TL;DR: Tokens and API keys let shadow AI authenticate across cloud, SaaS, and internal systems without ownership, expiry, or review, turning experimentation into persistent non-human access, according to Token Security. The core governance failure is that identity controls still assume access is human-owned, reviewable, and static.
NHIMG editorial — based on content published by Token Security: Shadow AI to Shadow Access: How Tokens Enable Untracked AI Behavior
By the numbers:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
- 64% of valid secrets leaked in 2022 are still valid and exploitable today, proving that detection alone is not enough without automated revocation.
Questions worth separating out
Q: How should security teams govern AI tokens that are embedded in scripts and pipelines?
A: Treat each token as a managed non-human identity with an owner, scope, expiry, and revocation path.
Q: Why do long-lived API keys create more risk for AI systems than for traditional workloads?
A: AI systems can keep using a key long after the original experiment, approval, or owner has changed.
Q: What do organisations get wrong about shadow AI access?
A: They often focus on whether the AI output is acceptable instead of whether the underlying access is still appropriate.
Practitioner guidance
- Inventory AI-issued tokens as identities Build a register of every token, API key, certificate, and secret used by AI tools, agents, notebooks, and orchestration layers.
- Replace static credentials with short-lived identities Use dynamic, time-bound credentials wherever AI systems need to authenticate to cloud, SaaS, or internal services.
- Map tokens to the exact AI workflow that uses them Tie each secret to a specific workflow, service, or automation job rather than to a broad team or project bucket.
What's in the full article
Token Security's full blog covers the operational detail this post intentionally leaves for the source:
- A closer look at how tokens persist inside scripts, notebooks, CI/CD pipelines, and workflow automation.
- Operational guidance on replacing static tokens with short-lived identities in AI-connected environments.
- The article's framing of shadow access as an identity problem rather than a model or prompt problem.
- Practical detection steps for mapping token usage to specific AI workflows and services.
👉 Read Token Security's analysis of shadow AI tokens and untracked access →
Shadow access in AI systems: what IAM teams need to change?
Explore further
Shadow access is the correct name for persistent AI authentication without governance. Shadow AI only becomes operational risk when a token creates durable access that no one can clearly own, review, or revoke. That is not a tooling issue in the narrow sense, because the security boundary has shifted from the model to the identity behind it. Practitioners should treat shadow access as a distinct governance failure mode, not as a subset of generic shadow IT.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how limited identity discovery remains in practice.
A question worth separating out:
Q: How can teams tell if secret sprawl is becoming an identity problem?
A: When the same secret appears in multiple environments, has unclear ownership, or lacks a revocation process, it has moved from a configuration issue to an identity issue. That is the point where access paths become invisible and reviewable controls stop being effective. Visibility, ownership, and expiry are the key signals.
👉 Read our full editorial: Shadow AI tokens create hidden access paths beyond IAM control