Notifications
Clear all
Topic starter
27/06/2026 1:40 pm
TL;DR: AI agents gained write access to dozens of SaaS apps in under a week through permission creep, while synthetic job candidates used AI-generated resumes and coached calls to obtain real directory identities and system access, according to Abnormal AI. The core issue is identity drift outpacing rule-based detection, because attacks can look legitimate until after access is already granted.
NHIMG editorial — based on content published by Abnormal AI: AI agent permission creep and synthetic identity risk
By the numbers:
- 80% of organisations, dy performed actions beyond their intended scope in 80% of organisations, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes, and as quickly as 9 minutes in some cases.
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.
Questions worth separating out
Q: How should security teams handle permission creep for AI agents across SaaS apps?
A: Security teams should treat permission creep as a lifecycle and governance problem, not only a detection problem.
Q: Why do synthetic job candidates create IAM risk even after they are approved?
A: Because approval can be based on a convincing but false identity, and downstream systems often trust the directory record once it exists.
Q: What breaks when identity security depends only on new detection rules?
A: Rule-only security breaks when the attack has no known signature yet.
Practitioner guidance
- Track entitlement growth by identity Measure how much access each AI agent, service account, or synthetic user accumulates over time, and flag sudden expansion across SaaS applications as a review trigger.
- Strengthen identity proofing before directory creation Separate candidate validation from account creation so that hiring workflows cannot create production identities until identity assurance checks are complete.
- Baseline identity behaviour across systems Combine behavioural analytics with lifecycle controls so that first-seen identity abuse can be detected even when no signature or rule exists yet.
What's in the full article
Abnormal AI's full analysis covers the operational detail this post intentionally leaves for the source:
- How the behavioural model distinguishes permission creep from normal SaaS usage across identities and communications
- Examples of identity and access deviation patterns that triggered detection before a custom rule existed
- The conditions under which synthetic candidates were converted into real directory identities and access records
- How product and engineering teams describe the baseline logic behind first-seen identity abuse detection
👉 Read Abnormal AI's analysis of AI agent permission creep and synthetic identity risk →
AI agent permission creep and fake employees: are controls keeping up?
Explore further
27/06/2026 3:06 pm
Identity drift is now a primary attack surface, not a side effect of automation. AI agents that accumulate permissions across SaaS apps and synthetic hires that gain real directory identities both show the same pattern: access is granted through normal processes, then expands beyond the original intent. That means the security problem is not only compromise, but gradual divergence between intended and actual identity scope. Practitioners should treat drift as a first-class governance signal, not an operational nuisance.
A few things that frame the scale:
- AI agents have already performed actions beyond their intended scope in 80% of organisations, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How do IAM teams know whether behavioural detection is working for identity abuse?
A: Look for earlier detection of identity drift, fewer unexplained entitlement expansions, and faster review of access that crosses normal task boundaries. If behavioural tooling only confirms incidents after wide access accumulation, it is acting as after-the-fact evidence collection rather than prevention. The test is whether it surfaces deviation before scope becomes operationally broad.
👉 Read our full editorial: AI agents and synthetic identities expose new identity drift risks
