Read the full analysis from Clarity Security →
Every conversation about enterprise AI security gravitates toward the same concerns — model safety, data privacy, vendor risk, prompt hygiene. But one question consistently gets skipped, and it is the one that will define how organisations respond when something goes wrong: who provisioned that access, and can you account for it right now?
In this piece, Clarity Security CEO Alexis Moyse argues that AI governance is already behind. Shadow AI adoption didn’t wait for IT to build a framework around it. According to IBM’s Cost of a Data Breach report, 63% of organisations lack formal AI governance policies — yet AI tools are being connected to business systems every day by people who have no reason not to. A marketing team connects an AI tool to the CRM. Finance integrates an automated reporting platform. Operations deploys a workflow agent that touches core systems. Each one creates a non-human identity with real access to production data, provisioned outside IT, never reviewed, with no plan for removal when the use case ends.
The structural blind spot in existing governance programs
IGA programs were built around the human identity lifecycle. Non-human identities created by AI tools fall entirely outside that model. Quarterly access certifications assume access belongs to a person with a manager who can review it. When an AI agent is granted broad access during a proof of concept and the pilot quietly winds down, no certification cycle catches the orphaned credential. There is no manager to attest to it, no offboarding trigger to remove it. It persists, and the attack surface expands.
The enterprise identity landscape was already skewed in this direction before AI accelerated it. The average enterprise carries a 144:1 ratio of non-human to human identities. AI isn’t creating this problem from scratch — it is compounding one that already exists.
The regulatory exposure is real
Regulators across financial services, healthcare, and cross-industry frameworks including NIST CSF 2.0 are increasingly treating non-human identity governance as a direct examination concern. NIST CSF 2.0 explicitly calls out non-human identities as requiring the same governance rigour as human ones. IBM research found that 97% of organisations that reported an AI-related breach lacked proper AI access controls at the time of the incident. The assumption that non-human identities fall outside the audit boundary is one organisations are finding harder to sustain.
What good governance of AI access looks like
Moyse sets out four requirements: visibility across every identity in the environment including shadow-adopted AI integrations; least-privilege provisioning enforced through policy rather than left to whoever sets up the integration; continuous logging of every access event tied to a non-human identity; and the ability to produce a defensible inventory on demand — not assembled before an audit but produced as a function of how the program operates every day.
The organisations with the strongest position as AI adoption scales are not those with the most restrictive AI policies. They are the ones with a governance layer that can see every identity, AI ones included, and demonstrate appropriate access on demand. Without it, shadow adoption today becomes a legacy governance gap tomorrow — one that grows harder to remediate as ungoverned identities accumulate and institutional memory of who connected what, and why, fades.
