Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Shadow AI and agent access: are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9773
Topic starter  

TL;DR: Businesses are adopting AI agents faster than security teams can govern them, and unvetted agents are being granted access to credentials, systems, and data, according to Bitwarden. The core problem is that existing access models assume stable, reviewable identities, while agentic workflows can create over-scoped access and unapproved actions before controls catch up.

NHIMG editorial — based on content published by Bitwarden: agentic AI credential security and shadow AI risk

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents that use corporate credentials?

A: Treat AI agents as distinct governed identities with task-scoped access, approval boundaries, and audit trails.

Q: Why do AI agents create more access risk than ordinary automation?

A: AI agents can choose actions at runtime and may interact with multiple tools, data sources, and credentials inside one session.

Q: What do security teams get wrong about shadow AI?

A: They often focus on the unauthorized application and miss the credential path that makes it dangerous.

Practitioner guidance

  • Classify AI agents as governed identities Assign ownership, approval, and review paths to agents that touch production data, secrets, or admin workflows.
  • Remove reusable secrets from agent-visible workflows Replace plaintext credentials, copied API keys, and long-lived tokens wherever agents can read them directly.
  • Gate agent access with task-scoped approvals Require explicit human-in-the-loop approval for high-risk agent actions, especially when the workflow reaches administrative systems or sensitive data stores.

What's in the full article

Bitwarden's full analysis covers the operational detail this post intentionally leaves for the source:

  • The specific Bitwarden workflows for Secrets Manager, Access Intelligence, Agent Access SDK, and MCP server deployment.
  • Operational guidance for using just-in-time access and human-in-the-loop approvals with approved agents.
  • The product-level distinctions between end-to-end encryption, zero-knowledge handling, and self-hosted AI assistant integration.
  • Practical examples of how Bitwarden positions agent access across development, admin, and password management use cases.

👉 Read Bitwarden's analysis of agentic AI credential security and shadow AI →

Shadow AI and agent access: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9257
 

Shadow AI is an identity governance failure, not just an adoption problem: once employees can attach agents to real credentials without approval, the organisation has lost visibility into who or what is acting. That breaks the basic governance assumption that access is discovered, approved, and reviewed before it is operationalised. The practitioner implication is that agent governance must be folded into the same oversight model used for machine identities and privileged access.

A few things that frame the scale:

  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

A question worth separating out:

Q: Who should own AI agent access reviews and offboarding?

A: The same function that owns other identity governance decisions should own agent lifecycle controls, with clear accountability from the business owner to security and IAM. If agents can be created quickly but never formally retired, access reviews will miss the identities that drift furthest from their intended purpose.

👉 Read our full editorial: Agentic AI credential security is exposing shadow AI access gaps



   
ReplyQuote
Share: