Model governance is the set of controls that decides which foundation models can be used for which agent types and use cases. It links platform choice to security policy, because the model selection influences data exposure, tool behaviour, and the risk profile of the resulting agent.
Expanded Definition
Model governance is the policy layer that determines which foundation models are approved for which agent types, workflows, and risk tiers. In NHI security, it sits between platform inventory and runtime controls, because the selected model can alter prompt handling, tool invocation patterns, retention behaviour, and exposure of secrets or sensitive data.
Definitions vary across vendors, but in practice model governance covers approval criteria, prohibited model classes, review cadence, exception handling, and traceability from use case to model version. It should be treated as a security control, not just an AI procurement activity. That distinction matters because a model that is acceptable for summarization may be unacceptable for an autonomous agent with write access, external API reach, or access to regulated data. The NIST Cybersecurity Framework 2.0 reinforces the need to govern technology choices through enterprise risk management, which maps closely to this term.
In NHI programs, model governance is often paired with agent policy, secret scoping, and environment segmentation so that the model’s capabilities match the authority granted to the agent. The most common misapplication is treating model approval as a one-time procurement decision, which occurs when teams reuse the same model across higher-risk agents without re-evaluating data access and tool permissions.
Examples and Use Cases
Implementing model governance rigorously often introduces review overhead and slower experimentation, requiring organisations to weigh innovation speed against the risk of misaligned model capability.
- An enterprise allows a smaller, constrained model for internal ticket triage, but blocks the same model from agents that can trigger payments or change IAM policy.
- A platform team requires approval before any agent can use a model with external browsing or long-context memory, because those features increase leakage and prompt injection exposure.
- A security team ties model choice to use case classification, using one model for non-sensitive content generation and another for regulated data processing after review against the Ultimate Guide to NHIs — Regulatory and Audit Perspectives.
- An organisation catalogues approved model versions and retirement dates so autonomous agents do not silently continue operating on deprecated behaviour.
- Architects reference the Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs when linking model onboarding to operational review and decommissioning.
These patterns align with broader governance expectations in the NIST Cybersecurity Framework 2.0, where asset and risk management must reflect actual operational exposure, not just vendor feature lists. For deeper threat context, the Top 10 NHI Issues highlights how poor control over identity-enabled systems amplifies downstream risk.
Why It Matters in NHI Security
Model governance matters because the model determines how an agent interprets prompts, handles context, and decides whether to call tools. If the wrong model is approved, the organisation can unintentionally widen data exposure, increase prompt injection susceptibility, or allow an agent to behave more autonomously than intended. That risk compounds when the model interacts with secrets, privileged connectors, or production systems.
NHIMG research shows that 72% of organisations have experienced or suspect a breach of non-human identities, which underscores how often governance gaps become operational incidents rather than theoretical concerns. When model choice is unmanaged, security teams may discover that the real issue is not the agent framework itself, but the combination of model capability and overbroad authority. The 2024 ESG Report: Managing Non-Human Identities is a useful reminder that identity failures usually surface at scale, after exposure has already occurred.
Organisations typically encounter model governance failures only after an agent leaks data, executes an unintended action, or is found to have used an unapproved model in production, at which point model governance becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agentic AI guidance treats model selection as part of the agent risk surface. | |
| NIST AI RMF | AI RMF frames model choice as a governable risk decision across the lifecycle. | |
| NIST CSF 2.0 | GV.RM-01 | Risk management governance covers technology selection and control decisions. |
Document model risks, review changes, and link approvals to measurable impact and reliability criteria.
