Can Identity Security Close the AI Governance Gap?

As AI tools proliferate inside enterprises, often faster than security teams can track or govern them, a new class of risks are emerging. 

In this episode of the Security Strategist Podcast, IT-Harvest Chief Research Analyst Richard Stiennon sits down with Art Gilliland, CEO of Delinea, to discuss the explosive adoption of AI, the rise of shadow AI, and why identity-centric governance is becoming an urgent priority. Gilliland emphasises the importance of managing AI risks, particularly with machine identities, and the need for intelligent authorization systems to enhance security operations. 

When Gilliland joined Delinea, he believed in focusing on identity, along with policies that govern it. “In the cloud, you share responsibility. In SaaS, you delegate. But you always own your users—human or machine—and your data.”

AI Reduced Inbound Call Volume by 60%

Delinea has been integrating AI internally for years. One of the most transformative outcomes was the launch of Delinea Expert, an AI assistant built directly into the product interface. Users can upload screenshots, logs, or questions and receive precise guidance on how to fix or configure the product. It acts, Gilliland says, like a support person on your shoulder.

“We shipped it about a year ago, and it reduced our inbound call volume by 60%.”

This dramatic result mirrors what Gilliland sees across customers: rapid adoption, often through quick toy implementations that still deliver massive value.

AI Prompts Wider Exposure Surface

But with the rapid adoption of AI comes a wider exposure surface. Business teams are driving AI, CEOs are demanding it, and developers are already using it. However, Gilliland believes security is still trying to catch up—again.

“There's this huge gap between the consumption and use of AI and a company’s ability to get in front of it.”

This gap is what many call shadow AI. Unlike historical shadow IT, this version is often approved—business leaders want it. But they lack visibility, policy, or governance structures to ensure it’s secure. Delinea’s recent survey found that “95 per cent of customers are already using or planning to use AI,” spotlights Gilliland, while just “40 per cent have any governance in place.”

Gilliland warns that the dynamic resembles earlier waves—laptops, mobile, Wi-Fi, cloud—but has accelerated dramatically. “It’s inevitably going to be used because it’s so powerful. You can’t hold it back—and you wouldn’t want to.”

Use AI to Manage AI

This is the future: using AI to manage AI. “AI behaves differently than traditional machine identities. It can make decisions. It has intent.” Because machine-to-machine connections now operate quickly and with shifting intent, organisations need systems capable of evaluating every single request in real time.

Traditional machine identities are predictable—like a robot performing the same task endlessly. Attacks happened when credentials were stolen and misused by humans with intent, as in the Salesforce/Drift breach.

“AI is going to have a machine connection, which tends to be overprivileged. But it can also make decisions on its own.”

Companies must not only build governance, inventory systems, and manage credentials—they must evolve toward understanding intent.

“AI is not static. There’s intent behind the connection. Your controls must be able to interpret that intent. That’s where AI is taking us,” Delinea CEO tells Stiennon.

Takeaways

• AI is a hot topic in cybersecurity today.
• There is a significant gap between AI adoption and governance.
• Shadow AI is becoming prevalent in organisations.
• Companies need to establish a governance structure for AI.
• AI-driven tools can enhance security operations.
• Zero standing privileges are essential for security.
• Organisations must manage machine identities effectively.
• Intelligent authorisation can reduce security risks.
• Understanding intent in AI interactions is crucial.
• A crawl, walk, run approach is recommended for AI governance.

Chapters

• 00:00 Introduction to AI in Identity Security
• 03:19 Governance Gaps in AI Usage
• 07:09 The Rise of Shadow AI
• 11:19 Managing AI Risks and Machine Identities
• 16:11 Intelligent Authorisation and Security Operations
• 20:27 Final Thoughts on AI Governance

About Delinea 

Delinea is a pioneer in securing human and machine identities through intelligent, centralized authorization, empowering organizations to seamlessly govern their interactions across the modern enterprise. Leveraging AI-powered intelligence, Delinea’s leading cloud-native Identity Security Platform applies context throughout the entire identity lifecycle – across cloud and traditional infrastructure, data, SaaS applications, and AI. It is the only platform that enables you to discover all identities – including workforce, IT administrator, developers, and machines – assign appropriate access levels, detect irregularities, and respond to threats in real-time. With deployment in weeks, not months, 90% fewer resources to manage than the nearest competitor, and a 99.995% uptime, Delinea delivers robust security and operational efficiency without compromise. Learn more about Delinea on Delinea.com, LinkedIn, X, and YouTube.