Weak identity governance will amplify NHI and AI agent risk

At a glance

What this is: This analysis says weak identity governance now compounds excess access, manual review failure, visibility gaps, and AI agent sprawl into a larger security and compliance problem.

Why it matters: It matters because IAM teams now have to govern human users, NHIs, and AI agents through one lifecycle and control model, or risk losing both auditability and containment.

👉 Read ConductorOne's analysis of weak identity governance in 2026

Context

Weak identity governance becomes a security problem when access grows faster than review, revocation, and visibility can keep up. In ConductorOne's framing, that gap now spans users, service accounts, bots, and AI agents, which means IAM teams are no longer managing a single identity population but several with different behaviour and different failure modes.

The practical issue is not just more identities. It is that excessive access, manual UARs, access sprawl, and missing inventory all interact, so one weak control can amplify the others. Once AI agents enter the environment, identity governance has to cope with identities that request access, inherit permissions, and take action at machine speed.

Key questions

Q: How should security teams reduce privilege creep across human and non-human identities?

A: Security teams should review entitlements by identity class, business purpose, and current usage, then remove access that no longer matches the role or workload. The key is to enforce least privilege continuously, not just at provisioning time. That means centralised inventory, automated certification data, and fast revocation for service accounts, bots, and users alike.

Q: Why do manual user access reviews fail in modern identity programmes?

A: Manual user access reviews fail because the data is usually stale, incomplete, or too hard to interpret at scale. Managers approve what they do not fully understand, and revoked access often arrives too late to reduce risk. Organisations need automated entitlement collection and revocation workflows if reviews are meant to change security outcomes.

Q: What breaks when AI agents are given permissions without lifecycle governance?

A: When AI agents are given permissions without lifecycle governance, ownership becomes unclear, revocation becomes slow, and auditability disappears. The result is a non-human identity that can keep acting after the business need has changed. Treat each agent as a governed identity with explicit accountability, lifecycle state, and policy scope.

Q: Who is accountable when excessive access leads to a breach or audit failure?

A: Accountability sits with the identity programme owner, the application owner, and the business approver who allowed access to persist beyond need. Compliance teams may see the failure first, but the control gap is usually upstream in ownership, review cadence, or revocation enforcement. Governance only works when accountability is tied to removal as well as approval.

Technical breakdown

Excessive access and privilege creep in identity governance

Excessive access is what happens when identities accumulate permissions that outlive the original business need. In IAM terms, privilege creep widens the attack path because the account that should have been narrow becomes a lateral movement opportunity. The problem applies to employees, contractors, service accounts, and bots alike, but it becomes harder to correct as environments expand across SaaS, cloud, and automation layers. Least privilege only works when entitlement scope is continuously revalidated against actual use, not just provisioning history.

Practical implication: define entitlement ceilings for each identity class and remove access that no longer matches the current role or workload.

Manual user access reviews and audit failure

Manual user access reviews often fail because the review artefact is stale before the reviewer opens it. Spreadsheets, incomplete context, and rubber-stamping reduce UARs to documentation exercise instead of control enforcement. The technical weakness is not the review process itself, but the lag between entitlements changing and the control set being able to see and certify those changes accurately. In mature identity governance, access review data has to be current enough to support revocation decisions, not just audit narratives.

Practical implication: automate entitlement collection and revocation workflows so review decisions can be acted on before the audit cycle closes.

AI agent identities, permissions, and auditability

AI agents change the identity problem because they can request access, inherit permissions, and act without a human sitting in the loop for every decision. That creates a governance gap around ownership, audit logging, and revocation, especially when agents are embedded across business workflows. The challenge is not merely scale. It is that each agent becomes a non-human identity with its own permission profile, lifecycle, and operational context, which legacy IGA tools were not designed to model cleanly.

Practical implication: treat every agent as a governed identity object with explicit ownership, reviewability, and lifecycle state.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Weak identity governance is now an attack-surface multiplier, not a back-office control issue. When access, review, and visibility fail together, the environment becomes easier to traverse and harder to recover. This is the same structural problem whether the identity is human, machine, or agentic. Practitioner conclusion: identity governance has to be treated as a core security control, not an administrative layer.

Manual access review processes are built for evidence collection, not real-time revocation. The control assumes entitlements can be certified after the fact, but that assumption breaks when access changes faster than the review cycle. In practice, UARs become compliance theatre when context is stale and managers cannot distinguish needed access from inherited sprawl. Practitioner conclusion: access reviews must produce removal actions, not just sign-off records.

Identity blast radius: the real risk is not the number of identities, but how far one over-permissioned identity can move once compromised. Excessive access, orphaned entitlements, and poor inventory combine to turn a single credential into multiple paths. That is why governance maturity is inseparable from incident containment. Practitioner conclusion: reduce blast radius before you try to optimise coverage.

AI agents expose the assumption that identities remain stable long enough to be reviewed, certified, and retired on a human timetable. That assumption was designed for users and service accounts whose permissions persist across discrete lifecycle stages. It fails when an AI agent can request access, take action, and complete work at machine speed with no durable human approval loop in between. The implication is that lifecycle governance itself must be rethought around session-level behaviour and ownership, not just more frequent reviews.

As identity populations expand, governance becomes a scale problem as much as a security problem. A 1,000-person company can end up managing far more machine identities than employees when every application spawns its own agents and integrations. That makes manual governance economically unworkable and operationally brittle. Practitioner conclusion: design for inventory, ownership, and policy enforcement at machine scale before agent sprawl outpaces control.

From our research:

• 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, 38% have no or low visibility, and a further 47% have only partial visibility, according to The State of Non-Human Identity Security.
• Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, which shows how uneven governance maturity still is.
• For the lifecycle side of the problem, see Ultimate Guide to NHIs for the inventory, rotation, and offboarding controls that make access review data trustworthy.

What this signals

Identity blast radius: the programme risk is not just more identities, but more ways for one entitlement mistake to propagate. Teams that still depend on manual review cycles will find that access drift outruns certification, especially as machine identities multiply.

The next governance gap will be operational, not conceptual. As AI agents become normal participants in business workflows, IAM programmes will need explicit ownership, lifecycle state, and removal triggers for identities that do not map cleanly to employee-style processes.

For practitioners

• Map access creep by identity class Separate humans, service accounts, bots, and AI agents in entitlement reporting so privilege creep can be measured against the right baseline. Tie each class to an owner and a removal path.
• Automate UAR evidence collection and revocation Replace spreadsheet-driven reviews with current entitlement data, reviewer context, and enforced revocation workflows. The review should end with a control action, not a completed form.
• Build a complete inventory of high-risk identities Centralise visibility across SaaS, cloud, and automation layers so orphaned accounts, shadow IT, and over-privileged roles can be found before incidents do.
• Treat AI agents as governed identity objects Assign explicit ownership, lifecycle state, and policy scope to each AI agent before it enters a workflow. Do not rely on inherited permissions without audit-ready accountability.

Key takeaways

• Weak identity governance turns excess access, stale reviews, and poor visibility into one compounded security problem.
• The scale issue is now multi-population, with humans, service accounts, bots, and AI agents all expanding the access surface.
• Practical control has to shift toward continuous entitlement governance, not periodic certification alone.

Key terms

• Identity Governance: Identity governance is the set of controls that decides who or what should have access, who approves it, and when it must be removed. For NHIs and AI agents, governance has to include ownership, lifecycle state, and revocation, not just approval records and compliance reporting.
• Privilege Creep: Privilege creep is the gradual accumulation of permissions beyond what an identity actually needs. It usually starts with temporary access or inherited roles and ends with a larger attack surface, especially when service accounts, bots, and agents are allowed to retain access after the original purpose has passed.
• User Access Review: A user access review is a governance checkpoint where entitlements are examined to confirm they still match business need. In practice, the control only works when the underlying access data is current enough to support removal, otherwise it becomes an audit exercise rather than a security control.
• Non-Human Identity: A non-human identity is any machine- or software-based identity that authenticates to systems, including service accounts, API keys, tokens, certificates, bots, workloads, and AI agents. These identities need lifecycle governance because they can carry powerful access without human-style oversight.

Deepen your knowledge

Identity governance for AI agents and non-human identities is covered in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your programme is already dealing with access sprawl, it is the right place to reset the model.

This post draws on content published by ConductorOne: Risks of Weak Identity Governance in 2026. Read the original.