Notifications

Clear all

AI governance and identity controls: what IAM teams are missing

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 8151

Topic starter 24/06/2026 8:40 pm

TL;DR: AI governance now has to span ethics, compliance, lifecycle management, and technical controls as organizations deploy AI across regulated and customer-facing workflows, according to Kong. The missing piece is identity governance for AI systems, because governance without access control, auditability, and lifecycle discipline leaves the highest-risk failures untouched.

NHIMG editorial — based on content published by Kong: What is AI Governance? 2026 Framework Guide

By the numbers:

Only 37% have policies to manage AI or detect shadow AI.

Questions worth separating out

Q: How should organisations govern AI systems that can access business data and APIs?

A: Organisations should govern AI systems as identities with defined owners, scoped permissions, review points, and retirement paths.

Q: Why do shadow AI deployments create so much governance risk?

A: Shadow AI creates governance risk because systems that are not discovered cannot be approved, monitored, or retired.

Q: What do security teams get wrong about AI governance programmes?

A: Security teams often treat AI governance as a policy or ethics exercise rather than an operational control problem.

Practitioner guidance

Define AI identity ownership Assign a named business and security owner to every deployed AI system, with responsibility for access scope, monitoring, and retirement.
Build lifecycle checkpoints into AI approvals Require entry, review, validation, and retirement checkpoints for AI systems, and tie them to evidence that can survive audit and incident review.
Inventory shadow AI before scaling usage Discover every AI system connected to business data or APIs, then classify it by owner, data access, and operational purpose.

What's in the full article

Kong's full article covers the framework detail this post intentionally leaves at a higher level:

A fuller breakdown of how Kong maps AI governance to NIST AI RMF, ISO/IEC 42001, and the EU AI Act.
Examples of AI governance controls across healthcare, finance, and retail use cases.
A deeper explanation of bias testing, transparency, accountability, and privacy controls.
Lifecycle management considerations for AI systems from design through retirement.

👉 Read Kong's framework guide on AI governance and lifecycle controls →

AI governance and identity controls: what IAM teams are missing?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

9,443 Topics

15.6 K Posts

76 Online

135 Members

Latest Post: DNS TTL and propagation speed: are your change windows safe? Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies