Subscribe to the Non-Human & AI Identity Journal
Home FAQ Governance, Ownership & Risk Why do multimodal AI systems create new governance…
Governance, Ownership & Risk

Why do multimodal AI systems create new governance risks for identity teams?

← Back to all FAQ
By NHI Mgmt Group Editorial Team Updated July 5, 2026 Domain: Governance, Ownership & Risk

Because the system can be reached legitimately and still be manipulated after access is granted. Identity controls may authenticate the user or service, but they do not stop attacker instructions buried in images from altering what the model says or does. That makes execution boundaries and content trust part of governance.

Why This Matters for Security Teams

Multimodal systems change the risk model because identity controls only prove who or what is allowed to connect, not whether the content they receive is safe to act on. A user, service, or agent can be fully authenticated and still be steered by hidden instructions in an image, document, or audio clip. That creates a governance gap between access approval and execution trust.

For identity teams, the issue is not just authentication. It is the moment after authentication, when the model interprets content and may generate output, call tools, or chain actions. Current guidance suggests this should be treated as a trust-boundary problem, not a pure access-control problem, which is why the NIST Cybersecurity Framework 2.0 and NHI governance research from Ultimate Guide to NHIs both emphasize visibility, control, and lifecycle discipline.

NHI Management Group research shows that 71% of NHIs are not rotated within recommended time frames, and 97% carry excessive privileges, which is a reminder that the same identity weaknesses that affect service accounts can be amplified when multimodal systems are allowed to operate on untrusted inputs. In practice, many security teams encounter content injection only after the model has already produced an unsafe action or disclosure, rather than through intentional testing.

How It Works in Practice

Multimodal governance starts by separating identity trust from content trust. Identity proves the caller, but the workload still needs controls that inspect, classify, and constrain the data being processed. In a multimodal pipeline, the model may receive text plus images, PDFs, screenshots, or audio, and attacker instructions can be embedded in any of them. That means the control point is not only login or API authentication, but also runtime policy over what the system is permitted to read, summarize, transform, or send onward.

Practitioners are increasingly using a layered approach:

  • Authenticate the human, application, or agent with strong workload identity.
  • Apply request-time policy decisions before content reaches the model or downstream tools.
  • Constrain tool use so the model cannot freely execute actions based on untrusted prompts.
  • Monitor outputs for unsafe disclosures, command following, and unexpected data movement.

This is where agentic and multimodal risks converge. If an AI agent can observe an image and then invoke a ticketing system, browser, or code tool, an attacker can turn a visual prompt into a chain of privileged actions. That is why the emerging guidance from NIST AI Risk Management Framework and OWASP NHI Top 10 points toward runtime governance, not static allowlists alone. The 52 NHI Breaches Analysis also reinforces a familiar pattern: identity compromise and over-privilege usually become visible only after the system has already been used in ways defenders did not predict. These controls tend to break down when multimodal inputs flow directly into autonomous tool execution without an intervening policy gate because the model can be manipulated after valid access is granted.

Common Variations and Edge Cases

Tighter multimodal controls often increase friction, latency, and review overhead, so organisations need to balance user experience against the cost of preventing hidden-instruction attacks. There is no universal standard for this yet, especially in environments where the model is both interpreting content and making operational decisions.

One common edge case is internal content. Teams sometimes assume that images, PDFs, or screenshots from inside the organisation are trustworthy because they originate from approved accounts. That assumption is fragile. Another is vendor-hosted workflow automation, where a multimodal assistant can inherit broad SaaS permissions and then act on content from email, chat, or file uploads. In those cases, the identity is legitimate but the workload behaviour is not fully predictable.

Best practice is evolving toward content-aware controls, per-task privilege limits, and explicit execution boundaries for anything that can trigger side effects. For identity teams, that means mapping not only who can call the model, but also what kinds of content the model can consume and what actions it can initiate afterward. NHI governance from Top 10 NHI Issues is directly relevant here because excessive privilege and weak lifecycle control make multimodal misuse harder to contain once a workflow is compromised. The sharpest failures appear in high-trust internal automations where a single approved identity can process untrusted media and then trigger downstream systems without human review.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10LLM-05Multimodal injection turns trusted inputs into unsafe agent actions.
CSA MAESTROT1MAESTRO addresses autonomy, tool use, and runtime guardrails for agents.
NIST AI RMFAI RMF applies to managing trustworthy behavior and misuse in AI systems.

Govern multimodal systems with risk assessment, monitoring, and post-deployment controls.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 5, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org