A security model that treats the AI agent itself as the thing being governed, not just the prompt, model, or hosting application. It focuses on what the agent can access, what actions it can chain, and how those actions are observed and constrained.
Expanded Definition
Agent-centric security shifts the unit of control from the application shell to the AI agent as an operational actor. That matters because an agent can chain prompts, call tools, request secrets, invoke APIs, and persist state across steps, creating risk that is not visible if teams only inspect the model or the front-end. In NHI and IAM practice, this means governing the agent’s identity, entitlements, session boundaries, and action scope together, rather than treating access as a one-time prompt problem.
Usage in the industry is still evolving, and definitions vary across vendors. Some teams use the phrase to describe runtime policy enforcement around tool use, while others use it to mean lifecycle governance for agent credentials and delegated authority. NHI Management Group treats it as a security posture where every action the agent can take is explicitly bounded, logged, and reviewed. This aligns closely with the concerns raised in the OWASP Top 10 for Agentic Applications 2026 and the NIST AI Risk Management Framework.
The most common misapplication is to secure the model endpoint while leaving tool access, delegated tokens, and downstream execution paths effectively ungoverned, which occurs when teams confuse prompt safety with agent control.
Examples and Use Cases
Implementing agent-centric security rigorously often introduces more policy, logging, and approval overhead, requiring organisations to weigh autonomous execution speed against the cost of tighter containment.
- A customer-support agent can draft replies but is blocked from issuing refunds unless a separate approval step confirms the transaction context.
- An engineering agent can open pull requests and run tests, but it cannot read production secrets unless the session is re-authorised through controlled NHI access paths.
- A finance workflow agent may query invoices through an API, yet its token is restricted to read-only actions and short-lived session scope.
- Threat researchers use the pattern described in OWASP NHI Top 10 to map where an agent could be induced to exceed intended authority through chained tool calls.
- Teams studying real-world compromise patterns, such as the AI LLM hijack breach, often use agent-centric controls to contain abuse after prompt injection or tool misuse.
- Security architects align workflow boundaries with the CSA MAESTRO agentic AI threat modeling framework and the broader guidance in the Ultimate Guide to NHIs.
Why It Matters in NHI Security
Agent-centric security closes the gap between an AI agent’s nominal purpose and its actual blast radius. Without it, organisations can end up granting broad, persistent, or untraceable access to a software actor that operates faster than manual review can keep up. That is especially dangerous in environments where NHIs already outnumber human identities by 25x to 50x and 97% carry excessive privileges, according to NHI Management Group’s Ultimate Guide to NHIs. The result is not only access sprawl but also weak incident containment, because the agent may still hold valid tokens after a compromise is suspected. This is why agent-centric security must be paired with short-lived credentials, observable action trails, and explicit revocation paths.
The risk becomes clearer when organisations can no longer explain why an agent touched a system, what it accessed, or which tool chain produced the action. Research on the State of Non-Human Identity Security shows that only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, which mirrors the uncertainty many teams face once agents begin acting on their behalf. Practitioner insight: organisations typically encounter agent-centric security as a hard requirement only after an agent has already caused an unauthorized action, at which point containment, attribution, and credential revocation become operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A5 | Addresses excessive agency and unsafe tool use in autonomous AI systems. |
| OWASP Non-Human Identity Top 10 | NHI-02 | Agent security depends on controlling secrets, tokens, and delegated access paths. |
| NIST AI RMF | Supports governed, measurable risk treatment for AI-enabled systems and actors. |
Document agent risks, monitor runtime behavior, and enforce controls proportional to impact.
