Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI collaboration risk: what security teams are missing right now


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: The gap is no longer adoption, but governance that can keep pace with AI operating across collaboration channels, according to Proofpoint’s 2026 AI and Human Risk Landscape report. The report finds that 87% of organizations already have AI assistants beyond pilot, 76% are rolling out autonomous agents, and 52% are not fully confident their controls would detect a compromised AI, based on a survey of 1,400+ security professionals across 12 countries.

NHIMG editorial — based on content published by Proofpoint: AI and Human Risk Landscape report preview for 2026

By the numbers:

Questions worth separating out

Q: How should security teams govern personal AI assistants that act on behalf of employees?

A: Treat each assistant as a distinct non-human actor with its own identity, policy scope, and audit trail.

Q: Why do AI-related incidents become harder to investigate across email, SaaS, and collaboration apps?

A: They become harder to investigate because the evidence is split across systems that do not naturally share a common identity or action timeline.

Q: What do security teams get wrong about AI access risk?

A: Many teams focus on the model while ignoring the identity path that reaches it.

Practitioner guidance

  • Map AI assistants and agents to governed identities Inventory every AI assistant, agent, and workflow that can access email, SaaS, collaboration, or file-sharing systems.
  • Correlate identity events across collaboration channels Join authentication, consent, message, file, and agent telemetry into one investigation path so analysts can follow the sequence of actions across tools.
  • Constrain AI permissions to task-level access Limit assistants and agents to the minimum permissions needed for a specific workflow, and separate read, write, and delegation capabilities wherever possible.

What's in the full report

Proofpoint's full report covers the operational detail this post intentionally leaves for the source:

  • Regional comparisons across 12 countries that help benchmark maturity and exposure.
  • Real-world incident case studies showing how AI-related attacks move across collaboration channels.
  • Threat intelligence on OAuth consent abuse, AI-built phishing infrastructure, and prompt injection in the wild.
  • A framework for separating collaboration security from AI security so teams can align the right controls to each problem.

👉 Read Proofpoint's full AI and Human Risk Landscape report →

AI collaboration risk: what security teams are missing right now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

AI collaboration security is now an identity governance problem, not just a content threat problem. Once AI assistants and autonomous agents operate inside collaboration channels, they inherit trust relationships that IAM, PAM, and NHI teams would normally want to scope tightly. The report’s central lesson is that access, delegation, and visibility have to be managed together across the full collaboration path. Practitioners should treat AI-enabled collaboration as governed identity infrastructure.

A question worth separating out:

Q: How do organisations know whether AI governance is actually working?

A: AI governance is working when teams can prove that data access, identity permissions, and runtime controls line up with policy in practice. A useful test is whether the organisation can answer who accessed what, through which identity, and whether any out-of-policy movement was blocked or detected in time.

👉 Read our full editorial: AI collaboration risk is outpacing security controls in 2026



   
ReplyQuote
Share: