Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent identity risk: what IAM teams need to fix first


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9924
Topic starter  

TL;DR: Traditional IAM controls struggle to log, scope, and review AI interactions as GenAI becomes embedded in enterprise workflows, according to Knostic. The core issue is assumption drift: access review, authorization, and audit models still presume discrete human actions, while AI systems synthesize data across sources in ways those controls never modeled.

NHIMG editorial — based on content published by Knostic: Key Findings on Identity and Access Management

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents that can infer sensitive data from approved sources?

A: Security teams should govern AI agents by controlling retrieval scope, not just file permissions.

Q: Why do traditional IAM controls miss AI oversharing risks?

A: Traditional IAM controls miss AI oversharing because they were built for discrete actions such as login and file access, not semantic synthesis across many sources.

Q: How do organisations know if AI access controls are actually working?

A: They know controls are working when prompt logs, retrieval provenance, and generated outputs can be tied back to approved sources and sensitivity labels without unexplained disclosures.

Practitioner guidance

  • Extend IAM audit trails to cover AI interaction lineage Capture prompts, responses, retrieved sources, timestamps, and user identity in the same evidence stream so investigators can reconstruct what the AI actually exposed.
  • Bind retrieval paths to sensitivity labels Restrict which repositories, document classes, and source sets an AI system can use based on data sensitivity labels such as public, internal, and secret.
  • Review AI access by effective disclosure, not entitlement alone Use usage telemetry and risk scoring to identify roles that rarely need broad read access but routinely generate sensitive summaries or composite answers.

What's in the full article

Knostic's full article covers the operational detail this post intentionally leaves for the source:

  • How Knostic maps AI prompts, retrieved documents, and generated answers into an auditable lineage for enterprise review.
  • The role-based and sensitivity-based policy patterns used to reduce AI oversharing across tools such as Copilot and Glean.
  • Examples of how prompt and response logging can be operationalised inside existing SIEM and governance workflows.
  • The compliance framing for GDPR, HIPAA, and EU AI Act evidence expectations in AI-driven knowledge access.

👉 Read Knostic's analysis of IAM controls under GenAI pressure →

AI agent identity risk: what IAM teams need to fix first?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9408
 

AI agent identity risk is an IAM governance problem, not an AI side issue. When a model can retrieve, combine, and restate content across repositories, the classic boundary between authentication, authorization, and auditing stops being sufficient. The programme now has to govern how an identity behaves across prompt, retrieval, and synthesis, not just whether it authenticated successfully. Practitioners should treat AI output paths as part of the identity control plane.

A few things that frame the scale:

  • 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
  • 91.6% of secrets remain valid five days after the targeted organisation is notified, according to Ultimate Guide to NHIs.

A question worth separating out:

Q: What is the difference between DLP and IAM in AI data protection?

A: DLP can block or inspect outbound content, but IAM determines whether the AI was allowed to assemble that content in the first place. In AI environments, both matter, but IAM must define the retrieval boundary and the identity context. Without that, DLP only catches the symptom after the model has already inferred too much.

👉 Read our full editorial: AI agent identity risk is outpacing traditional IAM controls



   
ReplyQuote
Share: