Agent Dependency Graph

An agent dependency graph is a structured map of everything an AI agent relies on to function, including models, APIs, databases, sub-agents, and business applications. It gives security teams a way to see both technical connectivity and identity relationships in one view.

Expanded Definition

An agent dependency graph is more than a service map. In NHI security, it captures the full chain of execution dependencies that an AI agent needs to complete work, including upstream models, tool APIs, databases, queues, sub-agents, and the identities used to reach each system. It is useful because the graph shows both connectivity and trust boundaries, which is essential when an agent can call tools autonomously.

Definitions vary across vendors about whether the graph should include only runtime dependencies or also human approval points, policy engines, and secret stores. NHI Management Group treats those controls as part of the operational dependency picture because they shape what the agent can actually do. This aligns with the broader risk framing in the OWASP Top 10 for Agentic Applications 2026 and the governance lens in the NIST AI Risk Management Framework.

The most common misapplication is treating the graph as a static architecture diagram, which occurs when teams ignore ephemeral tool calls, dynamic credentials, and agent-to-agent delegation.

Examples and Use Cases

Implementing an agent dependency graph rigorously often introduces mapping and maintenance overhead, requiring organisations to weigh visibility into agent behavior against the cost of continuous discovery.

• An enterprise sales agent uses CRM, email, and ticketing APIs; the graph shows which service accounts, tokens, and approval paths each call depends on.
• A coding agent invokes package registries and CI/CD tooling; the graph reveals whether a compromise in one sub-agent can reach signing keys or deployment pipelines, as seen in cases discussed in the LiteLLM PyPI package breach.
• A customer support agent routes requests through a retrieval layer and knowledge base; the graph identifies which data stores are exposed to which prompts and which identities can query them.
• A multi-agent workflow delegates planning to one agent and execution to another; the graph documents inter-agent trust, a theme consistent with the OWASP NHI Top 10 and the external CSA MAESTRO agentic AI threat modeling framework.
• A procurement agent touches ERP, vendor portals, and secrets managers; the graph helps separate business workflow dependencies from privileged identity dependencies.

Why It Matters in NHI Security

An agent dependency graph is a control surface for blast radius. When an agent is compromised, the graph helps security teams understand which systems, secrets, and delegated identities are exposed next. That matters because NHI incidents often spread through overlooked relationships rather than a single broken login. In NHI Mgmt Group research, only 5.7% of organisations have full visibility into their service accounts, which means most environments already lack the baseline needed to reason about agent-linked access paths.

The graph becomes especially important when teams need to assess whether an agent holds excessive privilege, whether a sub-agent inherits credentials, or whether a tool connection crosses a trust boundary that was never approved for autonomous use. It also supports Zero Trust and governance review by making implicit trust explicit, especially when combined with guidance from the NIST AI Risk Management Framework and the MITRE ATLAS adversarial AI threat matrix.

Organisations typically encounter the need for an agent dependency graph only after a tool compromise, token theft, or unexpected lateral movement makes the agent’s hidden connections operationally unavoidable to address.

Related resources from NHI Mgmt Group

• AI Agent Authentication
• Agent Graph
• Agent Security Graph
• Dependency graph