Subscribe to the Non-Human & AI Identity Journal
Home FAQ Governance, Ownership & Risk What do teams get wrong about trust and…
Governance, Ownership & Risk

What do teams get wrong about trust and safety programmes?

← Back to all FAQ
By NHI Mgmt Group Editorial Team Updated July 12, 2026 Domain: Governance, Ownership & Risk

They often split fraud prevention, content moderation, and identity governance into separate workflows. That creates blind spots because the same identity can be used for impersonation, abuse, and account compromise. A stronger model shares signals and ownership across those activities instead of treating them as unrelated problems.

Why This Matters for Security Teams

trust and safety programmes fail when they are organised around symptoms instead of shared identity risk. Fraud teams look for payment abuse, moderation teams look for harmful content, and identity teams look for account takeover, yet the same actor can move across all three using the same account, token, or service identity. That fragmentation makes it easy to miss coordinated abuse until it has already become a breach, a policy violation, or a large-scale trust event.

The issue is not just operational overhead. It is a governance failure that weakens detection, slows response, and leaves policy owners arguing over scope when they should be acting on the same signal. NHI Management Group notes that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys in its Ultimate Guide to NHIs, which is a reminder that identity misuse is rarely confined to one workflow. Current guidance from the NIST Cybersecurity Framework 2.0 also points toward integrated governance rather than isolated controls.

In practice, many security teams encounter the overlap only after the same identity has already been used to abuse multiple systems, rather than through intentional cross-programme monitoring.

How It Works in Practice

A stronger trust and safety model treats identity as the shared control plane. Instead of managing fraud, moderation, and identity assurance as separate queues, teams correlate signals across accounts, devices, sessions, tokens, API activity, and behavioural anomalies. That makes it possible to see when one actor is testing limits in one channel, pivoting into another, or using the same credential set to blend legitimate and abusive activity.

Practically, this means aligning detection rules, case management, and escalation paths around the identity, not around the incident category. A suspicious login may become fraud when paired with payout changes, or become abuse when paired with bot-like posting patterns. The control objective is to preserve context so response teams can act on the full pattern instead of a single event. The Ultimate Guide to NHIs is relevant here because it frames identity governance, lifecycle control, and visibility as ongoing operational disciplines rather than one-time security tasks.

  • Use one identity graph for fraud, abuse, and access events.
  • Share risk scores and decisions across product, security, and operations.
  • Bind response playbooks to the identity and session, not just the incident label.
  • Review privileged service accounts, API keys, and automation credentials as part of trust and safety triage.

Best practice is evolving, but current guidance suggests that cross-functional ownership works better than separate programme silos because it reduces duplicate investigations and exposes coordinated abuse faster. The NIST Cybersecurity Framework 2.0 supports that model by emphasising governance, detection, and response as connected capabilities. These controls tend to break down in high-volume consumer platforms with multiple product teams because identity signals are inconsistent across systems and no single team owns the full user journey.

Common Variations and Edge Cases

Tighter cross-programme correlation often increases operational load, requiring organisations to balance better visibility against privacy, tooling, and case-management complexity. That tradeoff becomes sharper when trust and safety work spans multiple regions, regulated product lines, or third-party platforms, because legal constraints can limit which signals may be shared and how long they can be retained.

There is no universal standard for this yet, so teams should avoid assuming that one playbook fits every abuse pattern. For example, a creator platform may need stronger moderation and impersonation controls, while a payments platform may prioritise fraud and account recovery. The shared principle is still the same: a single identity can drive multiple harms, and programme boundaries should not prevent teams from seeing that. The NHI Management Group research on the Ultimate Guide to NHIs is useful because it highlights how poor visibility and excess privilege amplify risk across environments, not just within one team’s remit.

Teams also get this wrong when they over-automate enforcement. Hard blocks without context can punish legitimate users who share devices, credentials, or workflows in constrained environments. The better model is graduated response, where risk signals trigger step-up verification, review, or scope-limited restrictions before full suspension.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-01Identity sprawl and weak lifecycle controls enable cross-program abuse.
OWASP Agentic AI Top 10A-03Shared signals matter when autonomous systems can chain actions across workflows.
CSA MAESTROGOV-2Trust and safety needs shared governance across identity, abuse, and fraud teams.
NIST AI RMFAI risk management supports coordinated oversight of dynamic trust decisions.
NIST CSF 2.0GV.RM-01Risk management should unify trust, safety, and identity governance.

Inventory every non-human identity and tie trust signals to its owner, purpose, and lifecycle.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 12, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org