Notifications
Clear all
Topic starter
11/06/2026 11:22 pm
TL;DR: Enterprises are adding AI to fragmented data, vague permissions, and manual workflows, which magnifies existing governance gaps rather than fixing them, according to Gathid. The real control point is identity governance, because AI scale depends on clear access, provenance, and expiry discipline, not just better models.
NHIMG editorial — based on content published by Gathid: Identity governance is the real foundation for agentic AI scale
By the numbers:
- 78% of organizations are using AI in at least one business function.
- 88% of companies are boosting their AI budgets for agentic AI adoption.
Questions worth separating out
Q: How should organisations govern AI workflows that touch customer data?
A: Start by requiring a named owner, a clear purpose, and a defined expiry for every entitlement the workflow can use.
Q: Why do fragmented identity records create risk for agentic AI?
A: Fragmented records make it easy for an AI system to read the wrong source, apply the wrong permissions, or act on stale data.
Q: What breaks when temporary access has no expiry in automated workflows?
A: Temporary access turns into standing privilege, which expands the blast radius of any workflow error or compromise.
Practitioner guidance
- Build an authoritative identity map for AI workflows Inventory the systems that AI agents, bots, and service accounts can read or write, then assign a named owner and a business purpose to each entitlement.
- Put expiry on every temporary entitlement Require end dates for elevated access used by automation, including non-human identities that support AI workflows.
- Attach provenance to externally facing outputs Capture the source data, approvals, and transformation steps for any AI-generated customer-facing or regulator-facing output.
What's in the full article
Gathid's full analysis covers the operational detail this post intentionally leaves for the source:
- A practical breakdown of how marketing, engineering, security, and privacy share control over AI-ready workflows.
- A 12-week transformation plan with specific steps for inventorying systems, reducing over-privileged identities, and attaching provenance.
- Examples of pre-flight and after-action rituals that teams can use to make automation safer without slowing delivery.
- Guidance on how to make consent and claims travel across channels and data transformations.
👉 Read Gathid's analysis of why identity governance is the foundation for agentic AI scale →
Agentic AI and identity governance: what enterprises are missing?
Explore further
12/06/2026 7:58 am
Identity governance becomes the AI control plane when enterprise foundations are unfinished. The article's central point is not that AI creates new chaos, but that it exposes ungoverned chaos already present in data, access, and workflow design. When permissions, ownership, and provenance are unclear, AI simply makes every flaw faster and more visible. Practitioners should treat identity governance as the operating system that determines whether AI compounds value or risk.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- 48% of companies lack the ability to track and audit the data their AI agents access, leaving a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who should be accountable for AI-generated decisions?
A: Accountability should sit with the business owner of the workflow, the identity owner of the permissions, and the control owner for the evidence trail. If those roles are not explicit, responsibility disappears into the automation. The workflow may be fast, but it is not governable.
👉 Read our full editorial: Identity governance is the real foundation for agentic AI scale
