A managed agent is a software identity that performs tasks on behalf of an organisation and must be governed like any other non-human identity. In practice, it needs an owner, a defined access scope, and reviewable entitlements so its actions can be traced and controlled.
Expanded Definition
Managed agent is a governance term for an autonomous or semi-autonomous software identity that is assigned ownership, bounded permissions, and a reviewable lifecycle. In NHI programs, it is treated as a machine identity rather than a feature flag, because it can authenticate, call tools, and act across systems.
Usage in the industry is still evolving, and definitions vary across vendors: some describe the agent itself, while others describe the runtime, orchestrator, or credentials that control it. For security teams, the practical question is not naming but scope, accountability, and traceability. A managed agent should have a named owner, a documented purpose, approved data access, and time-bound entitlements that can be revoked without breaking the environment. That posture aligns with the lifecycle and visibility principles described in the Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs and the least-privilege direction of the NIST AI Risk Management Framework.
The most common misapplication is treating a managed agent as a trusted application component, which occurs when teams grant persistent API keys, wide data access, or ad hoc human approval without identity lifecycle controls.
Examples and Use Cases
Implementing managed agents rigorously often introduces operational friction, because every new capability must be paired with ownership, approval, and revocation logic. That constraint is worthwhile when the alternative is an agent that can silently accumulate privileges over time.
- A support agent is allowed to read ticket metadata and draft responses, but not export customer records, using scoped permissions and periodic review.
- An engineering agent opens pull requests and runs tests, yet its deployment token is time-limited and rotated through a controlled lifecycle, consistent with the NHI Lifecycle Management Guide.
- A finance workflow agent approves invoice triage, but any payment release requires separate human control and auditable logging, reflecting the separation principles in the OWASP Top 10 for Agentic Applications 2026.
- An internal research agent can query approved knowledge sources, while access to source code, secrets, or production systems is denied by default.
- A customer onboarding agent is provisioned for a single business unit and decommissioned when the workflow ends, preventing identity drift and stale access.
These patterns are reinforced in NHIMG analysis of agent and identity abuse, including the OWASP NHI Top 10 and broader guidance on agentic risk.
Why It Matters in NHI Security
Managed agents matter because their risk profile grows quickly when they are created faster than they are governed. NHIs already outnumber human identities by 25x to 50x in modern enterprises, and only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs — Regulatory and Audit Perspectives. That gap becomes more dangerous when an agent can chain actions, call tools, and inherit secrets from automation pipelines.
A managed agent model helps security teams apply Zero Trust to software identities, but it only works when entitlements are explicit and continuously reviewed. That is why the NIST Cybersecurity Framework 2.0 and the OWASP Agentic AI Top 10 both reinforce access control, monitoring, and recovery as core disciplines. When managed agents are left unmanaged, the usual failure mode is secret sprawl, privilege creep, and unclear accountability after an incident. Organisations typically encounter that consequence only after an agent misuses a token, exposes data, or triggers an unexpected action, at which point managed agent governance becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Managed agents rely on controlled secrets, scope, and lifecycle governance. |
| NIST AI RMF | AI RMF frames agentic systems as risk-bearing software needing governance. | |
| NIST CSF 2.0 | PR.AA-01 | Identity and access assurance apply to managed agents as non-human identities. |
Inventory agent credentials, restrict entitlements, and rotate or revoke access on a defined schedule.
