Notifications
Clear all
Topic starter
22/06/2026 10:17 am
TL;DR: AI is widening existing gaps in visibility, permissions, and identity hygiene, and Netwrix says a unified DSPM plus ITDR approach is meant to help organisations find sensitive data, prioritise identity and data risk, and see who can access what across hybrid environments. The core issue is not AI itself but the access model AI inherits, which breaks when governance remains fragmented.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams govern AI tools that inherit existing access rights?
A: Teams should treat inherited access as the primary risk, not the AI interface itself.
Q: Why do AI copilots create identity and compliance risk in hybrid environments?
A: AI copilots create risk because they reuse the permissions already present in the environment, including over-broad human and non-human access.
Practitioner guidance
- Map inherited access before enabling AI tools Inventory which human and non-human identities AI tools can act through, then identify the sensitive systems and datasets those identities already reach.
- Classify sensitive data and tie it to entitlement paths Use DSPM-style discovery to identify sensitive datasets, then connect each dataset to the identities and roles that can reach it.
- Unify identity and detection telemetry for investigations Combine identity audit data with threat detection so investigators can trace who accessed what, when, and through which account or workflow.
What to expect at the briefing
Netwrix's full webinar preview covers the operational detail this post intentionally leaves for the source:
- The positioning for Netwrix 1Secure as a merged DSPM and ITDR offer for AI-ready environments.
- The partner-facing use cases for discovering sensitive data, prioritising identity and data risk, and strengthening investigations.
- The practical claim about deploying the platform in an hour, including how Netwrix frames implementation and use-case fit.
- The webinar agenda for partners who want to turn AI-driven risk into a customer conversation.
👉 Register for Netwrix's webinar on unifying data and identity security for safe AI adoption →
AI adoption and identity control: where visibility gaps are widening?
Explore further
22/06/2026 11:06 am
AI security programmes fail fastest at the boundary between data discovery and identity control. The article points to a common enterprise pattern: organisations can discover sensitive data or manage identity, but not always both in one control plane. That gap becomes more serious when AI tools inherit access from existing accounts and workflows. The implication is that governance models built around separate data and identity teams will miss the combined risk surface.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, 46% confirmed and 26% suspected, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, according to The 2024 ESG Report: Managing Non-Human Identities.
A question worth separating out:
Q: How do organisations decide whether to prioritise DSPM or ITDR first?
A: They should not treat them as competing options. DSPM is needed to discover and classify sensitive data, while ITDR is needed to detect abnormal identity behaviour and misuse. If the organisation lacks both, start where the largest blind spot exists, but plan for correlation so the two controls support the same investigation and governance model.
👉 Read our full editorial: AI adoption exposes the gap between data security and identity control
