AI Has Given You Two New Problems - And Identity Governance Is The Only Place They Meet
Security Boulevard, Friday, March 13th, 2026
AI has quietly turned identity governance into the place where real power flows are decided-who (or what) can move money, change code, or rewrite records. That shift has handed CISOs and CIOs two problems nobody really signed up for: AI inside the identity stack making access decisions, and AI acting as powerful identities across the business.
The incident that makes this real is simple: an AI 'assistant' in ITSM is flipped from 'recommend' to 'auto‑execute,' quietly starts approving risky firewall rules and config changes, and only shows up on the radar when the board asks how a helper account ended up with de facto admin powers. Nothing mystical happened with the model; this was a classic blind spot in disguise-an unsponsored AI account with production‑level powers and no paper trail for who turned it on, what it can touch, or how to shut it down safely.