They often inventory only the AI they built themselves and miss embedded AI inside vendor platforms and other shadow AI. That creates a false sense of control because the real decision surface is broader than the visible project list. A useful inventory must cover models, use cases, agents, owners, and the approvals attached to each one.
Why Security Teams Underestimate the Inventory Problem
ai governance inventories fail when they are treated like a software asset list instead of a control surface map. Security teams often record the models they selected, but miss embedded AI in SaaS, copilots inside infrastructure tooling, and shadow AI introduced by business units. The result is an approval register that looks complete while the real decision-making surface keeps expanding. NHI Management Group’s Top 10 NHI Issues shows why visibility gaps matter: without a complete inventory, governance starts after exposure has already spread.
This gap is especially dangerous because governance decisions depend on ownership, purpose, data access, and approval scope, not just on whether a model exists. The NIST AI Risk Management Framework treats mapping and measurement as core governance functions for a reason: you cannot assess risk you have not identified. In practice, many security teams discover “unknown” AI only after a vendor upgrade, a procurement review, or an incident review has already exposed it.
What a Useful Inventory Actually Needs to Capture
A practical inventory is broader than a model catalog. It should record the AI system, the business use case, the owner, the approval path, the data sources, the tools it can invoke, and whether it operates as an agent with execution authority. For agentic or autonomous workflows, the inventory should also capture what the system can do at runtime, because access can change per task. That is where static spreadsheets break down.
Current guidance from NIST Cybersecurity Framework 2.0 and the Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs suggests the inventory should be tied to lifecycle controls, not just discovery. That means onboarding, change approval, periodic attestation, and retirement all need traceability. Teams that do this well usually answer five questions for every entry:
- What exact AI capability is in use?
- Who owns the risk and approves the use?
- What data does it read, write, or transmit?
- What systems, agents, or secrets can it reach?
- How is it reviewed when the vendor changes behavior?
The inventory should also include embedded and third-party AI, because vendor risk is part of the governance surface. NHI Management Group’s research on visibility gaps in third-party OAuth connections reinforces that hidden integrations are where oversight collapses first. These controls tend to break down when business teams can enable AI features without security review because the approval chain never reaches the actual system owner.
Where Inventory Programs Go Wrong in Real Environments
Tighter inventory controls often increase administrative overhead, so organisations have to balance completeness against operational speed. Best practice is evolving, but the biggest mistake is treating every AI feature as equally risky or equally visible. A chatbot that summarizes public content is not the same as an autonomous agent that can open tickets, modify cloud resources, or trigger deployments. The inventory must distinguish between passive assistance and systems with execution authority.
Another common failure is assuming the record is static. AI toolchains change quickly, and a vendor update can add retrieval, memory, or action-taking ability without a new procurement event. That is why the NIST AI 600-1 Generative AI Profile is useful here: it pushes teams to govern generative use cases based on context, not labels. The operational pattern should be: discover, classify, assign an owner, set review cadence, and verify the actual permissions in use.
In practice, the hardest edge case is shadow AI embedded in trusted platforms, because no one sees it as a separate project and it escapes the inventory until an audit or incident forces the issue.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Inventory gaps often hide unmanaged NHI lifecycles and stale approvals. |
| CSA MAESTRO | GOV-01 | Agentic inventories must include ownership, approval, and execution scope. |
| NIST AI RMF | AI RMF requires identifying AI systems before risk can be measured or managed. |
Build inventories that map AI use cases, data, and accountability before assessing risk.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 23, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
