AI identity governance gaps: are your controls keeping up?

TL;DR: AI in Identity Security Demands a New Playbook finds that only 44% of organizations feel fully equipped to support secure AI, while 61% have full visibility into machine identities and 48% govern AI entities, according to Delinea's survey of 1,700 IT decision-makers. The governance gap is now structural: security teams are trying to control AI with identity models that were not built for agentic behaviour.

NHIMG editorial — based on content published by Delinea: AI in Identity Security Demands a New Playbook

By the numbers:

• 44% of organizations say their security architecture is fully equipped to support secure AI.
• 61% have full visibility into all machine identities to monitor for compromise.
• 48% have identity governance for AI entities.

Questions worth separating out

Q: How should security teams govern AI identities that can act at runtime?

A: Security teams should treat runtime AI behaviour as an identity governance issue, not only an application risk.

Q: Why do partial machine identity inventories create more risk for AI programmes?

A: Partial inventories leave unknown identities outside ownership, access review, and monitoring.

Q: What do security teams get wrong about shadow AI?

A: They often treat shadow AI as a policy problem instead of a lifecycle problem.

Practitioner guidance

• Inventory AI identities continuously Build discovery processes that identify sanctioned and unsanctioned AI entities across cloud, SaaS, and internal automation layers.
• Replace static roles with task-scoped access Limit AI entities to the smallest set of actions, tools, and data paths needed for a specific workflow.
• Tie AI governance to lifecycle controls Apply joiner-mover-leaver logic to AI systems, including approval, review, suspension, and retirement.

What's in the full report

Delinea's full report covers the operational detail this post intentionally leaves for the source:

• The survey methodology and respondent breakdown across more than 1,700 IT decision-makers.
• The full set of AI identity security findings by capability area, including machine visibility and AI governance.
• The report's breakdown of shadow AI frequency and the most common AI identity security concerns.
• The research team's recommended actions for organisations building secure AI controls.

👉 Read Delinea's report on AI identity security and secure AI governance gaps →

AI identity governance gaps: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →