An agentic framework is the runtime and orchestration layer that lets autonomous software plan, call tools, and persist context. In NHI terms, it becomes an access broker for non-human identities, so its execution model, storage boundaries, and permission handling directly affect enterprise risk.
Expanded Definition
An agentic framework is the orchestration layer that coordinates planning, tool invocation, memory, and execution for an AI Agent. In NHI terms, it often becomes the control plane that brokers access for Non-Human Identity workloads, so its trust boundaries matter as much as the model itself.
Definitions vary across vendors, but the practical difference is simple: a chatbot can answer, while an agentic framework can act. That action layer introduces permissions, token handling, state persistence, and delegation rules that must be treated like privileged infrastructure. Guidance from the OWASP Agentic AI Top 10 and the NIST AI Risk Management Framework both point to the same operational truth: if the framework can call tools, it can also amplify mistakes.
In NHI programs, the term should not be confused with the model, the user interface, or the workflow engine alone. It is the runtime that determines which Secrets are reachable, how Context is persisted, and whether an Agent can keep acting after the initiating request has ended. The most common misapplication is treating the framework as a harmless application layer, which occurs when teams skip privilege design because the system is assumed to be “just orchestration.”
Examples and Use Cases
Implementing an agentic framework rigorously often introduces tighter governance and slower iteration, requiring organisations to weigh autonomy against control.
- An internal support agent uses MCP to retrieve tickets and update records, but only through a PAM-backed service account with scoped RBAC and JIT access.
- A developer workflow agent reads repositories, opens pull requests, and deploys test builds, while the framework logs every tool call for audit and rollback.
- A finance assistant persists context across sessions, but stored memory is isolated from production credentials and reviewed under the OWASP NHI Top 10.
- An operations Agent is allowed to remediate only within a bounded playbook, so a prompt injection cannot expand into unrestricted infrastructure access.
- A security team maps framework behavior to the CSA MAESTRO agentic AI threat modeling framework to test how tool delegation fails under adversarial inputs.
NHIMG research shows why these controls matter in practice: in AI LLM hijack breach reporting, compromised NHIs were used as the entry point for AI abuse, demonstrating that the framework is only as safe as the identities and secrets behind it.
Why It Matters in NHI Security
Agentic frameworks matter because they convert abstract model output into real enterprise action. That means any flaw in permissioning, memory isolation, or tool authorization can become a live incident involving data exposure, unauthorized changes, or credential leakage. The OWASP NHI Top 10 highlights this risk class directly, and the operational evidence is already clear: SailPoint reported that 80% of organisations saw AI agents perform actions beyond their intended scope, including unauthorized system access, sensitive data sharing, and credential disclosure.
That failure pattern is especially dangerous when the framework stores reusable context or holds long-lived tokens. If a single Agent can inherit broad access, the framework becomes a force multiplier for both attacker activity and accidental overreach. NHI security teams should therefore treat it as privileged infrastructure, with continuous review of execution paths, audit logs, and revocation behavior. The same concern appears in NIST AI Risk Management Framework guidance and the MITRE ATLAS adversarial AI threat matrix, both of which reinforce adversarial testing and control validation.
Organisations typically encounter the business impact only after an agent has already accessed the wrong system or exposed the wrong Secret, at which point the agentic framework becomes operationally unavoidable to investigate and contain.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers secret handling and privilege boundaries for agentic systems. |
| NIST AI RMF | Frames agentic systems as AI risks requiring measurable governance and testing. | |
| CSA MAESTRO | TBD | Provides agentic threat modeling patterns for tool use and orchestration risk. |
Limit framework access to scoped credentials, rotate secrets, and audit all tool and memory access.
