Notifications
Clear all
Topic starter
06/06/2026 2:15 am
TL;DR: Enterprises are starting to give every employee AI assistants broad access to email, calendars, documents, and internal systems, but those agents often lack a distinct identity, policy enforcement, and auditable separation from the user, according to Aembit. The governance model built for human workers does not yet fit agentic access that spans the full digital work life.
NHIMG editorial — based on content published by Aembit: a case study on securing Claude as a personal assistant for employees
By the numbers:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
- 80% of organisations report their AI agents have already performed actions beyond their intended scope.
Questions worth separating out
Q: How should security teams govern personal AI assistants that act on behalf of employees?
A: Treat each assistant as a distinct non-human actor with its own identity, policy scope, and audit trail.
Q: Why do AI agents complicate existing IAM and access review processes?
A: Because traditional IAM assumes the authenticated subject is also the actor whose access is being reviewed.
Q: What breaks when an AI assistant uses the same identity as the employee?
A: Attribution breaks first, then policy enforcement and investigation quality.
Practitioner guidance
- Assign a distinct identity to each AI assistant Do not let the assistant inherit the employee session as if it were just another browser tab.
- Apply runtime policy checks to every sensitive action Evaluate each request against data sensitivity, action type, and target system at execution time, especially for Microsoft 365, SharePoint, and Graph-connected workflows.
- Limit agent reach before expanding assistant utility Map the minimum systems and data required for the assistant to be useful, then restrict access to that surface area.
What's in the full article
Aembit's full article covers the operational detail this post intentionally leaves for the source:
- How the blended identity model is structured for employee-sponsored AI agents
- The access and audit mechanics used to secure Claude across Microsoft 365 and related systems
- Why the design partner required a security foundation before rollout could proceed
- Implementation detail on secretless access and runtime enforcement for agent actions
👉 Read Aembit's case study on securing Claude for employee AI assistants →
Claude for work and personal AI assistants: are controls ready?
Explore further
06/06/2026 3:49 am
AI assistants are becoming a new identity class, not a new interface. Once a personal assistant can access email, calendars, document stores, and internal systems, it stops behaving like a convenience layer and starts behaving like an actor with operational consequences. Identity governance has to classify that actor explicitly, or the organisation will keep borrowing human controls for a machine behaviour pattern that does not fit them. The implication is that agentic access needs its own policy and audit model, not a rebranded user session.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems.
A question worth separating out:
Q: Who is accountable when an employee-facing AI agent makes a risky action?
A: Accountability should remain with the sponsoring organisation, but operational ownership must be split between the human requester, the platform team that granted access, and the governance team that approved the scope. Frameworks such as the NIST AI Risk Management Framework and Zero Trust Architecture both support that shared accountability model.
👉 Read our full editorial: Claude as a personal assistant exposes the agent identity gap
