A relationship model that connects the human who deployed an agent, the agent itself, any sub-agents, and the systems they touched. It helps security teams trace lineage across cloud, SaaS, repositories, and infrastructure instead of treating each alert as an isolated event.
Expanded Definition
An agent graph is the security and governance record of relationships around an agentic application: who deployed it, which OWASP NHI Top 10 risks it touches, what sub-agents it spawns, and which cloud, SaaS, repository, or infrastructure systems it can reach. It is not just an inventory; it is a lineage model that helps operators understand execution authority across a multi-step workflow.
Definitions vary across vendors, and no single standard governs this yet, but the practical goal is consistent: trace action back to origin, authority, and blast radius. In mature environments, an agent graph complements NIST AI Risk Management Framework guidance by making agent behavior inspectable rather than implicit. It also supports investigations when prompts, tools, or tokens move across systems faster than traditional identity logs can correlate them.
The most common misapplication is treating the agent graph as a static architecture diagram, which occurs when teams fail to update relationships after delegation, tool changes, or sub-agent creation.
Examples and Use Cases
Implementing an agent graph rigorously often introduces mapping and maintenance overhead, requiring organisations to weigh faster incident response against the cost of continuously reconciling identities, tools, and permissions.
- A coding agent opens a pull request, calls a build service, and triggers a deployment pipeline; the graph shows that the originating human, the agent, and the CI/CD tokens are one linked chain rather than separate events.
- A support agent hands off to a sub-agent that queries customer data and writes to a ticketing system; the graph makes the delegation path visible for review and approval.
- A compromise in one API key is traced through the agent graph to every repository, SaaS app, and cloud resource the agent touched, helping teams scope containment quickly.
- An analyst correlates the graph with the Anthropic report on AI-orchestrated cyber espionage to understand how autonomous steps can chain into a broader intrusion.
- Security teams use the graph alongside the CSA MAESTRO agentic AI threat modeling framework to decide where human approval, logging, or tool restrictions should be inserted.
NHIMG research on the Moltbook AI agent keys breach shows how quickly agent credentials can become operationally sensitive when they are reused across connected systems.
Why It Matters in NHI Security
Agent graphs matter because compromise rarely stays isolated once an agent has execution authority. They expose where AI hijack conditions can spread, where privileged paths are hidden, and where a single secret creates lateral reach across environments. For NHI governance, that means the graph becomes a control surface for least privilege, approval workflows, and offboarding.
This is especially important when secrets are overexposed. NHI Mgmt Group reports that only 5.7% of organisations have full visibility into their service accounts, which means many agent relationships remain invisible until an incident forces reconstruction. That visibility gap also weakens OWASP Agentic AI Top 10 controls and complicates alignment with NIST AI Risk Management Framework expectations for mapping, monitoring, and risk treatment.
Organisations typically encounter the need for an agent graph only after a suspicious action, credential leak, or unexpected deployment reveals how many systems an agent was actually allowed to touch, at which point lineage becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | AGENT-01 | Agent graphs map autonomous tool use and chained actions central to agentic risk controls. |
| OWASP Non-Human Identity Top 10 | NHI-02 | Agent graphs expose where secrets and service accounts are used across linked systems. |
| NIST AI RMF | The framework calls for mapped, measurable AI risk controls and continuous monitoring. |
Track agent lineage, tool access, and delegation paths before allowing production execution.
