They should combine discovery, approval, and revocation workflows so unmanaged tools are found before departure and checked again after access removal. Offboarding should include browser sessions, connected apps, and external sharing paths. If a tool was never inventoried, security cannot assume it is harmless.
Why This Matters for Security Teams
shadow saas and shadow ai turn offboarding into a discovery problem, not just a deprovisioning problem. If an employee used unsanctioned browser extensions, personal AI accounts, or connected apps, standard IAM and endpoint disablement can miss the actual access path. That is why security teams need discovery, approval, and revocation in one flow, not as separate clean-up tasks. The lifecycle discipline described in the NHI Lifecycle Management Guide applies here because unmanaged tools often persist outside ticketing and inventory systems.
The risk is not theoretical. NHIMG research shows that 91% of former employee tokens remain active after offboarding in the source study from Entro Security, which is a strong indicator that access removal frequently lags behind real-world usage. That aligns with the broader control emphasis in NIST Cybersecurity Framework 2.0, where asset visibility and recovery are part of resilient operations, not optional hygiene. In practice, many security teams encounter shadow tools only after a former worker has already forwarded data, synced files, or left an active browser session behind.
How It Works in Practice
The practical model is to treat offboarding as a search for hidden trust relationships. Start by discovering browser sessions, OAuth grants, SSO-connected apps, AI assistant accounts, API keys in local development tools, and any external sharing paths that survive account disablement. Then classify each tool as approved, tolerated, or prohibited, and revoke access in that order of priority. This is where the Top 10 NHI Issues is useful, because shadow access usually depends on overlooked tokens, duplicated secrets, or stale integrations rather than a single obvious account.
For AI-specific offboarding, also revoke prompt-history access, workspace connectors, and agent permissions that may continue to operate after the human leaves. If the user created a shadow workflow in a personal AI tool, disable connected exports, retrain sharing rules, and reset any secrets embedded in scripts or automations. Current guidance suggests tying these checks to a formal NHI lifecycle process, as covered in the Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs, because access rarely ends neatly at account closure.
- Inventory browser sessions and refresh tokens before disabling the primary account.
- Revoke connected apps, AI plugins, and OAuth grants from the identity provider and the target app.
- Scan for shared folders, chat exports, and external collaboration links that remain active.
- Search for secrets in developer tooling, scripts, and local vaults tied to the departing person.
- Re-check after 24 to 72 hours to catch re-authentication, cached access, or delegated trust paths.
These controls tend to break down in highly decentralized environments because personal devices, unmanaged browsers, and unsanctioned AI tools sit outside the approval boundary.
Common Variations and Edge Cases
Tighter offboarding controls often increase operational overhead, requiring organisations to balance speed of exit against the depth of investigation. That tradeoff matters most when the workforce is hybrid, contractors rotate quickly, or teams routinely use personal SaaS accounts for productivity shortcuts.
There is no universal standard for this yet, especially for shadow AI. Some organisations treat any unsanctioned AI use as a policy violation, while others allow limited use if data controls are enforced. The right answer depends on data sensitivity, legal exposure, and whether the tool can be tied to an approved identity control. For workforce processes, Salesloft OAuth token breach and the DeepSeek breach both illustrate how exposed tokens and hidden integrations can outlive the user who created them. That is why best practice is evolving toward conditional revocation, where access is removed immediately but verified again after session expiry, app callbacks, and shared-workspace cleanup. Organisations that ignore this usually discover the problem through data leakage, not through a clean offboarding checklist.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Addresses stale NHI credentials and revocation gaps after offboarding. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access management supports removal of lingering shadow access. |
| NIST AI RMF | AI RMF applies where shadow AI use creates ungoverned data and tool access. |
Inventory and revoke all NHI tokens, keys, and grants during offboarding, then verify no active sessions remain.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on May 28, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
