Notifications
Clear all
Topic starter
22/06/2026 10:22 am
TL;DR: More than 200 customers, 150 product enhancements, and nearly 70 releases in 2025 underscore that visibility, policy enforcement, and lifecycle governance for AI tools and non-human identities are becoming core operating requirements, not optional add-ons, according to Nudge Security. The company appointed Patrick Dillon as its first chief revenue officer as it expands around SaaS, AI security governance, and AI agent discovery.
NHIMG editorial — based on content published by Nudge Security: the appointment of Patrick Dillon as chief revenue officer and the company’s AI security governance update
By the numbers:
- Since its launch in October 2022, Nudge Security has experienced exponential growth, tripling ARR for two consecutive years, onboarding over 200 customers, and delivering rapid product innovation.
- The company has publicly announced over 150 product enhancements since the platform became generally available, with nearly 70 feature releases in 2025 alone.
Questions worth separating out
Q: How should security teams govern AI tools that create non-human identities?
A: Security teams should treat AI tools as identity-bearing services, not just applications.
Q: Why does SaaS sprawl make non-human identity governance harder?
A: SaaS sprawl creates more delegated access paths than most IAM programmes can track manually.
Q: What do teams get wrong about AI agent discovery?
A: Teams often treat discovery as a one-time inventory exercise, but AI-connected access changes as users add apps, permissions, and workflows.
Practitioner guidance
- Map AI-connected SaaS identities first Inventory every AI tool, connector, OAuth grant, and API credential that can reach enterprise data.
- Bind non-human access to business ownership Require a named business owner, technical owner, and review cadence for each non-human identity.
- Recertify when scope changes Trigger review when an AI tool adds a new data source, new connector, or broader permission set.
What's in the full analysis
Nudge Security's full article covers the operational detail this post intentionally leaves for the source:
- The full press release includes Patrick Dillon’s leadership background and prior go-to-market roles across cybersecurity and enterprise software.
- It also details the company’s growth claims, including customer count, ARR expansion, and product release cadence.
- The source text names the new AI agent discovery capability and explains how the vendor positions visibility as the first layer of governance.
- It provides the company’s own framing of how its SaaS, third-party risk, and AI governance messaging fits together.
👉 Read Nudge Security’s announcement on its new CRO and AI governance focus →
AI governance scale-up: what Nudge Security’s CRO hire signals?
Explore further
22/06/2026 11:15 am
Visibility has become the first governance control for AI tool sprawl. The vendor’s message reflects a broader reality across SaaS and NHI programmes: if security teams cannot see the identities created by AI tools, they cannot govern them. Discovery is no longer a reporting feature, it is the prerequisite for ownership, classification, and review.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to Astrix Security & CSA.
- 45% of organisations cite lack of credential rotation as the top cause of NHI-related attacks, with inadequate monitoring and logging and over-privileged accounts each named by 37%, according to Astrix Security & CSA.
A question worth separating out:
Q: Who should be accountable for non-human identities created by employees?
A: Accountability should sit with the business owner of the workflow, the technical owner of the integration, and the security team governing policy. If no one owns the lifecycle, the identity becomes a permanent exception. That is how delegated access persists after the original use case no longer exists.
👉 Read our full editorial: Nudge Security’s CRO hire signals a scale-up in AI governance
