What do security teams get wrong about shift-left and AI-assisted review?

Why This Matters for Security Teams

Shift-left is valuable, but security teams often overread its impact. AI-assisted review can improve pattern detection, code summarisation, and policy checks, yet it does not change the fact that many real exposures happen after deployment, when secrets, permissions, and runtime state diverge from what the scanner saw. That gap matters because NHI and agentic workloads are often exercised by tools, pipelines, and autonomous services rather than by predictable human workflows. Guidance from the NIST Cybersecurity Framework 2.0 still applies: identify, protect, detect, respond, and recover must extend beyond the build stage.

The security failure mode is not that review is useless. It is that teams mistake better pre-merge analysis for completed risk reduction. In environments where secrets are minted dynamically, access is inherited through service chains, and AI agents can chain tools at runtime, a clean review can coexist with dangerous production behaviour. The State of Non-Human Identity Security report found that lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, underscoring how often operational controls lag behind policy intent. In practice, many security teams encounter the breach only after deployment drift has already turned approved code into an active exposure.

How It Works in Practice

AI-assisted review is most effective when it narrows the workload for humans, not when it is treated as a substitute for runtime security. The strongest pattern is to use AI to flag risky code paths, hidden secret handling, suspicious dependency changes, and policy violations, then pair that with live controls that govern what the workload can actually do once it runs. For NHI-heavy systems, the decisive question is not only “is this code safe?” but “what identity, privilege, and credential state will this service have in production?”

That is where shift-left frequently breaks down. A build-time model can see a manifest, a diff, or an IaC template, but it cannot reliably predict deployment drift, ephemeral token misuse, or lateral movement through tool chains. Current best practice is evolving toward runtime authorisation, short-lived credentials, and workload identity. For example, a service can authenticate with a cryptographic workload identity, obtain just-in-time access scoped to a single task, and be denied if policy at request time no longer matches context. Standards such as NIST CSF 2.0 support this layered approach, but they do not remove the need for NHI-specific controls.

• Use AI-assisted review to find issues earlier, but require runtime policy checks before tool invocation or secret retrieval.
• Issue ephemeral credentials with tight TTLs so review findings do not become the only control boundary.
• Bind access to workload identity, not to static roles that assume predictable human behaviour.

The operational lesson is reinforced by The State of Non-Human Identity Security and the compromise patterns described in DeepSeek breach: review quality does not stop exposed secrets or overbroad access once the system is live. These controls tend to break down when organisations ship autonomous or fast-changing workloads without runtime identity enforcement, because the production state no longer matches the reviewed state.

Common Variations and Edge Cases

Tighter review often increases engineering friction, requiring organisations to balance faster delivery against the cost of false confidence. That tradeoff becomes sharper in AI-assisted pipelines because teams may assume the model caught what humans missed, then relax runtime guardrails too early. Guidance suggests treating AI review as a detection aid, not a decision authority, because there is no universal standard yet for how much residual risk a model can safely absorb.

The edge cases are usually operational. In regulated environments, static approvals may still be required for certain changes, but those approvals do not excuse uncontrolled production credentials. In agentic systems, the main exception is that the agent itself becomes part of the attack surface: it can call tools, escalate through chained prompts, or use valid secrets in ways the reviewer did not anticipate. That is why policy-as-code and request-time enforcement matter more than ever.

Security teams should also avoid overfitting the process to source code alone. If secrets are injected at deploy time, inherited from cloud roles, or exchanged via short-lived tokens, a shift-left workflow will miss the moment of actual exposure unless it also inspects runtime telemetry and identity state. This is where the NHI problem and the AI review problem overlap: the build may look clean while the live workload is already over-privileged, unmonitored, or operating with stale assumptions.

Related resources from NHI Mgmt Group

• What do security teams get wrong about AI-assisted webpage safety checks?
• What do security teams get wrong about shift-left for secrets?
• What do teams get wrong about AI security and access management?
• What do security teams get wrong about Shadow AI?