The Commonplace
Home Dashboard Papers Evidence Syntheses Digests 🎲
← Papers

Unguverned machine identities are a systemic enterprise blind spot that has already produced multibillion-dollar outages and been weaponized by state-linked actors; the paper offers a 37‑item risk taxonomy, an integrated six‑domain governance framework, a state‑actor threat model, and a cross‑jurisdictional alignment tool to close the gap.

Who Governs the Machine? A Machine Identity Governance Taxonomy (MIGT) for AI Systems Operating Across Enterprise and Geopolitical Boundaries
Andrew Kurtz, Klaudia Krawiecka · April 07, 2026 · arXiv (Cornell University)
openalex descriptive medium evidence 7/10 relevance Source PDF
The paper identifies machine identities (agents, service accounts, API tokens) as a major, under-governed enterprise risk and proposes a forty-item risk taxonomy, a six-domain governance framework, a state-actor threat model, and cross-jurisdictional regulatory alignment to operationalize mitigation.

The governance of artificial intelligence has a blind spot: the machine identities that AI systems use to act. AI agents, service accounts, API tokens, and automated workflows now outnumber human identities in enterprise environments by ratios exceeding 80 to 1, yet no integrated framework exists to govern them. A single ungoverned automated agent produced $5.4-10 billion in losses in the 2024 CrowdStrike outage; nation-state actors including Silk Typhoon and Salt Typhoon have operationalized ungoverned machine credentials as primary espionage vectors against critical infrastructure. This paper makes four original contributions. First, the AI-Identity Risk Taxonomy (AIRT): a comprehensive enumeration of 37 risk sub-categories across eight domains, each grounded in documented incidents, regulatory recognition, practitioner prevalence data, and threat intelligence. Second, the Machine Identity Governance Taxonomy (MIGT): an integrated six-domain governance framework simultaneously addressing the technical governance gap, the regulatory compliance gap, and the cross-jurisdictional coordination gap that existing frameworks address only in isolation. Third, a foreign state actor threat model for enterprise identity governance, establishing that Silk Typhoon, Salt Typhoon, Volt Typhoon, and North Korean AI-enhanced identity fraud operations have already operationalized AI identity vulnerabilities as active attack vectors. Fourth, a cross-jurisdictional regulatory alignment structure mapping enterprise AI identity governance obligations under EU, US, and Chinese frameworks simultaneously, identifying irreconcilable conflicts and providing a governance mechanism for managing them. A four-phase implementation roadmap translates the MIGT into actionable enterprise programs.

Summary

Main Finding

Machine (non-human) identities used by AI systems are an under-governed and rapidly growing source of enterprise and geopolitical risk. Kurtz & Krawiecka (2026) document that machine identities now outnumber human identities by orders of magnitude, tie that proliferation to high-cost incidents and state-sponsored exploitation, and propose two practical governance artifacts — the AI-Identity Risk Taxonomy (AIRT) and the Machine Identity Governance Taxonomy (MIGT) — plus a cross‑jurisdictional alignment structure and a four‑phase implementation roadmap to close technical, regulatory, and coordination gaps.

Key Points

  • Scale and consequence

    • Non‑human identities (NHIs) now outnumber human identities in many enterprises (reported ratios >80:1, up to 144:1).
    • Ungoverned machine identities have produced major losses (paper cites a single ungoverned automated agent linked to the 2024 CrowdStrike outage causing $5.4–$10 billion in losses).
    • Nation‑state actors (e.g., Silk Typhoon, Salt Typhoon, Volt Typhoon, DPRK operations) are exploiting machine credentials as primary espionage vectors.

  • Original contributions

    • AIRT: a two‑level taxonomy enumerating 37 AI‑identity risk subcategories across eight domains, grounded in incidents, practitioner prevalence, threat intelligence, and regulatory recognition.
    • MIGT: a six‑domain integrated governance framework covering AI identity lifecycle, cryptographic identity/authentication, dynamic access governance, accountability/audit architecture, supply chain/model provenance, and regulatory alignment.
    • State‑actor threat model: documents how advanced adversaries operationalize AI identity vulnerabilities.
    • Cross‑jurisdictional alignment structure: maps enterprise obligations under EU, US, and Chinese frameworks and flags irreconcilable conflicts with recommended program‑level management mechanisms.

  • Technical and governance levers

    • Recommends cryptographic workload identity (SPIFFE/SPIRE), decentralized identifiers (DIDs), hardware‑rooted attestation, Just‑in‑Time (JIT) provisioning / Zero Standing Privilege (ZSP), Agent Relationship‑based Identity and Authorization (ARIA), and enhanced audit/accountability graphs for agent‑to‑agent delegation.
    • Notes emerging standards and instruments: A2A protocol (Apr 2025), MCP, CSA Agentic Trust Framework (Feb 2026), NIST/NCCoE activity.

  • Implementation roadmap

    • Four phases: Foundation (months 1–6), Hardening (6–12), Integration (12–24), Optimization (24+), with program metrics and measurement guidance.

  • Limits

    • The work is a governance/technical taxonomy and framework synthesis grounded in cases and practitioner data rather than a broad causal econometric evaluation; it identifies research gaps for empirical follow‑up.

Data & Methods

  • Evidence base

    • Documented incident case studies (notably the 2024 CrowdStrike outage), threat‑intelligence reports on state actor campaigns, practitioner prevalence data and surveys, and analysis of regulatory texts (EU AI Act, US NIST AI RMF, Chinese CSL and algorithm regime, etc.).
    • Standards and protocol review: SPIFFE/SPIRE, A2A, MCP, DID standards, CSA ATF, NCCoE activity.

  • Taxonomy and framework construction

    • AIRT developed by enumerating and classifying observed AI‑identity failure modes into eight domains and 37 subcategories; each risk tied to documented incidents, prevalence signals from practitioners, and threat intelligence.
    • MIGT designed from first principles to cover persistent structural gaps: identity lifecycle, authentication/crypto architecture, access governance, accountability/audit, supply chain/model provenance, and regulatory alignment.
    • Cross‑jurisdictional mapping aligns enterprise obligations under EU, US, and Chinese legal/regulatory frameworks and identifies conflicts needing programmatic mitigation strategies.

  • Threat modeling

    • Builds a foreign state actor threat model showing how adversaries weaponize machine credentials and agent ecosystems (PAM credential targeting, API key theft, agent‑to‑agent delegation abuse).

  • Implementation validation

    • Practical implementation roadmap and measurement guidance. The paper is conceptual/operational rather than a large‑N empirical evaluation; it calls for future empirical research.

Implications for AI Economics

  • Direct economic risks and loss exposure

    • Ungoverned machine identities create tail risk for large, concentrated losses (paper cites a multibillion‑dollar single‑agent incident). Firms should incorporate machine‑identity failure scenarios into operational loss distributions and stress tests.
    • State‑sponsored credential theft and supply‑chain/model compromise add geopolitical tail risk that can affect firm valuation, credit spreads, and insurance premiums.

  • Compliance and operating costs

    • Implementing MIGT‑style governance (cryptographic identity, JIT/ZSP, attestation, provenance tracing, audit infrastructure) entails nontrivial upfront and recurring costs (engineering, tooling, personnel, compliance), which will vary by firm size, sector sensitivity, and cross‑border footprint.
    • Regulatory fragmentation (incompatible EU, US, Chinese obligations) raises compliance complexity and increases ongoing legal and operational costs; could generate duplicated controls or force conservative, expensive default configurations.

  • Market structure and investment implications

    • Rising demand for identity/governance products (PAM, SPIFFE/SPIRE integrations, DIDs, agent governance platforms, attestation hardware) implies an expanding market and investment opportunities in security‑centric AI infrastructure.
    • Firms providing cross‑jurisdictional governance tooling or managed MIGT implementations could capture outsized value as enterprises prioritize safe scaling.

  • Insurance and risk pricing

    • Cyber and AI insurance markets will need to price machine‑identity risk explicitly; failure to do so risks mispricing. Adoption of MIGT controls could become underwriting criteria, affecting premiums and coverage availability.
    • Insurers and regulators may require firms to demonstrate machine‑identity governance maturity for capital/resilience assessments.

  • Productivity and adoption tradeoffs

    • Poor governance increases the chance of high‑impact outages and data breaches, dampening productivity gains from agentic AI. Conversely, credible governance frameworks reduce adoption risk and can unlock broader productivity value from safely delegated agentic automation.
    • There will be firm‑level heterogeneity: firms that internalize governance early may gain safe first‑mover advantages; firms that delay face rising systemic and regulatory risk.

  • International trade and supply‑chain effects

    • Cross‑jurisdictional incompatibilities may drive market fragmentation, localized deployment models, or “jurisdictional arbitrage” strategies (placing agentic workloads where governance/regulation best matches business requirements), affecting global supply chains and location decisions.

  • Research and measurement agenda for AI economists

    • Quantify prevalence and exposure: build datasets on NHI counts by firm, incidents linked to machine identities, and losses attributable to agentic failures.
    • Impact evaluation: use event studies and difference‑in‑differences around major incidents or regulatory rollouts (e.g., EU AI Act phases) to estimate market reactions, investment shifts, and productivity impacts.
    • Cost‑benefit analysis: model implementation costs of MIGT‑like controls vs. expected loss reduction, factoring in insurance premium effects and regulatory fines.
    • Risk pricing: incorporate machine‑identity governance maturity into credit risk, equity valuation, and insurance underwriting models.
    • Policy experiments: evaluate effects of harmonized vs. fragmented regulatory regimes on trade, compliance costs, and innovation.

Practical takeaway for economists and policymakers: machine‑identity governance is not a niche IT problem but an enterprise‑scale, systemically relevant risk factor with measurable economic consequences. Incorporating identity governance maturity and cross‑jurisdictional regulatory exposure into firm risk models, valuation, and policy design is necessary to accurately price AI deployment benefits and risks.

Assessment

Paper Typedescriptive Evidence Strengthmedium — Claims are supported by a mix of documented incident reports, practitioner prevalence data, threat-intelligence attributions, and regulatory texts, which gives credence to the taxonomies and threat model, but the evidence appears non-systematic with unclear sampling, potential selection and survivorship biases, and limited quantitative validation. Methods Rigormedium — The paper develops structured taxonomies, a threat model, and a cross-jurisdictional mapping grounded in domain knowledge and multiple source types, but it lacks transparent, reproducible methodology (e.g., sampling frame, coding protocol, inter-rater reliability), limited empirical validation or robustness checks, and depends partly on proprietary or non-public intelligence sources. SampleSynthesis of documented incidents (including the 2024 CrowdStrike outage), practitioner prevalence data on machine vs human identities, proprietary and public threat-intelligence reports attributing activity to named state-linked groups (Silk/Salt/Volt/North Korean groups), and regulatory/legal texts from EU, US, and Chinese frameworks; supplemented by illustrative case studies and practitioner vignettes. Themesgovernance org_design adoption GeneralizabilityFocused on enterprise environments; findings may not generalize to small businesses, startups, open-source projects, or consumer-facing systems, Jurisdictional alignment explicitly limited to EU, US, and China and may not apply to other legal regimes, Rapidly evolving tooling, identity architectures, and adversary tactics mean taxonomy and threat assessments may become outdated quickly, Reliance on publicly reported incidents and proprietary threat intelligence may bias toward more visible or attributed attacks and undercount undetected/undisclosed events, Cross-sector heterogeneity (cloud providers, finance, critical infrastructure, healthcare) may limit transferability of recommended controls without sector-specific adaptation

Claims (9)

ClaimDirectionConfidenceOutcomeDetails
Automated agents, service accounts, API tokens, and automated workflows now outnumber human identities in enterprise environments by ratios exceeding 80 to 1. Automation Exposure negative high number of machine identities relative to human identities in enterprise environments
exceeding 80 to 1
0.09
No integrated framework exists to govern machine identities (AI agents, service accounts, API tokens, automated workflows). Governance And Regulation negative high existence of an integrated governance framework for machine identities
0.09
A single ungoverned automated agent produced $5.4-10 billion in losses in the 2024 CrowdStrike outage. Firm Revenue negative high financial losses caused by an ungoverned automated agent in the 2024 CrowdStrike outage
$5.4-10 billion
0.18
Nation-state actors including Silk Typhoon and Salt Typhoon have operationalized ungoverned machine credentials as primary espionage vectors against critical infrastructure. Governance And Regulation negative high use of ungoverned machine credentials by nation-state actors for espionage against critical infrastructure
0.18
AI-Identity Risk Taxonomy (AIRT): a comprehensive enumeration of 37 risk sub-categories across eight domains, each grounded in documented incidents, regulatory recognition, practitioner prevalence data, and threat intelligence. Governance And Regulation positive high number and scope of risk sub-categories identified for AI identity (AIRT)
37 risk sub-categories across eight domains
0.18
Machine Identity Governance Taxonomy (MIGT): an integrated six-domain governance framework simultaneously addressing the technical governance gap, the regulatory compliance gap, and the cross-jurisdictional coordination gap that existing frameworks address only in isolation. Governance And Regulation positive high existence of a six-domain governance framework and the governance gaps it purports to address
six-domain governance framework
0.03
A foreign state actor threat model for enterprise identity governance establishing that Silk Typhoon, Salt Typhoon, Volt Typhoon, and North Korean AI-enhanced identity fraud operations have already operationalized AI identity vulnerabilities as active attack vectors. Governance And Regulation negative high operationalization of AI identity vulnerabilities by named foreign actor groups
0.18
A cross-jurisdictional regulatory alignment structure mapping enterprise AI identity governance obligations under EU, US, and Chinese frameworks simultaneously, identifying irreconcilable conflicts and providing a governance mechanism for managing them. Governance And Regulation positive high mapping of cross-jurisdictional AI identity governance obligations and identification of irreconcilable conflicts
0.09
A four-phase implementation roadmap translates the MIGT into actionable enterprise programs. Governance And Regulation positive high existence of a four-phase implementation roadmap to operationalize MIGT
four-phase
0.03

Notes