.
- Review delegated access paths during access recertification Add AI-related grants, connectors, and shared workspaces to periodic reviews so managers can see where business data has been routed. Tie review exceptions to explicit business ownership and revocation triggers.
- Control secret handling at the point of use Block or warn when users paste secrets into unapproved AI tools, and monitor for token exposure in prompts, uploads, and generated output. Use the NHI Lifecycle Management Guide to align detection with revocation and rotation workflows.
Key takeaways
- Shadow AI turns unsanctioned AI use into an identity governance problem because the real risk is unmanaged accounts, tokens, and delegated access paths.
- The biggest control weakness is visibility, since access reviews and offboarding do not work well when the organisation cannot inventory the AI identities in play.
- Practitioners should govern shadow AI through discovery, OAuth review, prompt controls, and lifecycle management rather than relying on network blocking alone.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Shadow AI often appears as unmanaged non-human identity creation and access. |
| NIST CSF 2.0 | PR.AC-1 | The article centres on controlling who or what can access data and tools. |
| NIST Zero Trust (SP 800-207) | PR.AC-4 | Zero trust is relevant where delegated AI access must be continuously verified. |
Inventory AI accounts, tokens, and connectors as NHIs and bring them into lifecycle control.
Key terms
- Shadow AI: Shadow AI is the use of AI tools, accounts, or connectors outside approved enterprise governance. In practice, it creates hidden identity paths, unknown data flows, and access that cannot be fully inventoried, certified, or revoked through normal IAM processes.
- Delegated Access Path: A delegated access path is the chain that lets one identity act through another, such as a user granting an AI service access to files or SaaS data. When unmanaged, it becomes difficult to trace ownership, confirm scope, or revoke privileges reliably.
- Identity Sprawl: Identity sprawl is the uncontrolled growth of accounts, tokens, connectors, and service identities across an environment. For shadow AI, it means AI-related identities appear faster than governance can catalogue, review, or offboard them, which weakens access control and accountability.
- Lifecycle Control: Lifecycle control is the discipline of provisioning, reviewing, rotating, and removing identities and credentials over time. For shadow AI, it is the difference between a temporary tool use and a persistent unmanaged access path that survives beyond its business purpose.
Deepen your knowledge
Shadow AI governance, lifecycle control, and access review are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are trying to bring unmanaged AI use under identity control, it is a practical place to start.
This post draws on content published by Netwrix: 12 Critical Shadow AI Security Risks Your Organization Needs to Monitor in 2026. Read the original.
Published by the NHIMG editorial team on 2026-02-13.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
