The four stages of AI adoption and the governance gap

At a glance

What this is: This is an analysis of how AI adoption matures across four stages and why identity governance becomes the deciding factor once AI tools and agents begin acting inside enterprise workflows.

Why it matters: It matters because IAM, NHI, and human identity programmes all have to account for unmanaged AI use, sanctioned pilots, and governed agent identities before scale turns into unreviewable risk.

By the numbers:

• AI systems with least-privileged access had a 17% incident rate vs 76% for over-privileged systems.
• Only 44% of organisations have implemented any policies to manage their AI agents.
• Only 5.7% of organisations have full visibility into their service accounts.

👉 Read ConductorOne's analysis of the four stages of AI adoption

Context

AI adoption is no longer a future-planning exercise. In many organisations, employees are already using AI tools to draft content, generate code, summarise documents, and automate workflows, which means the core governance problem is visibility, not experimentation. For identity teams, the issue is how quickly these tools move from informal use to governed access paths and then into production workflows.

The article’s central point is that the real control gap is not whether AI exists in the enterprise, but whether identity, access, and policy controls keep pace as AI becomes an operational actor. That is the same pattern identity teams have seen with shadow IT and then shadow AI, except the access surface is broader and the blast radius is larger.

Once AI agents start touching internal systems, the discussion shifts from usage management to identity governance. That creates immediate relevance for NHI controls, access reviews, and auditability, and it also forces human IAM teams to rethink how sanctioned and unsanctioned adoption are measured across the enterprise.

Key questions

Q: How should security teams govern shadow AI in the enterprise?

A: Start with discovery, not enforcement. Security teams need a current inventory of AI tools, connected accounts, data pathways, and business owners before they can apply access policy. Without that baseline, shadow AI behaves like unmanaged identity sprawl, and governance only reaches the sanctioned subset of usage.

Q: Why do AI agents change identity governance requirements?

A: AI agents change the model because they can authenticate, call tools, and execute actions on behalf of people or teams. That makes them governed identities, not just application features. Identity controls must therefore cover scope, ownership, logging, and review for the agent itself, not only the user behind it.

Q: What breaks when AI adoption outpaces governance?

A: What breaks first is attribution. Teams lose visibility into which tools are in use, which data they can reach, and which actions were taken automatically versus manually. Once adoption is ahead of control design, security teams end up retrofitting policy around live workflows instead of governing them from the start.

Q: How can organisations tell when AI governance is mature enough for scale?

A: Maturity shows up when every AI action is attributable, every agent has a named owner, and access is tied to an explicit scope that can be reviewed. If approvals still depend on manual queues or informal exception handling, the programme is not ready for broad operational scaling.

Technical breakdown

Shadow AI moves from usage to identity risk

Shadow AI begins as unsanctioned tool use, but the technical issue is not the prompt text or the model choice. It is the data path, the authentication path, and the fact that users often connect AI tools to enterprise systems without central visibility. Once an AI tool can read, summarise, or act on corporate data, it sits inside the identity plane whether or not it was officially approved. That is why discovery, entitlement mapping, and data-flow tracing matter before policy debates about productivity do.

Practical implication: inventory AI-connected accounts, tools, and integrations before trying to govern use cases.

Agentic workflows create governed identity requirements

A piloted AI agent is not just a feature wrapper around a model. It can authenticate, call APIs, retrieve records, and take actions on behalf of a user or team, which makes it an NHI governance problem as soon as it touches enterprise systems. The key mechanism is delegation. Human intent is converted into tool execution, often across multiple services, so identity controls must cover the agent, its credentials, its scope, and its audit trail. Without that, the pilot boundary becomes a false sense of control.

Practical implication: bind every approved agent to a named identity, explicit scope, and reviewable access path.

Why manual oversight breaks at transformation stage

At transformation scale, AI-driven actions happen too quickly and too frequently for ticket-based approval or periodic review to provide meaningful control. Orchestration layers may coordinate dozens of services, and the governance challenge becomes continuous authorisation rather than periodic permission checks. This is where identity policy, telemetry, and session-level enforcement have to work together. If the organisation waits for manual review cycles, the control arrives after the action has already happened.

Practical implication: move from manual approval dependency to policy enforcement and continuous monitoring at runtime.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Shadow AI is an identity problem before it is a policy problem. The article correctly shows that the risk starts when employees connect AI tools to real work without visibility, because the enterprise then loses the ability to map who or what accessed data. That is the same structural failure that appears in unmanaged NHI sprawl, only now the tools can also initiate actions. Practitioners should treat discovery as a governance control, not a reporting exercise.

AI adoption breaks the assumption that sanctioned use equals actual use. The post’s staged model exposes the gap between piloted tools and what people are doing in practice. That gap matters because governance designed only around approved platforms misses the larger behaviour surface, especially when shadow AI develops faster than formal intake processes. Security teams should assume the real operating model is always ahead of the documented one.

Runtime governance gap: the enterprise cannot rely on periodic approvals once AI agents begin executing on behalf of users. That assumption was designed for human-paced decision loops and stable access scopes. It fails when AI agents can chain actions across systems faster than review cycles can observe them, which means access review, audit, and certification need a different operating cadence. Practitioners must rethink how identity evidence is produced, not just how access is granted.

Transformation makes AI an identity class, not just a capability layer. Once agents handle routing, retrieval, and execution, they stop behaving like passive tools and start behaving like governed actors in the environment. That changes how IAM, PAM, and NHI teams divide responsibility, because the control plane now has to account for both delegated human intent and machine action. The implication is clear: governance has to be designed into the operating model before scale turns into exception handling.

Enterprise AI maturity will be defined by governance depth, not adoption speed. The companies that move furthest are not the ones that merely deploy more AI use cases, but the ones that align identity, access, and audit controls to the stage they are actually in. That is a programme design issue, not a tool issue. Practitioners should judge AI maturity by whether every action is attributable, reviewable, and scope-bound.

From our research:

• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
• Only 20% have formal processes for offboarding and revoking API keys, which shows how weak lifecycle controls remain when machine identities are introduced at scale.
• That is why teams should pair AI adoption with Ultimate Guide to NHIs guidance on visibility, rotation, and offboarding before the next growth stage.

What this signals

Shadow AI is already part of the identity perimeter, even when it is not part of the approved application stack. Organisations that treat adoption as a tooling discussion will miss the fact that data access, delegated action, and ownership are the real control points. The operating model needs discovery and entitlement mapping before it needs more policy paperwork.

Runtime governance gap: the next failure mode is not whether AI exists, but whether it can still be reviewed after the action has already occurred. With 70% of organisations granting AI systems more access than human employees, according to the 2026 Infrastructure Identity Survey, the pressure is now on continuous enforcement and attribution rather than periodic certification.

Enterprises should expect the most mature programmes to converge human IAM, NHI governance, and AI controls into one operating model. The practical test is whether a team can name the owner, the scope, and the audit evidence for every AI-connected workflow without relying on manual reconciliation.

For practitioners

• Inventory shadow AI usage Discover unsanctioned AI tools, browser extensions, copilots, and connected services so you can map where corporate data already flows outside approved channels.
• Bind approved AI agents to governed identities Assign each sanctioned agent a distinct identity, explicit permissions, and an auditable owner so delegated actions can be traced back to a business context.
• Enforce runtime policy on AI tool calls Require policy evaluation at the point of API call or workflow execution, not just at onboarding, so approvals do not expire before the action occurs.
• Separate pilot controls from production controls Treat a pilot as a temporary governance state with tighter scope, logging, and data restrictions than full production, then promote only after evidence review.

Key takeaways

• AI adoption becomes an identity governance issue once tools and agents can access enterprise data or execute actions.
• The biggest risk is the gap between sanctioned pilots and actual employee behaviour, which expands faster than policy coverage.
• Programmes that can attribute, scope, and review every AI action will scale more safely than those that rely on manual oversight.

Key terms

• Shadow AI: AI tools, agents, or integrations used without formal visibility or governance. In identity terms, the issue is not only unsanctioned software but unmanaged access paths, data exposure, and ownership. Shadow AI becomes a security control problem the moment it can reach enterprise systems or sensitive information.
• Agentic workflow: A workflow where an AI system can select actions, invoke tools, and complete steps on behalf of a user or team. The governance challenge is that the workflow now has delegated execution authority, so identity, logging, and policy must apply to the agent itself as a governed actor.
• Runtime policy enforcement: A control approach that evaluates access and action decisions at the moment they occur rather than only at onboarding or approval time. For AI systems, this is essential because usage can shift quickly between tasks, and static approvals may no longer reflect the actual risk state.
• Identity perimeter: The full set of identities, credentials, delegated tools, and access paths that can affect enterprise data and systems. For AI adoption, the identity perimeter includes sanctioned and unsanctioned tools, connected services, and the people or processes that own them.

Deepen your knowledge

AI agent governance and shadow AI discovery are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for the same adoption curve described here, it is worth exploring.

This post draws on content published by ConductorOne: The Four Stages of AI Adoption, and What Separates the Companies That Get It Right. Read the original.