TMCnet News
SlashID Launches AI Identity Governance, the First Access Graph-Native Solution Built to Govern OAuth-Connected AI Apps, Agents, and MCP ServersPurpose-built to extend SlashID's Access Graph to every AI identity touching corporate data — from OAuth 2.0 app authorizations and MCP servers to cloud-hosted models and browser-based shadow AI — with policy-based controls and continuous segregation-of-duties enforcement NEW YORK, May 5, 2026 /PRNewswire/ -- SlashID, the platform that secures every identity, today announced the launch of AI Identity Governance. This represents the identity access graph's first native governance capability. Through its identity access graph, SlashID enables customers to extend visibility, access control, and lifecycle policies from traditional users and service accounts to AI applications, agents, and MCP servers. This approach eliminates the governance gap and addresses Shadow AI—the most rapidly expanding source of unmanaged access to corporate data today. The release arrives after SlashID's analysis of the April 2026 Vercel security incident, in which attackers compromised an employee's Google Workspace account through a malicious OAuth 2.0 application originating from a third-party AI tool. Traditional governance platforms, built for SaaS applications with predictable lifecycles, cannot keep pace with AI tools. These tools are installed in seconds, inherit broad OAuth scopes, and often connect further downstream via MCP and agent frameworks. "AI governance is fundamentally about identity and entitlements," said Vincenzo Iozzo, SlashID's Co-Founder. "Every time an employee authorizes a new AI assistant, connects an MCP server, or hands a task to an autonomous agent, they ae effectively creating a new non-human identity with access to corporate resources. Security teams need the same visibility, policy enforcement, and lifecycle controls for those identities that they already have for users and service accounts — and they need it today, not after a year-long IGA re-platforming project." Enterprises are investing heavily in point solutions for AI security — DLP proxies, prompt firewalls, and CASB-style shadow AI discovery. These tools operate in isolation from the identity fabric, produce alerts without the context needed to act on them, and cannot answer the core governance question: which identities, human or non-human, can reach which resources through which AI applications. The result is that the same OAuth grant patterns that caused the Vercel breach remain unmanaged in most organizations. SlashID's AI Identity Governance solves these challenges with three core capabilities:
Unlike standalone AI security tools, SlashID's AI Identity Governance operates at the identity graph layer, governing AI applications with the same primitives used for SaaS, cloud, and on-premise entitlements. It requires no changes to how employees use AI, no inline proxies, and no additional agents. The solution is available today to SlashID customers at no additional cost as part of the existing Identity Governance and Administration product, covering every major identity provider, cloud, and SaaS platform SlashID already integrates with. To learn more about AI Identity Governance or request a demo, visit slashid.com/use-cases/ai-governance. About SlashID SlashID is the identity security platform that stops identity attacks before they become breaches. The SlashID platform delivers unified visibility across human and non-human identities, 500+ out-of-the-box threat detections, automated remediation, and browser-level phishing prevention — enabling enterprises to see, detect, and fix identity risks across cloud, SaaS, and on-prem environments. Media Contact ICR for SlashID
SOURCE SlashID
|
