SlashID, the identity security platform, has announced the launch of AI Identity Governance, the first native governance capability built directly into an identity access graph. This new release allows enterprises to extend lifecycle policies and access control beyond traditional users to the rapidly expanding world of AI applications, autonomous agents, and Model Context Protocol (MCP) servers.
The launch follows SlashID’s analysis of the April 2026 Vercel security incident, where a malicious OAuth 2.0 application from a third-party AI tool was used to compromise an employee's workspace. SlashID’s solution aims to eliminate the "Shadow AI" gap by treating every AI assistant and agent as a first-class, governed identity.
The Problem: Traditional Identity Governance and Administration (IGA) platforms cannot keep pace with AI tools that are installed in seconds and inherit broad OAuth scopes.
The Visibility Gap: Unlike DLP proxies or prompt firewalls, SlashID provides the identity context—showing exactly which mailboxes, repositories, or drives an AI app can reach.
Vercel Incident Context: Addresses the specific OAuth grant patterns that led to the recent high-profile breach at Vercel.
Cost & Availability: Available immediately to all SlashID customers at no additional cost as part of the existing IGA product suite.
Zero Friction: Requires no inline proxies, additional agents, or changes to how employees interact with AI.
As employees authorize new AI assistants or connect MCP servers, they are creating a new class of non-human identities. Without proper governance, these identities operate with unmanaged, broad access to sensitive corporate data.
"AI governance is fundamentally about identity and entitlements," said Vincenzo Iozzo, Co-Founder of SlashID. "Security teams need the same visibility and lifecycle controls for those identities that they already have for users... they need it today, not after a year-long IGA re-platforming project."
SlashID solves the AI security challenge through three primary functional layers:
Unified Visibility Across the AI Surface: Continuous discovery of OAuth grants and Shadow AI usage (via the SlashID Browser Extension). It supports models on Amazon Bedrock, Azure OpenAI, and other CSP-native services, mapping exact permissions as "edges" in the identity graph.
Policy-Based Access Control: Security teams can set rules based on any attribute in the graph—for example, automatically blocking HR or Finance personnel from authorizing consumer-grade AI tools.
Segregation-of-Duties (SoD) Enforcement: Allows teams to identify "toxic combinations," such as an identity having access to regulated customer data while also holding an active grant to an external LLM. Remediation (revocation, MFA step-up) can be fully automated.
Unlike standalone security "point solutions," SlashID operates at the graph layer. It governs AI applications using the same primitives used for SaaS, cloud, and on-premise entitlements. It integrates out-of-the-box with every major identity provider and cloud platform currently supported by SlashID.
About SlashID
SlashID is a leading identity security platform designed to stop identity-based attacks before they result in a breach. By delivering unified visibility across human and non-human identities, the platform provides over 500 threat detections and automated remediation across cloud, SaaS, and on-premise environments.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.