Catalog drift is the gap between what the governance catalog says exists and what the live environment actually contains. It appears when synchronization is too slow, ownership changes are not captured, or manual processes cannot keep pace with platform growth and schema change.
Expanded Definition
Catalog drift is the state where governance records, inventories, and approval workflows no longer match the live set of NHIs, secrets, APIs, or agent permissions actually operating in production. In NHI governance, the drift can affect ownership, expiration dates, scopes, rotation status, and even whether an identity still exists at all.
The concept is closely related to inventory hygiene, but it is narrower and more operational: a catalog can be “complete” on paper while still being stale because changes in cloud platforms, CI/CD systems, and agent toolchains were never captured. No single standard governs this yet, so usage in the industry is still evolving. Practitioners often map the problem to NIST Cybersecurity Framework 2.0 visibility and asset management outcomes, but the NHI-specific risk is that stale records create false confidence in access governance.
The most common misapplication is treating catalog drift as a documentation issue, which occurs when teams assume reconciliation can wait until the next quarterly review.
Examples and Use Cases
Implementing catalog control rigorously often introduces reconciliation overhead, requiring organisations to weigh stronger governance against slower platform change and more admin effort.
- A service account is deleted in the cloud platform, but the catalog still shows an active owner and rotation schedule, so auditors approve access that no longer exists.
- An API key is reissued during a deployment rollback, yet the catalog is not updated, leaving security teams blind to which key is live and which one should be revoked.
- An agent receives new tool permissions during a workflow change, but the governance record still reflects the older, narrower scope, creating hidden privilege expansion.
- A team inherits a data pipeline with shared secrets, and the catalog lists the previous owner, making offboarding and accountability fail during a handover.
- During a breach investigation, investigators compare the catalog to the production environment and discover that the live inventory has diverged for months, similar to what the Salesloft OAuth token breach illustrates in practice.
That gap is why catalog drift is not just a records problem. It affects the reliability of access reviews, incident response scoping, and rotation enforcement, especially when the environment changes faster than human approval cycles. For a broader NHI context, NHI Mgmt Group’s Ultimate Guide to NHIs explains why visibility and lifecycle control are foundational.
Why It Matters in NHI Security
Catalog drift weakens every downstream control that depends on an accurate source of truth. If the catalog is stale, owners cannot be reached, privileged accounts may remain active after projects end, and dormant secrets can continue to authorize workloads long after the business thinks they have been retired. This is especially dangerous in NHI environments because machine identities scale quickly and often outnumber humans by 25x to 50x, making manual reconciliation unreliable.
The risk is not theoretical. NHI Mgmt Group reports that only 5.7% of organisations have full visibility into their service accounts, and 96% store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, which makes drift easier to create and harder to detect. That is why catalog accuracy belongs alongside rotation, offboarding, and least privilege in any governance program. The most common operational failure is discovering the gap only after a token leak, audit finding, or production incident forces a point-in-time rebuild of the inventory.
Organisations typically encounter catalog drift only after an access review, breach, or outage exposes the mismatch between records and reality, at which point remediation becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Catalog drift undermines accurate NHI inventory and ownership tracking. |
| NIST CSF 2.0 | ID.AM-1 | Asset inventory control depends on catalog-to-environment alignment. |
| NIST Zero Trust (SP 800-207) | PA | Zero Trust policy decisions fail when authoritative identity context is stale. |
Use continuous verification and inventory reconciliation before granting machine access.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 27, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
