SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Ai cyber risk weak identity controls server room breached
#
Digital Transformation
#
PAM
#
IT Automation

Firms relax identity controls to speed risky AI rollouts

Fri, 20th Mar 2026
Author image
By Shannon Williams, News Editor

Delinea has published research suggesting many organisations are trading identity security controls for faster artificial intelligence deployment, even as they report gaps in visibility and governance for non-human and AI-linked accounts.

The study, titled Uncovering the Hidden Risks of the AI Race, is based on a global survey of more than 2,000 IT decision-makers using or piloting AI. It also draws on incident insights from the Delinea Labs research team.

The findings highlight a consistent theme: when speed becomes the priority, security teams face internal pressure to relax identity controls. Two in three organisations said that when security requirements conflict with business speed, controls are not consistently enforced.

Pressure on controls

The research found that 90% of organisations pressure security teams to loosen identity controls to accelerate AI initiatives. Respondents also reported day-to-day oversight shortfalls as environments become more automated and AI-driven agents create new accounts and permissions.

Nearly 90% of respondents reported at least one identity visibility gap. The largest gap involved machine and other non-human identities, including accounts used by AI agents.

These gaps appear more common in AI-linked environments than in older technology stacks. Respondents said identity discovery gaps occurred at nearly twice the rate seen in legacy or on-premises systems.

Art Gilliland, CEO of Delinea, said adoption is outpacing controls.

"The pressure to move fast on AI is real, but identity governance has not kept pace, which exposes enterprises to significant risk."

Non-human identities

The report focuses on non-human identities, including accounts used by applications, automation tools and AI agents. These identities often receive elevated permissions and can run continuously, making oversight and traceability key concerns.

In the past 12 months, 42% of organisations said AI expansion has been a top factor increasing non-human identity risk. The report compared this with increased automation and CI/CD velocity (26%) and growth in cloud-native workloads (26%).

Accountability remains a challenge. Eighty per cent of organisations said they cannot always explain why a non-human identity performed a privileged action, pointing to weaknesses in monitoring, attribution and audit trails for automated activity.

Standing privileged access also remains common. Nearly six in 10 organisations (59%) reported lacking viable alternatives for non-human identities and AI agents, leaving long-lived permissions in place even when they are not needed.

Other results suggest risk acceptance around persistent access. Sixty-eight per cent said security teams often accept standing access for non-human identities and AI agents, while 73% acknowledged that standing access increases risk.

Confidence paradox

The research describes a gap between perceived readiness and governance practice, which Delinea calls an "AI security confidence paradox".

While 87% of respondents said their identity security posture is ready to support AI-driven automation, 46% said their identity governance for AI systems is deficient.

Respondents were also more critical of identity management in AI environments than in older systems. Organisations were twice as likely to rate their ability to discover and govern identities in AI environments poorly compared with legacy systems.

The report also points to a validation gap. Although 82% said they are confident in discovering non-human identities with access to production systems, fewer than one in three organisations validate non-human identity or AI agent activity in real time.

Product positioning

Delinea sells identity security products for both human and machine accounts, emphasising centralised authorisation. The report argues that organisations need stronger ways to discover identities, manage privileged access and audit activity as AI agents access critical infrastructure and enterprise data.

Gilliland said oversight must extend across every type of identity in modern environments.

"As AI agents multiply across enterprise environments, these identities often have the least oversight. The organizations that will succeed in the AI era will be the ones that enforce real-time, contextual access across every human, machine, and agentic AI identity."
Related stories
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching
IWF & Cyacomb launch workplace abuse material scans
Cork Cyber adds automated mapping to Vantage platform
How Atomgate uses education and partnership to drive successful SonicWall upgrades

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding