Expert Analysis
WHO GOVERNS THE MACHINE?
A Machine Identity Governance Taxonomy (MIGT) for AI Systems Operating Across Enterprise and Geopolitical Boundaries
Authors: Andrew Kurtz, CISSP; Klaudia Krawiecka, PhD
The governance of artificial intelligence has a blind spot: the machine identities that AI systems use to act. AI agents, service accounts, API tokens, and automated workflows now outnumber human identities in enterprise environments by ratios exceeding 80 to 1 [1], yet no integrated framework exists to govern them. The consequences are measurable: a single ungoverned automated agent produced $5.4 to $10 billion in losses in the 2024 CrowdStrike outage, and nation-state actors including Silk Typhoon and Salt Typhoon have operationalized ungoverned machine credentials as primary vectors for espionage against critical infrastructure. At the same time, three major jurisdictions—the European Union, the United States, and China—are developing fundamentally incompatible AI governance frameworks, creating cross-jurisdictional conflicts that no existing enterprise governance program is equipped to navigate.
The Urgent Challenge: AI Identity at Scale
AI systems are rapidly proliferating, outpacing existing governance frameworks and creating new, systemic risks for enterprises globally.
0
NHI to Human Identity Ratio
0
Orgs. with AI Agent Security Incidents (2025)
0
Max. Losses from Single Outage (CrowdStrike)
0
Orgs. Lacking AI Identity Security Controls
Deep Analysis & Enterprise Applications
Select a topic to dive deeper, then explore the specific findings from the research, rebuilt as interactive, enterprise-focused modules.
MIGT Domain I: AI Identity Lifecycle Governance
Purpose: Ensure every AI identity has a defined existence from authorized creation to verified decommissioning, with a designated human accountability owner at every stage.
Required Capabilities:
- An AI Identity Registry: A maintained, authoritative inventory of every AI identity with associated metadata.
- Authorized Provisioning Process: Documented business justification, human owner, minimum-necessary access, and security review.
- Lifecycle Event Management: Covering scope changes, ownership transfers, migrations, and decommissioning.
- Periodic Certification: Automated behavioral analysis combined with designated owner attestation.
MIGT Domain II: Cryptographic Identity and Authentication Architecture
Purpose: Ensure every AI identity is cryptographically anchored, capable of proving its provenance to relying systems, and that authentication mechanisms are designed for non-human identity patterns.
Required Capabilities:
- Cryptographic Agent Identity: Every AI agent issued a cryptographically verifiable identity (DID or SPIFFE ID).
- Ephemeral Credential Architecture: Static API keys replaced with ephemeral, short-lived credentials.
- Just-in-Time Access Provisioning: Access granted at runtime, scoped to specific tasks, and automatically revoked.
- Mutual Authentication for Agent-to-Agent Communication: Using ARIA model, recording every delegation as verifiable relationship.
MIGT Domain III: Dynamic Access Governance
Purpose: Provide governance mechanisms for AI agent access that operate at machine speed, evaluate context in real time, constrain scope dynamically, and enforce accountability continuously.
Required Capabilities:
- Policy Decision Points and Policy Enforcement Points: Contextual rule evaluation for every AI agent credential request and action.
- Behavioral Baseline and Anomaly Detection: Continuous comparison of runtime behavior against a documented baseline.
- Maturity-Based Autonomy Progression: Agent autonomy earned through demonstrated trustworthiness.
- Cross-System Privilege Aggregation Monitoring: Real-time view of aggregate privilege across all systems for each AI agent.
MIGT Domain IV: Accountability Attribution and Audit Architecture
Purpose: Ensure every AI agent action is attributable to a specific, cryptographically verified identity, that complete, tamper-evident audit records exist, and that accountability for AI-caused harm can be clearly assigned.
Required Capabilities:
- Unique Agent Identity as Accountability Anchor: Every AI agent assigned a unique, persistent identifier linked to its model and deployment.
- Tamper-Evident Action Audit Trail: Significant AI agent actions logged with context for forensic reconstruction.
- Designated Human Accountability Owner: Every AI identity has a human owner bearing genuine accountability.
- Incident Response and Accountability Attribution Protocol: Defined process for identifying agents, reconstructing actions, and assigning accountability.
MIGT Domain V: Supply Chain and Model Provenance Governance
Purpose: Ensure AI models and components deployed have verifiable provenance and supply chain controls reduce risks of malicious injection or data poisoning.
Required Capabilities:
- AI Bill of Materials (AIBOM): Documenting model architecture, training data, fine-tuning history, dependencies, and modifications.
- Model Integrity Verification: Cryptographic hash verification of model parameters.
- Third-Party Component Governance: Applying vendor risk management to AI agent frameworks, tools, and API dependencies.
- GPAI Model Compliance Documentation: For AI agents built on General-Purpose AI Models subject to EU AI Act obligations.
MIGT Domain VI: Regulatory Alignment and Cross-Jurisdictional Coordination
Purpose: Provide a structured framework for mapping enterprise AI identity governance obligations across multiple regulatory jurisdictions, identifying conflicts, and managing them at the enterprise program level.
Required Capabilities:
- Jurisdiction Mapping Matrix: Mapping AI identity governance obligations to MIGT capabilities across operational jurisdictions.
- Cross-Jurisdictional Conflict Registry: Documenting conflicting requirements, involved jurisdictions, management approach, and residual risk.
- Jurisdictional Tiering of AI Deployments: Classifying deployments by jurisdictional exposure with proportional governance controls.
- Regulatory Velocity Monitoring: Structured process for monitoring regulatory developments and updating mapping matrix and conflict registry.
144:1
Non-Human Identities vs. Human Identities in Enterprises
Claim 1: AI identity risk is a distinct risk category. Machine identities now outnumber human identities by 144 to 1, with 88% of organizations experiencing AI agent security incidents in 2025. This scale and the nature of agentic AI demand a dedicated taxonomy and governance framework.
| Issue | Existing IAM Frameworks | MIGT Integrated Framework |
|---|---|---|
| Scope & Focus | Human-centric; treats machine identities as binary, static objects. | AI-centric; governs human-machine identity continuum, dynamic agent behavior. |
| Access Control | Role-based (RBAC), static; assumes predictable, sequential workflows. | Dynamic, Just-in-Time (JIT) provisioning; context-aware, supports non-deterministic, multi-agent execution paths. |
| Accountability | Direct human causal chain; failures lead to individual blame. | Distributed across agent developers, deployers, operators; emphasizes cryptographic identity for attribution. |
| Threat Model | External attackers, insider threats. | Includes foreign state actors exploiting AI identity as attack vector. |
| Regulatory Alignment | Limited or no explicit cross-jurisdictional conflict resolution. | Structured mapping (Jurisdiction Mapping Matrix) and conflict resolution (Conflict Registry). |
Claim 2: The governance framework gap, the regulatory gap, and the coordination gap must be addressed simultaneously. Existing IAM frameworks are structurally insufficient for agentic AI, failing on identity continuum, dynamic access, accountability attribution, and cross-jurisdictional alignment. The MIGT addresses all three gaps within a single integrated framework.
Case Study: State Actor Exploitation - The Silk Typhoon Campaign
Claim 3: Foreign state actors have already operationalized AI identity as an attack and influence vector. The Silk Typhoon campaign, attributed to a Chinese state-sponsored threat group, shifted tactics in late 2024 to specifically target IT supply chain and network management providers.
Attack Vector: Exploitation of stolen API keys and credentials associated with Privileged Access Management (PAM) providers, cloud applications, and data management companies. These machine identities enabled persistent, privileged access to downstream customer environments.
Operational Pattern: This precisely aligns with the Credential-Exfiltration-State Actor Nexus, demonstrating static credential persistence (MIGT Domain I failure) enabling high-volume autonomous exfiltration (MIGT Domain III failure) in service of foreign intelligence objectives (MIGT Domain VII).
Impact: Exfiltration of sensitive training data, model weights, and proprietary outputs at scale for espionage purposes. This real-world incident underscores that enterprise IAM programs lack an adequate threat model for AI-specific state-sponsored attacks.
Enterprise Process Flow
Credential-Exfiltration-State Actor Nexus (Domains I, III, VII)
→
Prompt Injection-Privilege Escalation-Accountability Void (Domains IV, II, V)
→
Supply Chain-Authentication-Foreign Influence Intersection (Domains VI, I, VII)
The most consequential AI identity governance failures arise not from individual risk categories in isolation but from their intersection, creating complex and dangerous attack surfaces that traditional security models struggle to address.
| MIGT Domain | EU AI Act Obligation | U.S. (NIST AI RMF + State) | China (CSL/DSL/GenAI) | Conflict Assessment |
|---|---|---|---|---|
| V. Supply Chain | Arts. 53-55 GPAI model obligations; Art. 9 risk management | NIST AI RMF MAP function; SBOM requirements for federal procurement | CSL AI safety assessments; CAC algorithm filing and transparency requirements | HIGH CONFLICT: EU and U.S. trade secret protection obligations directly incompatible with Chinese algorithm transparency filing requirements for AI systems |
| VI. Cross-Jurisdictional Coordination | Art. 4 extraterritorial application; Digital Omnibus obligations | EO 14365 federal preemption signals; state law uncertainty pending court resolution | CSL extraterritorial reach effective Jan. 1, 2026; national security disclosure authority | HIGH CONFLICT: incompatible extraterritorial claims from three jurisdictions; no international resolution mechanism exists above enterprise program level |
Claim 4: The absence of inter-jurisdictional coordination in AI governance is itself a governance risk. The fragmented regulatory landscape, with fundamentally incompatible philosophies across the EU, U.S., and China, creates irreconcilable conflicts at the enterprise level, requiring direct management through MIGT Domain VI.
Quantify Your AI Identity Risk Savings
Use our interactive calculator to estimate the potential annual savings from implementing robust AI identity governance in your organization.
Estimated Annual Savings
$0
Annual Hours Reclaimed
0
MIGT Implementation Roadmap
A structured, phased approach to translate MIGT's governance domains into actionable enterprise programs, sequenced by dependency and risk priority.
Phase 1: Foundation (Months 1-6)
Objective: Establish foundational governance infrastructure and reduce highest-severity risks. Deliverables: AI Identity Registry, Ownership Assignment Campaign, Critical Credential Remediation, Authorized Provisioning Process.
Phase 2: Hardening (Months 6-12)
Objective: Replace static credentials, implement JIT access for high-risk AI, establish behavioral baselines, and begin EU AI Act/China CSL compliance documentation. Deliverables: SPIFFE/SPIRE Workload Identity Deployment, Ephemeral Credential Architecture, JIT Access Provisioning pilot, Behavioral Baseline Establishment, Compliance Documentation.
Phase 3: Integration (Months 12-24)
Objective: Extend cryptographic identity, deploy tamper-evident audit, complete supply chain governance for high-risk AI models, and achieve full cross-jurisdictional regulatory alignment. Deliverables: Full SPIFFE/SPIRE rollout, Tamper-Evident Audit Architecture, AIBOM Implementation, Cross-Jurisdictional Conflict Registry, AI-Specific Access Certification.
Phase 4: Optimization (Month 24+)
Objective: Advance to machine-speed proactive governance. Deliverables: Policy Decision Point Automation, Threat Intelligence Integration, Maturity-Based Autonomy Progression Management, Regulatory Velocity Monitoring.
Ready to Govern Your Machine Identities?
The governance vacuum at the intersection of AI and identity is a present crisis. Don't let your AI systems operate without adequate governance. Schedule a consultation with our experts to bridge the gap and secure your AI future.
Ready to Get Started?
Book Your Free Consultation.
Let's Discuss Your AI Strategy!
Lets Discuss Your Needs
Select a Date
Sun
Mon
Tue
Wed
Thu
Fri
Sat