Agency is what an identity is allowed to do, on whose behalf, with what scope, and for how long. For autonomous or semi-autonomous systems, this is more important than login status because the control problem is about delegated action, not mere authentication.
Expanded Definition
Agency describes the delegated action boundary of an identity: what it can do, on whose behalf, within which systems, and for how long. In NHI governance, that boundary matters more than simple login status because an agent, service account, workload, or API key can be fully authenticated yet still be dangerously over-empowered.
The term overlaps with authorization, delegation, and privilege management, but it is not identical to any one of them. Authorization answers whether an action is allowed; agency asks whether the identity should possess the ability to act at all, at that scope, under that delegation model. This is especially relevant for autonomous software, where execution authority may be passed through tool chains, workflows, or token exchange rather than interactive sign-in. Guidance across vendors is still evolving, so teams should treat agency as a control design concept, not a branding label. The NIST Cybersecurity Framework 2.0 helps frame this as a governance and access-control problem, while NHI programs use agency to reason about bounded delegation across machine actors.
The most common misapplication is equating agency with successful authentication, which occurs when a valid token is assumed to justify broad or persistent action rights.
Examples and Use Cases
Implementing agency rigorously often introduces tighter delegation boundaries and more token choreography, requiring organisations to weigh operational speed against blast-radius reduction.
- A CI/CD pipeline can deploy code only to a defined environment and only for the duration of a release window, rather than holding standing credentials for broad infrastructure access.
- An AI agent can open tickets or query a knowledge base, but cannot approve payments or modify production secrets unless a separate delegation path is explicitly granted.
- A service account used for database migration receives time-limited access and a narrow schema scope, then loses that agency automatically after the job completes.
- A third-party integration receives an API token that is restricted to one tenant and one workflow, preventing the token from acting across unrelated customer data.
- The Ultimate Guide to NHIs shows why this matters across lifecycle controls, especially where rotation, offboarding, and visibility determine whether delegated power remains acceptable over time.
In standards terms, this aligns with least privilege and bounded trust in NIST Cybersecurity Framework 2.0, even when the identity is not human.
Why It Matters in NHI Security
Agency is where NHI risk becomes operationally material. An identity with unnecessary scope, duration, or delegation rights can move from a convenience layer into an attack path. That is why NHI incidents often involve excessive privileges, stale tokens, and unclear ownership rather than outright credential theft alone. NHI Mgmt Group reports that only 5.7% of organisations have full visibility into their service accounts, which means most teams cannot confidently describe what their machine identities are empowered to do. Once agency is hidden, revocation becomes slow, and compromised automation can persist unnoticed.
Security teams need to connect agency to Zero Trust, privileged access, and lifecycle governance, because a token that can act broadly is effectively an unbounded actor. This is also where misuse of AI agents becomes dangerous: if the agent can call tools, write data, or chain actions without enforced limits, then compromise of the agent logic becomes compromise of its authority.
Organisations typically encounter agency as an urgent problem only after a service account, API key, or agent account is abused in production, at which point delegated scope and duration become operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Agency is bounded delegation, which maps to machine identity privilege and scope control. |
| NIST CSF 2.0 | PR.AC-4 | Access permissions management under CSF supports least-privilege agency for identities. |
| NIST Zero Trust (SP 800-207) | Section 5 | Zero Trust requires continuously evaluated, explicitly granted access for every actor. |
Treat every machine actor as untrusted by default and re-evaluate delegated authority on each request.
