The practice of governing software actors that can choose actions, tools, and timing in production workflows. It extends identity, authorization, logging, and lifecycle control to agents so their behaviour is tied to a verifiable principal and a revocable permission set.
Expanded Definition
Agentic security is the set of controls that makes autonomous software accountable as a governed identity, not just a model or application. In practice, it ties an agent’s tool use, action scope, approval path, logging, and revocation mechanics to a verifiable principal with explicit permissions. That distinction matters because an agent can initiate work, chain prompts, call APIs, and persist state without a human present. The concept overlaps with NHI governance, privileged access, and AI safety, but it is narrower than general AI risk management and more operational than policy-only guidance. Industry usage is still evolving, so definitions vary across vendors, but the core expectation is consistent: if an agent can act in production, its authority must be bounded and auditable. NIST’s NIST AI Risk Management Framework is useful here because it treats trust, traceability, and accountability as management obligations rather than optional add-ons. The most common misapplication is treating agentic security as a model-safety issue alone, which occurs when teams secure prompts but leave credentials, tool scopes, and execution rights unmanaged.
Examples and Use Cases
Implementing agentic security rigorously often introduces workflow friction, requiring organisations to weigh autonomous speed against tighter approval and rollback controls.
- An engineering agent can open pull requests, but it should only reach repositories through a scoped service principal with monitored write permissions, not a shared API token. Guidance in the OWASP Agentic AI Top 10 supports this separation of identity from model behaviour.
- A customer-support agent can draft refund actions, yet any high-value transaction should require human approval and step-up controls before execution.
- An operations agent can query observability tooling, but it should be denied blanket access to secret stores and limited to time-bound, task-specific permissions.
- Security teams can use NHIMG’s AI LLM hijack breach research to see how compromised AI access becomes a direct enterprise risk when agent credentials are reused or exposed.
- For deeper implementation patterns, NHIMG’s OWASP NHI Top 10 coverage helps map agent authority to identity, secrets, and lifecycle controls.
These use cases are less about whether an agent is “smart” and more about whether its permissions are revocable, observable, and constrained by policy.
Why It Matters in NHI Security
Agentic security matters because autonomous actions can turn a small credential or routing mistake into rapid, large-scale misuse. NHIMG research shows that 45% of organisations cite lack of credential rotation as the top cause of NHI-related attacks, with inadequate monitoring and logging at 37% and over-privileged accounts at 37%, which is exactly the control surface agentic systems expand. If an agent can authenticate, call tools, and persist across workflows, then a compromised token becomes an active operator rather than a passive secret. That is why agentic security must include secret handling, identity binding, policy enforcement, session expiry, and tamper-evident logging. The same logic appears in the MITRE ATLAS adversarial AI threat matrix and the CSA MAESTRO agentic AI threat modeling framework, both of which emphasise adversary manipulation of AI-enabled workflows. Organisations typically encounter the need for agentic security only after an agent leaks data, executes an unsafe tool call, or is hijacked through a compromised NHI, at which point the term becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A1 | Agentic systems need identity, tool, and action controls across the attack surface. |
| OWASP Non-Human Identity Top 10 | NHI-02 | Agentic security depends on strong secret and credential management for non-human actors. |
| NIST AI RMF | Frames trustworthiness, accountability, and traceability for AI-enabled systems. |
Operationalize traceability, oversight, and incident response for every production agent.
