Notifications
Clear all
Topic starter
27/06/2026 1:41 pm
TL;DR: Abnormal says it is giving every employee access to AI tools, with sales, product, and recruiting already using agents and automation to reshape work, according to Abnormal AI. The governance issue is not whether AI helps productivity, but whether identity, access, and accountability controls can keep pace with employee-level AI use.
NHIMG editorial — based on content published by Abnormal AI: Key Insights on transforming internal operations with AI
Questions worth separating out
Q: How should security teams govern employee use of AI tools in daily work?
A: Treat employee AI use as a governed access pattern, not an informal productivity choice.
Q: Why does widespread AI adoption create non-human identity risk?
A: Because most useful AI workflows depend on underlying connectors, API keys, service accounts, or delegated tokens.
Q: What breaks when AI transformation is not tied to identity governance?
A: Accountability breaks first, because no one can reliably trace who approved the workflow, who owns the credentials, and who validates the outputs.
Practitioner guidance
- Map AI-enabled workflows to identity owners Assign a named owner to every employee workflow that uses AI to touch customer data, product content, or recruiting data.
- Review delegated access around AI tools Check whether AI tools can read, write, or trigger actions beyond the employee's original role.
- Separate experimentation from production use Create clear policy differences between exploratory AI use and AI that affects customers, content, or hiring decisions.
What's in the full article
Abnormal AI's full article covers the operational detail this post intentionally leaves for the source:
- Concrete examples of how sales, product, and recruiting teams are using AI in daily workflows
- The company narrative around why it sees AI-native operations as an internal operating model
- Specific examples of employee enablement and how the organisation frames accountability
- The public-facing transformation stories used to show what the company means by AI adoption
👉 Read Abnormal AI's article on transforming internal work with AI →
AI transformation in public: what does it mean for IAM teams?
Explore further
27/06/2026 3:08 pm
Employee-wide AI access turns AI adoption into an identity governance problem, not just a productivity initiative. When every role can reach AI tools, the security question shifts from who can log in to what that person can cause the organisation to do through AI-enabled workflows. That requires IAM, IGA, and lifecycle controls to treat prompts, connectors, and delegated actions as governed access paths. Practitioners should stop measuring AI adoption only as usage and start measuring it as a new access layer.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: How do organisations separate AI experimentation from governed production use?
A: Use different controls for each stage. Experimentation can be limited and sandboxed, but production AI use should require documented ownership, approved data access, audit logging, and scheduled review. The key test is whether the workflow can affect a customer, a record, or a business decision without a human control point.
👉 Read our full editorial: AI transformation in public raises the bar for internal IAM
