WASHINGTON, April 21, 2026 (GLOBE NEWSWIRE) — Cybersecurity Insiders, in collaboration with Saviynt, has released new research indicating that AI identities are increasingly operating within core enterprise systems, often without established governance or visibility. The study finds that while 71% of CISOs and senior security leaders confirm AI tools have access to core systems such as Salesforce and SAP, only 16% report that this access is governed effectively.
The research highlights a significant visibility gap regarding non-human identities. According to the data, 92% of respondents lack full visibility into AI identities, and 95% expressed doubt in their ability to detect or contain misuse should it occur. Additionally, 75% of surveyed organizations have already identified unsanctioned AI tools running within their environments.
The findings suggest that enterprises are managing a new class of non-human identities that differ from traditional employee service-account models. These AI systems can invoke APIs, hold persistent credentials, and operate across applications with limited human oversight, creating a gap between system access and corporate accountability.
“This is no longer a future-state problem,” said Holger Schulze, founder of Cybersecurity Insiders. “AI already has access to business-critical systems, often with more autonomy and less oversight than any security team would knowingly approve. If organizations cannot identify those accounts, understand their privileges, and enforce policy around them, they do not really control the environments those systems operate in.”
Current enforcement of formal access policies remains low, with 86% of respondents stating they do not enforce such policies for AI identities. Furthermore, only 5% of security leaders feel confident they could contain a compromised AI agent. The report concludes that as AI continues to integrate into SaaS and cloud workflows, the focus for CISOs must shift toward continuous discovery, classification, and monitoring of machine identities to maintain security standards.
To download the full report:
https://www.cybersecurity-insiders.com/portfolio/2026-ciso-ai-risk-report-saviynt/
About Cybersecurity Insiders
Cybersecurity Insiders provides independent research and analysis focused on the operational reality of enterprise cybersecurity. We gather insights from senior security and IT leaders to examine how high-level strategies translate into day-to-day execution. Our analysis identifies the measurable gaps between intended strategy and actual risk exposure, offering a credible, data-driven foundation for security decision-making and industry benchmarking. More: https://cybersecurity-insiders.com
Contact
Founder
Holger Schulze
Cybersecuity Insiders
[email protected]
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/cf5feb2c-ad4c-4524-a7fd-6f083e6ca0f0
