Posey's Tips & Tricks

When AI Goes Wrong: The Hidden Risks of Conditional Access Controls, Part 1

AI-driven conditional access can strengthen zero trust security, but without proper safeguards it can also mistakenly target trusted employees, creating unexpected risks for organizations.

• By Brien Posey
• 08/08/2025

Over the last year or so, the one question that I have been asked more often than any other is, "am I going to lose my job to AI?" The fear is of course, that generative AI can quickly and easily create content that could previously only be made by humans. To date, I have often answered this question by saying that generative AI will likely be used to augment what is produced by humans, not replace humans altogether. There are simply too many legal risks associated with an organization relying solely on AI generated content.

More recently however, I am beginning to rethink my answer to the question of whether people will lose their jobs to AI. Rather than answering, "I doubt it," I find myself more inclined to answer, "possibly, but it won't happen in the way that you are thinking of."

Recently, a lot of organizations have been using AI as a tool for managing their zero trust initiatives -- and rightly so! AI can detect and counter threats that would be nearly impossible for a human to pick up on. Additionally, attackers are increasingly leveraging AI to make their attacks more effective, and such attacks are best countered by AI. The bottom line is that AI is an indispensable resource for keeping an organization secure.

In spite of AI's usefulness and importance, AI absolutely must be constrained. If left unchecked, AI can potentially become hostile toward trusted employees, potentially ruining careers in the process! I will be the first to admit that this idea probably sounds a lot like a conspiracy theory or even a plot from a bad sci-fi movie, but the potential threat is very real and stems from what I like to think of as the AI ripple effect.

Before I talk about the AI ripple effect and all of the harm that it can cause, let me take a step back for a moment and talk about normal, completely benign, AI enabled zero trust security -- particularly as it relates to conditional access control.

In the old days (which weren't really all that long ago), access controls were static. When a user authenticated into a system, the authentication engine would issue the user a security token, which they could then use to access any resources for which they had permission. Conditional access is based on the idea that even if you have granted a user permission to access a particular resource, it is not always in your best interest to honor those permissions. Imagine for a moment that a user leaves the office for the day and then five minutes later that user logs on from a computer located in a rogue nation on the other side of the world. If that happens, it's pretty safe to assume that the account has been compromised and that the login is being performed by an attacker, not by the employee to whom the account belongs. As such, even though the logon succeeded and the account has permission to access various resources, actually allowing the account to access those resources would be a really bad idea.

That's the basis of conditional access. When conditional access is used, the system looks at more than just whether or not a user entered the correct password. The conditional access mechanism considers a number of factors, which are usually referred to as signals. The user's geographic location is one example of a signal, but it is not the only example. Other examples might include the time of day when the user is logging on or perhaps the operating system that is running on the user's device.

Every conditional access system works a little bit differently, but typically the system will calculate a risk score for the user based on various signals. This risk score can also change once the user has logged on, based on whether they are working in a way that is normal for them and similar to the way that other users with similar job titles work. The conditional access system might also create a device risk score based on the OS being used, whether or not the OS has been jailbroken, and how the OS is configured (among other things). There might also be a composite risk score that is based on the combined user risk and device risk.

Again, each conditional access system works a little bit differently, but in a zero trust environment, the risk scores are usually calculated at the time of authentication and then refined as the user works. A score may increase if the user does things that the system deems to be risky, or the score may decrease if the user adheres to all of the recommended security best practices and does not attempt to work in a way that is out of the ordinary for them.

Access control decisions are made in real time based on these risk scores. These access control decisions could potentially cause a user to be denied access to a resource if the user is deemed to be sufficiently risky. More often though, the system will force a user to take some steps to prove their identity before granting access to a sensitive resource. As an example, the system might require a user who is trying to access sensitive data to complete an MFA challenge even though the user is already logged in.

Everything that I have described so far pertains to how zero trust and conditional access is supposed to work. In Part 2, I will discuss how AI based conditional access can cause serious problems for an organization and its users unless it is properly constrained.