Yes. AI governance tooling answers policy, accountability, and compliance questions, while identity infrastructure answers authentication, authorization, and revocation questions. If one layer is expected to do both jobs, the organisation usually ends up with good documentation and weak containment, which is the wrong trade-off for production agents.
Why This Matters for Security Teams
Separating AI governance tooling from identity infrastructure is not a design preference, it is a containment decision. Governance tools answer whether an agent should be allowed to act under policy and oversight, while identity systems answer who or what is making the request, what it can access, and how fast that access can be revoked. When those functions blur, teams tend to optimize for compliance narratives instead of runtime control, which is especially dangerous for autonomous agents that chain tools and act faster than humans can intervene.
The current guidance suggests treating AI governance and identity as complementary layers, not interchangeable ones. NHI programs already struggle with visibility and privilege sprawl, as shown in Ultimate Guide to NHIs, and that pressure intensifies when the workload is an agent with execution authority. NIST’s NIST AI Risk Management Framework reinforces that AI risk governance must be paired with operational controls, not used as a substitute for them. In the 2026 infrastructure identity Survey, 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments.
In practice, many security teams discover the gap only after an agent has already been granted broad access through a governance approval workflow that never actually constrained identity or revocation.
How It Works in Practice
In a well-separated model, AI governance tooling sets the rules for acceptable use, model oversight, data handling, and escalation paths, while identity infrastructure enforces the mechanics of authentication, authorization, and revocation at request time. For agents, that means the identity layer should issue short-lived credentials, bind them to workload identity, and enforce policy based on task, context, and runtime risk. Static roles alone are too blunt for autonomous systems because an agent’s next action may differ materially from its last one.
Practitioners increasingly pair policy engines with workload identity so decisions are evaluated dynamically rather than pre-baked into a role matrix. That can include OIDC tokens, SPIFFE-style workload identity, JIT credential issuance, and policy-as-code enforcement through tools such as OPA or Cedar. The goal is not just to know that an agent exists, but to prove what it is doing, for how long, and under which constraints. NHIMG’s Top 10 NHI Issues highlights why this matters: excessive privilege, poor rotation, and weak offboarding are recurring failure modes across NHI environments.
- Use governance tooling to approve agent use cases, data boundaries, and escalation thresholds.
- Use identity infrastructure to mint ephemeral credentials per task, not shared long-lived secrets.
- Enforce least privilege at the workload level, not only at the human owner level.
- Revoke credentials automatically when the task completes or the policy context changes.
This guidance tends to break down in environments where agents are embedded directly into CI/CD, cloud admin, or SaaS automation workflows because the surrounding systems still assume long-lived service accounts and manual exception handling.
Common Variations and Edge Cases
Tighter separation often increases operational overhead, requiring organisations to balance stronger containment against faster delivery and simpler administration. That tradeoff becomes visible when teams need auditability without slowing autonomous execution. Best practice is evolving, but there is no universal standard yet for how much of the agent lifecycle should sit in governance tooling versus identity controls.
One common variation is a control plane that logs every agent decision while the identity layer only grants narrowly scoped, ephemeral access. Another is policy-aware identity issuance, where the governance system feeds context into authorization, but the identity system still remains the system of record for revocation and credential state. The distinction matters because governance evidence does not stop misuse on its own. Identity controls do. NHIMG’s 52 NHI Breaches Analysis and the Ultimate Guide to NHIs — Regulatory and Audit Perspectives both point to the same operational lesson: bad outcomes usually follow from overprivileged identities and weak lifecycle controls, not from missing policy memos.
For agentic AI, the separation is especially important when multiple agents share tools, when one agent can delegate to another, or when model behavior is non-deterministic. Those environments need clear ownership, separate control planes, and real-time enforcement, not a single platform that claims to do policy, access, and revocation all at once.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A03 | Agentic systems need runtime controls beyond static approvals. |
| CSA MAESTRO | MAESTRO addresses governance and runtime controls for autonomous agents. | |
| NIST AI RMF | AI RMF requires governance plus operational risk controls for AI systems. |
Map agent oversight to AI RMF governance, then enforce access through identity and revocation controls.
Related resources from NHI Mgmt Group
- How should teams use cybersecurity benchmark reports in identity governance planning?
- How should teams use DSPM findings in identity governance reviews?
- How should security teams handle disconnected applications that sit outside identity tooling?
- Why do AI support agents change identity governance in customer service?
