Model routing policy is the logic that decides which model, cluster, or workflow step handles a request. It shapes cost, latency, quality, and exposure because it controls when requests are escalated, when fallbacks happen, and which identities are used along the path.
Expanded Definition
Model routing policy is the decision logic that directs a request to a specific model, cluster, or workflow step based on task type, risk, cost, latency, and required assurance. In agentic systems, routing is not just an optimisation layer. It also determines which NIST Cybersecurity Framework 2.0 outcome domains are implicated because routing affects access, monitoring, and resilience across the request path.
Definitions vary across vendors, especially when routing is blended with orchestration, prompt chaining, or guardrail enforcement. NHI Management Group treats model routing policy as a governance control because it decides whether a request is handled by a general model, a privileged workflow, or a higher assurance path with stricter identity checks. That distinction matters when the routing layer influences secrets exposure, tool invocation, or escalation to a human reviewer. It also intersects with the Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs because the identities used along the route need to be governed, rotated, and scoped appropriately.
The most common misapplication is treating routing as a pure performance feature, which occurs when teams ignore the identity and privilege changes that happen as requests move between models and workflows.
Examples and Use Cases
Implementing model routing policy rigorously often introduces operational complexity, requiring organisations to weigh lower latency and cost against tighter governance, more logging, and more rule maintenance.
- A customer support assistant routes low-risk FAQs to a small model, but escalates account-change requests to a higher assurance workflow that requires stronger identity validation and audit logging.
- A code-generation agent sends simple completions to a fast model, while privileged repository actions are routed through a separate approval step with limited tool access.
- A finance copilot routes payment-related prompts to a restricted cluster, where secrets are only exposed through controlled retrieval and the model cannot directly invoke external tools.
- A triage agent uses confidence thresholds to decide whether to answer, defer, or forward to a human, reducing unnecessary exposure of sensitive context to broad-purpose models.
- An enterprise platform routes requests carrying regulated data through a policy engine that enforces the guidance described in the Ultimate Guide to NHIs — Regulatory and Audit Perspectives, while aligning with NIST Cybersecurity Framework 2.0 logging and oversight objectives.
Why It Matters in NHI Security
Model routing policy becomes an NHI security issue because routing decisions often determine which service account, API key, token, or certificate is used next. If the policy is weak, requests can drift into paths that use overprivileged identities, inconsistent logging, or fallback workflows that were never reviewed for production exposure. That creates hidden attack paths and makes incident response harder because the actual request path is not obvious from the user interface alone.
This is especially important in environments where secrets are already widely exposed. NHIMG reports that 96% of organisations store secrets outside of secrets managers in vulnerable locations such as code, config files, and CI/CD tools, which means a routing mistake can quickly turn into credential exposure or unintended model access. The same governance concerns appear in the Top 10 NHI Issues and are reinforced by the broader NHI lifecycle guidance.
Organisations typically encounter the consequences only after a fallback path leaks data, a privileged tool call is abused, or an incident review reveals that routing rules allowed sensitive requests to bypass the intended controls, at which point model routing policy becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-4 | Routing decisions affect which identities and privileges are exercised during access. |
| OWASP Agentic AI Top 10 | Agentic systems treat routing as a control point for tool use, escalation, and guardrails. | |
| OWASP Non-Human Identity Top 10 | NHI-02 | Routing can expose secrets and service identities if paths are not tightly governed. |
Bind each route to least-privilege access rules and review fallback paths for hidden privilege escalation.
