


























An employee with persistent, unsupervised admin access across critical systems, with no audit trail, no clear owner, and no regular access reviews, would raise immediate concern in most organizations.
Yet non-human identities and AI agents are often granted that same kind of persistent, broadly privileged access. As AI adoption grows, that gap is becoming harder to ignore.
NHIs today encompass far more than traditional service accounts and API keys. They also often include AI agents that make autonomous decisions, automated workflows with cross-system access, and shadow AI tools deployed by business users.

Security teams think they’re ready for AI adoption at scale. A recent Delinea survey shows 87% of organizations say their identity security posture is prepared. However, NHIs operate with speed and behavior patterns that legacy controls weren’t designed to handle, and IT teams are aware, with 46% of those surveyed admitting that their AI identity governance is deficient.
This dissonance represents a risky double standard in enterprise security.
Three fundamental factors drive this double standard, each reinforcing the others to create a cycle of compromised identity governance.
When tension arises between security requirements and business speed, fewer than 1 in 3 organizations enforce security requirements consistently.
These deployments bypass traditional provisioning processes, creating unmonitored access points that security teams struggle to detect.
The operational reality makes this challenge even more complex. According to the survey data, 74% of organizations say standing access for NHIs and AI agents is necessary to meet uptime expectations. Meanwhile, 59% report they lack viable alternatives to persistent access for these accounts. This creates a situation where security teams knowingly accept risk under operational pressure.
Organizations must confront the AI security confidence paradox. Expressing high confidence in AI readiness despite knowing there are fundamental AI-related identity governance gaps happens because information is incomplete. Security teams can’t protect against what they can’t see.
Consider this: 82% of organizations report confidence in their ability to discover NHIs with access to production systems, but fewer than 1 in 3 actually validate NHI and AI agent activity in real-time. The vast majority of IT decision-makers surveyed admit to at least some sort of identity visibility gap, with NHIs representing the largest blind spot.
Before implementing new access controls or policies, organizations must establish a clear inventory of which NHIs exist—including shadow AI use, what they have access to, and whether any of that access is standing or persistent. Without foundational visibility, any governance efforts become guesswork rather than risk-based decision-making.
Just-in-time and ephemeral access represent the goal, even if they’re not immediately achievable for most organizations. The survey shows organizations are more than twice as likely to use long-lived credentials (34%) compared to modern just-in-time authorization (16%). As Gerry Auger, head of SimplyCyber, notes: “I’ll count it as a win if we just have an inventory of all the identities that have standing access.”
You can’t halt AI adoption. The reality-based goal is closing the visibility gap that allows risky access patterns to persist undetected. Organizations need automated discovery tools that can map machine identities across cloud and hybrid environments in real time. Governance frameworks must operate at speed without the friction that drives teams to bypass strict oversight.
This requires upgrading identity infrastructure to handle the velocity and unpredictability of agentic AI. Security teams can satisfy business demands for speed without abandoning identity governance entirely.

Download: 2026 Identity Security Report
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。