Why JupiterOne built AI Attack Surface Management — and why it matters right now.
In April 2026, a compromised third-party AI tool pivoted through an employee's Google Workspace, moved laterally into internal systems, and accessed customer secrets. The Vercel breach wasn't exotic. It was a service account with too much access — the same problem security teams have dealt with for years. Except this time, the service account was an AI agent. An AI agent reasons, chains tool calls and decides on its own which systems to touch next. Same identity layer. Different blast radius. In most environments today, no one on the security team can tell you the agent exists, what it can reach or who owns it.
That breach is the reason we built AI Attack Surface Management (AI ASM).
The problem hiding in plain sight
Every AI agent authenticates as a non-human identity. Every copilot holds OAuth scopes. Every MCP server runs under a service account. Your identity tools see them, but they look like every other service account in the environment — indistinguishable from the thousands of API keys and machine credentials your teams already manage.
The scale and numbers are striking. Non-human identities outnumber human ones by 45 to 1 in a typical enterprise. 97% have excessive privileges. And the AI layer is growing fastest of all — yet only 22% of organizations treat AI agents as independent, identity-bearing entities that need their own governance.
Security teams today can't answer three questions that boards, regulators, and incident responders are starting to ask: What AI is actually running in our environment? What can it access? And what happens if it's compromised?
Why now
Three forces are converging.
The AI agent explosion is real. More than 80% of enterprises are past the planning phase with AI agents. But only 14% of those agents went live with security team approval. Development teams provisioned service accounts because proper identity setup felt like friction. OAuth scopes got over-provisioned because demos needed to work before sprints ended. Nobody wrote revocation policies because the first priority was getting agents to function at all. The result is an AI attack surface that grew organically, without oversight, and is now operating in production.
The regulatory clock is ticking. The EU AI Act's Article 4 — requiring AI literacy and auditable AI inventories — takes effect in August 2026. DORA is already live. NIS2 is in force. A single AI agent incident can now trigger simultaneous reporting obligations under three regulatory regimes. Enterprises operating in or serving the EU need to demonstrate they know what AI is running and how it's governed. The compliance question isn't theoretical anymore.
The market has validated the category. In the past twelve months, Cisco acquired Astrix Security for $400 million, CrowdStrike acquired SGNL for $740 million, and Palo Alto Networks acquired CyberArk for $25 billion. Every major platform vendor is racing to own identity security for the AI era. The NHI security market hit $11 billion in 2025 and is projected to reach nearly $39 billion by 2036. This isn't a niche — it's the next infrastructure layer.
What AI Attack Surface Management does
JupiterOne AI ASM answers those three questions — what AI is running, what it can access, and what happens if it's compromised — by building on the thing that makes JupiterOne different: the graph.
Deterministic AI detection across your existing stack. AI ASM doesn't require new agents, new connectors, or a rip-and-replace. It classifies the identities JupiterOne already ingests from 200+ integrations, then applies a curated AI platform catalogue to distinguish AI-powered identities from standard service accounts. You get a definitive answer to "which of our NHIs are AI" without deploying anything new.
Blast radius you can actually trace. When a CISO asks "what happens if this AI agent is compromised," AI ASM shows the full chain, from the identity, through the data stores it can reach, to the downstream systems that depend on it. Not a permissions list. A relationship-aware graph that traces access all the way to regulated data. This is the question every board is going to ask after the next AI-related breach, and it's the question nobody else answers today.
Risk scoring that speaks the language of regulation. AI ASM scores every AI identity using a weighted model that factors in EU AI Act classification, data sensitivity, access volume, credential hygiene, and documentation status. A CISO can filter to "show me every high-risk AI identity accessing restricted data without a DPIA" in a single view. This is audit evidence, not simply posture management.
Governance that closes the loop. Discovery without action is noise. AI ASM includes ownership assignment, attestation workflows, and credential lifecycle management so that the 91% of orphaned tokens and the 97% of over-privileged NHIs become something your team can actually remediate, not just report on.
What this means for security teams
If you're a CISO, AI ASM gives you a board-ready view of your organization's AI exposure. See your aggregate posture, regulatory readiness, and blast radius visibility without commissioning a manual audit every quarter.
If you're a security analyst, you get the ability to investigate AI-powered identities with the same depth you bring to any other security finding: who owns it, what it can reach, when it was last active, and whether its credentials are current.
If you're responsible for identity governance, you finally get NHI lifecycle management that scales — not a spreadsheet of service accounts, but an automated inventory with ownership, attestation, and rotation enforcement built in.
Why JupiterOne is perfectly suited to solve this challenge
JupiterOne's graph was built for exactly this problem. We already map relationships among identities, data, and infrastructure across every major cloud and SaaS platform, plus on-prem managed infrastructure and services. AI ASM extends that graph into the fastest-growing identity risk vector, turning data we already ingest into the AI attack surface visibility that no one else can provide at this breadth.
AI ASM is going GA on June 16. If you're a JupiterOne customer, it'll be in your environment soon so you can start exploring your AI identity posture. If you're not yet a customer, request a demo to see what your AI attack surface actually looks like.
