. It depends on the system and the settings, but atime can change frequently in response to activity of other programs (such as sudo).
but i am unsure of the value you'd get from this. if a new process arrives with a different path string, it would probably make a different output from the last time the query ran. perhaps you have a known good list of paths the PATH variable should include, or known a pattern of dangerous ones?
SELECT pe.key AS variable_name, pe.value AS variable_value, p.name AS process_name, p.path AS process_binary, p.uid AS user_id, u.username AS user_name FROM process_envs AS pe JOIN processes AS p ON p.pid=pe.pid JOIN users AS u ON p.uid=u.uid WHERE pe.key='PATH';