A few things worth adding from our research at NHI Mgmt Group.
Shadow AI is an NHI governance problem before it is an AI policy problem. Once an unsanctioned agent can call tools, read data, or trigger workflows, it behaves like a non-human identity with reach across systems. That means discovery, ownership, and privilege scoping must come first, or policy discussions remain theoretical. Practitioners should treat any unmanaged agent as a live identity risk.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can SOC teams use identity context to improve response to agent activity?
A: SOC teams should correlate alerts with the identity’s owner, intended purpose, and assigned privileges before escalating. That lets analysts distinguish expected automation from misuse, spot privilege abuse faster, and reduce alert fatigue caused by machine-driven activity that lacks context.
👉 Read our full editorial: Shadow AI and non-human workforce governance at Gartner SRM 2026