Organisations should shift governance from headcount assumptions to fleet management. That means knowing which agents exist, what each one can touch, and which human owner can answer for it. If the fleet cannot be counted and bounded, the security programme is already behind the operating model.
Why This Matters for Security Teams
When agents outnumber human operators, the control problem changes from user administration to fleet governance. Static reviews built for human staff do not scale to autonomous software that can spawn, chain tools, and request access at machine speed. The practical risk is not only volume but opacity: organisations often cannot say how many agents exist, what each one can reach, or who is accountable when behaviour changes mid-task. That is why NHI Management Group has found that NHIs already outnumber human identities by 25x to 50x in modern enterprises in the Ultimate Guide to NHIs. Current guidance also aligns with NIST AI Risk Management Framework principles that emphasise governance, mapping, and ongoing monitoring rather than one-time approval.
The mistake many teams make is treating every agent like a service account with a fixed role. Agents are goal-driven, so their access pattern is dynamic by design, not an exception to be logged after the fact. In practice, many security teams encounter over-privilege and unowned automation only after a tool-chaining incident has already expanded the blast radius.
How It Works in Practice
The operational answer is to manage agents as a bounded fleet, not as a pile of credentials. Each agent should have a discoverable identity, a named human owner, a defined purpose, and an explicit set of allowed actions. That means moving from static role assignment toward intent-aware authorisation, where policy is evaluated at request time based on the task, the data involved, the target system, and the runtime context. This is where current guidance suggests pairing policy-as-code with short-lived credentials and workload identity.
Practically, that usually means:
- issuing just-in-time credentials per task, then revoking them automatically on completion;
- using workload identity to prove what the agent is, rather than relying only on stored secrets;
- binding agent access to context such as environment, job type, data sensitivity, and approval state;
- logging every tool call so human operators can reconstruct the agent’s decision path later.
Frameworks such as the OWASP Agentic AI Top 10 and CSA MAESTRO agentic AI threat modeling framework both reinforce the need to treat tool access, delegation, and escalation as first-class controls. For NHI-specific lifecycle discipline, see NHIMG’s Ultimate Guide to NHIs and its emphasis on visibility, rotation, and offboarding. These controls tend to break down when agents are allowed to self-extend scope across multiple tools in loosely governed CI/CD or SaaS integration environments because the policy boundary no longer matches the execution boundary.
Common Variations and Edge Cases
Tighter agent governance often increases operational overhead, requiring organisations to balance speed of execution against auditability and revocation discipline. That tradeoff becomes sharper in multi-agent systems, where one agent delegates to another and the real actor is no longer obvious at the API layer. Best practice is evolving here, and there is no universal standard for every orchestration stack yet.
In high-change environments, teams often need a tiered model:
- low-risk agents receive narrow, pre-approved scopes with frequent revalidation;
- high-impact agents require explicit human approval or step-up controls before sensitive actions;
- internet-facing or cross-domain agents should default to Zero Standing Privilege and short TTLs;
- shared tooling should be isolated so one agent cannot inherit another agent’s privileges.
This is especially important in environments where agents can reach production, secrets stores, or third-party APIs. The recent focus in the OWASP NHI Top 10 and the MITRE ATLAS adversarial AI threat matrix reflects a broader reality: autonomous systems can fail in ways that are not proportional to their privileges. Organisations should therefore treat agent count as a security capacity issue, not just an operations metric.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A-03 | Agent delegation and tool misuse are central when fleets scale faster than humans. |
| CSA MAESTRO | M-2 | MAESTRO covers governance and threat modeling for multi-agent operational risk. |
| NIST AI RMF | AI RMF governance supports ongoing oversight of autonomous agent fleets. |
Model agent boundaries, trust zones, and escalation paths before deployment.
Related resources from NHI Mgmt Group
- How do organisations make identity controls audit-ready across human and non-human accounts?
- How do organisations reduce non-human identity risk without slowing automation?
- How should security teams govern non-human identities at scale?
- How should security teams govern non-human identities for compliance?
