Four independent signals converged in recent months, and they all point at the same gap. The EDUCAUSE AI Summit is concluding today in Chicago. The Cloud Security Alliance published a whitepaper on NHI governance documenting a confidence vacuum. Rowan University published the most honest institutional AI account in the EDUCAUSE literature. And Internet2's Sean O'Brien warned in January that 2026 represents a narrowing window for institutions to establish governance before the debt becomes impossible to unwind.
Each of these arrived from a different direction. They converge on the identity layer: who authorized this agent, what can it access, who is accountable when it acts. No campus has built it.
The Summit walked into a baseline that hasn't moved
The EDUCAUSE AI Summit on June 2–3 was themed around developing an AI-ready workforce. No post-event coverage is available yet, which is expected given the event is wrapping up today. But the context it walked into is well documented. At the comparable 2025 Summit in Minneapolis, roughly 150 participants reported that many institutions lacked clear AI strategies, practical guidance, or defined governance structures. Participants described having "a hard time getting buy-in from executives to address AI governance when they face competing priorities such as budget shortfalls and enrollment declines."
A year later, the needle has barely moved. EDUCAUSE's 2025 AI Landscape Study found only 9% of institutions considered their cybersecurity and privacy policies adequate for AI risks. Internet2's AI readiness survey found fewer than half of respondents had made substantial progress formalizing AI strategies or budgets.
The Summit's workforce-readiness theme tells you where the sector's attention lives. Institutions are still working on literacy and adoption. Governance, when it appears, means acceptable use policies for humans using AI tools. The question of who governs the AI systems themselves, their identities, their access, their accountability chains, remains largely unasked.
The CSA numbers and what they mean for higher ed
The CSA's NHI governance whitepaper assembles cross-industry data that is difficult to look away from:
| Finding | Source |
|---|---|
| Only 15% report high confidence in preventing NHI-based attacks | CSA Survey, 2024 |
| 16%+ do not track AI-related identity creation at all | CSA Survey, 2024 |
| 47% of non-human identities unchanged for more than a year | Entro Security, H1 2025 |
| 51% report no clear ownership of AI identities | WEF, 2025 |
A separate CSA survey (commissioned by Token Security, 418 respondents, January 2026) found 82% of enterprises had discovered previously unknown AI agents in the past year. Sixty-five percent had experienced agent-related incidents. Only 21% had formal decommissioning processes.
These are cross-industry figures, and they should be read with that caveat. Higher education is almost certainly worse, and the reason is structural. In an enterprise, NHI creation at least theoretically passes through a provisioning workflow. Someone in IT stands up the service account. In higher education, a faculty member can spin up an API connection to the SIS from a departmental server without touching central IT. There is no procurement trigger for NHI creation, no HR onboarding equivalent for service accounts, no lifecycle process that feeds the identity system when a research project ends and its integrations should be decommissioned. Decentralized governance is a design principle in higher ed, and the NHI sprawl it produces is a direct consequence. The sprawl is qualitatively different from enterprise sprawl because nobody was ever supposed to be watching in the first place.
No higher education institution has published a documented implementation of formal non-human identity governance at any level. The distance between "institutions are deploying AI" and "institutions are governing the identity lifecycle of those deployments" remains total.
What Rowan found when it looked
Rowan University's January 2026 EDUCAUSE Review piece is the closest thing the sector has to a candid field report. When Rowan began connecting AI agents to its Oracle-based enterprise systems, the work "exposed a deeper truth: bringing AI into real, regulated institutional data environments is not just a technology project; it's a test of our entire data governance and security philosophy." Rowan has since deployed a portfolio of institutional AI agents against IPEDS data, enrollment data, and HR data, each operating within governance boundaries the institution had to build from scratch.
As Joe Sabado, an EDUCAUSE community voice, observed on Substack (a secondary source commenting on the Rowan piece):
"AI does not solve governance problems. It exposes them."
Rowan is a single institution. It proves the work is possible and substantial enough that most institutions haven't started.
The Canvas breach as category evidence
The recent Instructure/Canvas breach matters here not as a deal signal but as proof of concept for the underlying vulnerability class. Ungoverned API authentication surfaces, credentials nobody rotates, third-party integrations that bypass vendor risk review: this is the same attack surface AI agents will inherit and amplify. The CSA whitepaper makes the connection explicit, noting that AI agents "acquire permissions dynamically at runtime, spawn sub-agents, invoke external APIs, write and execute code, and chain together actions that can span dozens of systems." Each of those behaviors expands the blast radius of any single compromised credential beyond what a static integration could achieve.
The Canvas breach happened through the integration surface higher ed already has. The agent surface is that same surface operating at higher velocity with greater autonomy. The companion piece in this issue traces how Okta's agent governance framework maps onto this exact problem from the product side. The structural point is the same from both directions: institutions that haven't governed the first surface are accumulating the second on top of it.
Why the window is actually narrowing
O'Brien's framing deserves to be taken seriously because it's grounded in a pattern higher ed has already lived through:
"One of the key lessons learned from research and higher education's cloud adoption is that waiting too long to plan for multiple services creates governance, cost, and visibility challenges that are difficult to unwind later." — Sean O'Brien, Internet2
Cloud migration taught this sector that governance debt compounds. Institutions that didn't establish cloud governance early spent years unwinding shadow SaaS contracts, orphaned accounts, and unreviewed data processing agreements. The AI agent surface is accumulating the same debt faster, because agents proliferate without procurement processes, without HR onboarding triggers, without the institutional checkpoints that at least slowed down human identity sprawl. The CSA's finding that 68% of organizations cannot distinguish AI agent activity from human activity (CSA/Aembit survey, 228 respondents, January 2026) means the debt is also invisible.
Field implications this quarter
The convergence across community research (EDUCAUSE), industry data (CSA), institutional experience (Rowan), and infrastructure leadership (Internet2) is clear enough to act on. The identity layer is the ungoverned gap in AI adoption. The evidence is strong enough to name the problem, though not yet strong enough to name the solution, because no campus has built one at the NHI governance level.
For anyone positioning identity governance in AI conversations this quarter: most buyers will stall on agent identity lifecycle management as a product category. They will engage with the argument that the ungoverned integration surface they're already worried about is about to get larger, faster, and harder to see.
"Can you tell me how many non-human identities — service accounts, API keys, integration tokens — are active in your SIS and LMS environments right now, and which ones were created in the last six months?" If they can answer that, you're talking to one of the few. If they can't, you've just made the governance gap visible in terms they can feel.
Every week an institution doesn't inventory its non-human identities is a week that population grows without oversight. The institutions that build governance now will have something they can extend when agents arrive at scale. The ones that wait will inherit a system they can't see, compounding on an identity layer they never built.