You've run this conversation before. You ask a customer to document who has access to what — pull the entitlements, map the owners, confirm the access is still appropriate. The documentation process itself is the discovery. Orphaned accounts surface. Systems nobody claimed ownership of turn up in the data. Access that was granted for a project that ended two years ago is still live. Nobody knew any of it was there until someone had to write it down.
That conversation is running right now across the federal civilian enterprise, pointed at AI tools instead of user accounts. OMB M-24-10, issued in March 2024, established the current AI governance framework for federal agencies — and embedded in it is a documentation requirement that functions exactly like a forced access review. Agencies must maintain an AI use case inventory capturing, at minimum: a description of each use case, its deployment status, the intended benefits, the assessed risk level, the responsible official, and the access controls in place.
Those last two fields are where the inventory does its real work.
What the Inventory Actually Requires
The published guidance that followed M-24-10 gave agencies a standard schema for their submissions, most of which are now publicly available through agency AI strategy pages and data.gov. Pull a few of them and you'll see the same pattern: use case descriptions are often detailed and well-written, deployment status is generally populated, risk levels are assigned. The responsible official field and the access controls field are where submissions thin out.
"In development" appears with notable frequency in the access controls column. Some submissions leave it blank. Others list a general policy reference — a FISMA designation, an ATO status — without documenting what the access controls actually are for that specific AI tool. The gap between what OMB requires agencies to capture and what agencies have actually filed is not subtle. GAO's ongoing work tracking federal AI adoption progress has flagged inventory completeness as a persistent concern, and the access control fields are consistently among the weakest.
This is not an indictment of agency diligence. It's a structural observation: the fields the inventory requires agencies to complete are exactly the fields that a mature identity governance posture would already have answers to. If you know who owns a system, what it can access, and what controls govern that access, filling in those inventory fields is clerical work. If you don't, the inventory process reveals the gap — the same way an access certification reveals it.
The buyer's inventory struggle is often an identity infrastructure gap wearing compliance clothing.
Where the Analogy Holds
The structural parallel holds. An access certification asks: for each system, who has access, who owns it, and is that access still appropriate? The AI use case inventory asks: for each AI tool, who is the responsible official, what access controls are in place, and what risk level has been assessed? Same questions, different object.
And the same things go wrong in both exercises. Ownership is contested or absent. Access was granted informally and never documented. The system was deployed by a program office without going through the enterprise identity and access management infrastructure, so the enterprise has no visibility into it. The person who originally stood it up left, and nobody updated the record.
If you've sold access governance into federal civilian agencies, you've heard all of this. The AI inventory is surfacing it again, for a new category of tools, on an OMB-mandated timeline.
Where the Analogy Breaks
In a traditional access certification, the principals are humans. You're reviewing entitlements for known users — employees, contractors, service accounts tied to documented systems — accessing known resources. The identity infrastructure question is: does this person still need this access, and is the access appropriately scoped?
The AI inventory introduces a different kind of principal. Many of the tools agencies are inventorying aren't just accessed by users — they're acting on behalf of users. An AI system that drafts procurement language, summarizes case files, or routes benefit determinations isn't just a resource someone accesses. It's an actor. It calls APIs. It reads data. It may write to systems of record. The question the inventory is implicitly asking — what access controls are in place — is actually two questions that the access certification model doesn't cleanly separate: who has access to this tool, and what does this tool have access to, acting on whose authority?
Most federal identity governance frameworks were built to answer the first question. The second is newer, and the inventory is forcing agencies to confront it before their identity infrastructure has caught up. When an agency marks the access controls field "in development," they may be saying something more specific than it looks: they haven't yet figured out how to govern an AI system as a principal, only as a resource.
That's an architecture gap. And it's the conversation worth having.
The Question That Opens It
You don't need a framework or a five-question discovery sequence. You need one question that tells you whether the buyer is stuck on the compliance side of the inventory or the architecture side.
Ask this: "When your team went to document the access controls for your AI tools, what did you find you already had answers to — and what did you have to mark 'in development'?"
Each answer points somewhere different. If they had answers for tools that went through the standard ATO process but not for tools that were stood up through program office contracts, you're looking at an enterprise identity envelope problem — AI tools deployed outside the governance perimeter. If they had answers for access to the tools but not for what the tools themselves can access downstream, you're at the architecture gap. If they couldn't find a responsible official for several entries, you're at an ownership and governance problem that predates the AI inventory and will outlast it.
Any of those answers opens a real conversation. None of them requires you to lead with product. The inventory gave them the question; you're asking what they found when they tried to answer it.
The access certification analogy opens the conversation. The break point — AI systems as principals, not just resources — is where it gets substantive. The buyer who has already hit that wall in their inventory process will recognize immediately that you understand what they're dealing with. That recognition is worth more than any product capability you could open with.
The inventory is the audit. Your job is to ask what it found.