Time to Trust in identity: what governed autonomy changes

At a glance

What this is: This is an identity-security analysis of Gartner’s Time to Trust concept and how it reframes governance for agentic AI, access control, and auditability.

Why it matters: It matters because IAM teams now have to decide when oversight can be reduced without losing accountability, visibility, or control across human, NHI, and autonomous workflows.

By the numbers:

• Agentic AI adoption will stall at the early majority, roughly 16%, over the next several years without a way to measure and improve trust.

👉 Read Delinea’s analysis of Time to Trust and governed autonomy in identity

Context

Time to Trust, or TTT, is a measure of how quickly an organisation can reduce reliance on human-in-the-loop oversight to an acceptable threshold. In identity terms, the problem is not whether AI can act, but whether governance can explain why approval was removed and whether that decision remains defensible under audit.

For IAM, PAM, and IGA teams, the challenge is that trust decisions are increasingly being pushed into policy, authorization, and audit layers without a clear model for when oversight should change. That creates a familiar governance gap: systems move faster than the controls used to justify their access.

The article’s focus is agentic AI, but the lesson extends across machine identity and human access workflows. Once trust is treated as a measurable operating state rather than a feeling, identity teams can evaluate whether their controls are actually constraining autonomy or merely documenting it after the fact.

Key questions

Q: How should security teams reduce human approval for agentic AI without losing control?

A: Security teams should reduce human approval only where the decision point, risk threshold, and rollback path are documented in policy. The control must log who changed the oversight model, what conditions triggered the change, and how exceptions are handled. Without that evidence, reduced approval is just hidden risk, not governed autonomy.

Q: Why does Time to Trust matter for IAM programmes?

A: Time to Trust matters because it turns trust into a measurable governance outcome rather than a vague judgement. IAM teams can then evaluate whether approval is being reduced for defensible reasons or simply because the workflow is faster. That distinction matters under audit, incident response, and board scrutiny.

Q: What breaks when oversight is removed before identity controls are ready?

A: When oversight is removed too early, organisations lose visibility into why access was granted and whether autonomy is still appropriate. The result is a control gap where decisions are happening faster than review, making certification, exception handling, and accountability difficult to prove.

Q: Who is accountable when an autonomous system acts on access decisions?

A: Accountability stays with the organisation that defined the policy and allowed the system to act. If the approval model, audit trail, or exception process cannot explain the decision, responsibility does not move to the system. Governance teams, IAM owners, and security leaders remain accountable for the controls they accepted.

Technical breakdown

How Time to Trust maps to identity control points

Gartner’s Time to Trust framework treats trust as the time required to lower human oversight to a predefined threshold. In identity security, that threshold is enforced through authorization, policy decisioning, and audit logging, not through model accuracy alone. A system may be technically capable of acting autonomously, but identity teams still need controls that show when approval was required, when it was removed, and under what conditions it can be restored. That is why trust is operational, not abstract.

Practical implication: define the decision points where human approval can be reduced and require audit evidence for every change in oversight.

Human-in-the-loop oversight as a governance signal

Human-in-the-loop controls are not just a safety brake, they are a measurement signal. If oversight is always on, the organisation has not yet proven trust. If oversight disappears without policy, the organisation has lost accountability. The useful middle ground is controlled reduction, where the identity stack can record who approved the shift, what changed, and whether risk signals justify it. That makes TTT a governance metric rather than a vague maturity label.

Practical implication: instrument approvals, exceptions, and reversals so oversight changes can be measured rather than assumed.

Why continuous discovery changes the trust curve

Trust degrades when permissions, identities, and context drift. Agentic systems can appear trustworthy at onboarding and become risky as workloads, tools, or access paths expand. Continuous identity discovery and entitlement analysis matter because they show whether the trust threshold is still valid after change. In practice, the control problem is not only granting access, but revalidating the conditions under which autonomy remains acceptable.

Practical implication: pair identity discovery with entitlement review so trust thresholds can be recalculated when environments change.

Threat narrative

Attacker objective: The practical objective is not just unauthorized access, but exploiting weak trust governance so autonomous action can proceed without defensible oversight.

1. Entry occurs when agentic AI is embedded into workflows with some level of human approval still acting as the trust gate.
2. Escalation happens when organisations reduce oversight without a measurable policy for when autonomy is justified, creating informal privilege expansion.
3. Impact is governance failure, because teams can no longer explain why the system was allowed to act autonomously at a specific moment.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Time to Trust becomes an identity control problem the moment autonomy is allowed into workflows. Trust is no longer a general business sentiment when systems can request, validate, and act on access. Once that happens, identity, authorization, and audit become the only defensible places to prove why oversight changed. The practitioner conclusion is straightforward: trust must be enforced where access is decided, not where the incident is explained.

Access review processes assume privilege persists long enough to be observed, challenged, and recertified. That assumption fails when a system can move from approval to action inside one workflow cycle, because there may be no stable review artefact left to inspect. The implication is not merely that review cadence is too slow, but that the review model itself was built for slower actors. Practitioners must rethink which governance assumptions still hold when the actor is agentic.

Identity trust metrics will increasingly separate real governance from cosmetic automation. A system that reduces human review without evidence is not maturing, it is obscuring risk. Gartner’s TTT framing is useful because it forces organisations to ask whether lower oversight reflects better control or simply less friction. The practitioner conclusion is to treat trust reduction as a measurable governance outcome, not an adoption slogan.

Continuous identity discovery is now a prerequisite for governed autonomy. If security teams cannot see new agents, new entitlements, and new access paths, they cannot defend any trust threshold they claim to operate. That is true across NHI, human IAM, and autonomous systems because trust erodes when identities and privileges are invisible. The practitioner conclusion is to make discovery part of trust governance, not a separate hygiene exercise.

From our research:

• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing how slowly remediation can move in practice.
• That gap is why practitioners should also review Ultimate Guide to NHIs , Regulatory and Audit Perspectives for the governance controls that make trust defensible.

What this signals

Time to Trust will force identity programmes to prove when reduction in oversight is justified. If a team cannot show the policy basis for lowering approval, the programme is optimising speed, not governance. The practical signal is that trust metrics will soon matter alongside entitlement metrics, especially where agentic AI and human access decisions are converging.

Continuous discovery is the difference between a trust programme and a blind spot. If you cannot see the agents, service identities, and permissions in play, you cannot know whether your trust threshold is still valid. That makes discovery and entitlement analytics part of the trust model, not a separate inventory task.

What looks like autonomy may still be unmanaged access sprawl. In environments where 97% of NHIs carry excessive privileges, according to the Ultimate Guide to NHIs, the first job is often reducing standing privilege before assuming the trust problem is about AI sophistication.

For practitioners

• Define trust thresholds per workflow Set explicit limits for when human approval can be reduced, and tie each threshold to a documented risk condition, reviewer, and rollback path. Do not let teams shorten oversight informally.
• Log every oversight change Record when approval is required, removed, restored, or bypassed, and keep the evidence in the same control plane used for authorization and audit.
• Connect discovery to trust decisions Use continuous identity discovery to surface agents, service identities, and dormant entitlements before they distort the trust model.
• Separate accuracy from trust Assess whether a system is permitted to act, not only whether it is usually correct, because accuracy alone does not justify reduced oversight.

Key takeaways

• Time to Trust reframes autonomy as a governance question, not just a technical capability question.
• Identity programmes need evidence for when human approval is reduced, because oversight changes are themselves control decisions.
• Continuous discovery, audit logging, and entitlement review are the controls that make governed autonomy defensible.

Key terms

• Time To Trust: A measure of how long it takes an organisation to reduce reliance on human oversight to an acceptable level. In identity programmes, it becomes a governance metric for when approval can be removed, under what conditions, and with what audit evidence.
• Human-in-the-loop: A control pattern where a person reviews, approves, or intervenes before a system can complete an action. For identity governance, the important question is not whether HITL exists, but whether it is documented, measurable, and reversible when risk changes.
• Governed autonomy: A state in which an AI or machine workflow can act with limited human intervention while remaining inside explicit policy, authorization, and audit boundaries. It is not the same as free-running autonomy, because the organisation can still explain and constrain what the system is allowed to do.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Delinea: From human approval to governed autonomy, applying Gartner's Time to Trust to identity. Read the original.