Top-level user governance breaks when the platform actually grants authority through projects, custom roles, workspaces, service accounts, or API keys. In that case, revoking the user record does not necessarily remove effective access. The result is entitlement drift, stale permissions, and misleading audit evidence.
Why This Matters for Security Teams
When governance stops at the top-level user record, it misses the actual enforcement points where access is exercised. In AI platforms, authority is often granted through projects, workspaces, custom roles, service accounts, API keys, and delegated tokens. That means a clean user deprovisioning event can still leave active entitlements behind. The result is not just an admin hygiene problem; it is a control failure that undermines NIST Cybersecurity Framework 2.0 outcomes for access governance, auditability, and continuous monitoring.
NHIMG research shows the same pattern across NHI environments: lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, with inadequate monitoring and logging and over-privileged accounts both at 37% in The State of Non-Human Identity Security. That matters here because AI platforms often use non-human identities to do the real work, while the human account only acts as the wrapper. If the wrapper is removed but the underlying secrets and delegated access remain, the platform is still exposed. In practice, many security teams discover this only after an offboarding review, incident, or audit has already exposed the gap.
How It Works in Practice
Effective governance has to follow the permission chain, not just the user directory. Start by inventorying every identity that can act independently in the platform: human users, service accounts, AI agents, API keys, OAuth grants, and any project-scoped or workspace-scoped role assignment. Then tie each of those to an owner, purpose, expiry, and review cadence. That is the operating model described in Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs, and it is the practical way to stop entitlement drift from becoming permanent access.
For agentic and semi-autonomous systems, static RBAC is usually too blunt. Current guidance suggests that access should be evaluated at runtime against task intent, context, and workload identity, especially where agents can chain tools or call APIs without a human in the loop. That is where just-in-time credentials and ephemeral secrets matter: tokens should be issued per task, scoped as tightly as possible, and revoked automatically when the task ends. Where the platform supports it, workload identity should be the anchor, not the person who deployed the agent. Cryptographic identity for the workload is more reliable than assuming the user record captures all future machine activity.
- Reconcile user entitlements with project and workspace grants after every offboarding event.
- Rotate or revoke API keys, service accounts, and OAuth consents on a schedule tied to usage, not just employment status.
- Separate approval for human users from approval for machine identities, because they fail in different ways.
For broader governance alignment, map platform controls to NIST Cybersecurity Framework 2.0 and the control themes in Top 10 NHI Issues, especially credential lifecycle, privilege sprawl, and visibility. These controls tend to break down when a platform lets users create nested resources or long-lived tokens that outlive the original admin relationship, because the effective authority survives the user record.
Common Variations and Edge Cases
Tighter identity governance often increases operational overhead, so organisations have to balance revocation speed against developer friction and automation reliability. That tradeoff becomes visible in AI platforms that rely on shared workspaces, inherited permissions, or third-party integrations. Best practice is evolving, but there is no universal standard for this yet, especially where agents can act across multiple tools and data domains.
One common edge case is service accounts owned by a departed user. Another is a platform where a project admin can mint tokens even after the top-level account is disabled. A third is delegated access through OAuth apps, where the user is gone but the app still holds authority. NHIMG research shows 85% of organisations lack full visibility into third-party vendors connected via OAuth apps in The State of Non-Human Identity Security, which is a strong warning sign for AI platforms that depend on external integrations.
For agentic systems, governance should also reflect the AI risk controls in NIST Cybersecurity Framework 2.0 and the accountability model in Ultimate Guide to NHIs — Regulatory and Audit Perspectives. The real-world failure mode is simple: if the platform cannot prove who or what still has authority after a user leaves, the audit trail is incomplete and the access path is still alive.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Covers lifecycle and rotation of non-human credentials behind platform access. |
| OWASP Agentic AI Top 10 | Agentic platforms need runtime authorization for autonomous tool use. | |
| NIST AI RMF | AI RMF addresses accountability and governance for AI-enabled decision systems. |
Inventory every machine credential and revoke or rotate it on a defined lifecycle, not just user exit.
Related resources from NHI Mgmt Group
- What breaks when organisations rely only on observability for AI governance?
- What breaks when AI governance depends on email or OAuth discovery alone?
- How should security teams choose between browser-based and network-level AI governance?
- What breaks when shadow AI is not included in identity governance?
