Always-on privileged access for AI identities: what is changing?

TL;DR: 91% of organisations still say at least half of privileged access is always on, while only 1% have fully implemented just-in-time privileged access and 45% apply the same controls to AI agents as to humans, according to CyberArk research. That combination turns privilege sprawl into a structural governance problem, not a tooling gap.

NHIMG editorial — based on content published by CyberArk: the privilege reality gap in AI and cloud environments

By the numbers:

• Only 1% have fully implemented a modern Just-in-Time privileged access model.
• 45% apply the same privileged access controls to AI agents as they do to human identities.

Questions worth separating out

Q: How should security teams reduce always-on privileged access in cloud environments?

A: Start by identifying which privileged accounts truly need persistent access and which can be moved to just-in-time elevation.

Q: Why do AI agents complicate privileged access governance?

A: AI agents complicate privileged access governance because they can act at runtime and execute sensitive tasks faster than human review workflows can keep up.

Q: What breaks when organisations manage human and machine privilege the same way?

A: What breaks is accountability.

Practitioner guidance

• Inventory standing privilege across all identity types Build a single view of privileged accounts, service identities, and AI-driven access paths so you can see where persistent access still exists.
• Move high-risk access to just-in-time issuance Use time-bound elevation for sensitive actions rather than leaving privilege continuously available.
• Separate AI agent controls from human access policies Do not inherit human approval patterns automatically for AI-driven identities.

What's in the full report

CyberArk's full article covers the operational detail this post intentionally leaves for the source:

• Survey methodology and respondent breakdown across PAM, IAM, and infrastructure roles
• The full set of research findings on always-on privilege, AI policy gaps, and tool fragmentation
• CyberArk's suggested privilege-modernisation themes for human, machine, and AI identities
• Research context on how the survey was conducted by Censuswide

👉 Read CyberArk's research on the privilege reality gap for AI and cloud →

Always-on privileged access for AI identities: what is changing?

Explore further

View Full Forum →  |  NHI Foundation Course →