Start by aggregating identity data from cloud platforms, SaaS tools, directories, CI/CD systems, and secrets stores into one operational view. Then classify each identity by owner, purpose, and risk so unmanaged accounts do not disappear into separate tooling silos. A usable inventory is one that supports review and remediation, not just counting.
Why This Matters for Security Teams
Hidden machine and AI identities are often the first place attackers look because they are easier to miss than human users and usually carry broad access to code, cloud, and data planes. Static inventories built from one system never capture the full picture when identities are created in CI/CD, embedded in automation, or minted for agents at runtime. NIST’s NIST Cybersecurity Framework 2.0 makes asset visibility foundational, but identity visibility is now part of that baseline.
That gap matters because secrets and tokens move fast. NHIMG research on LLMjacking shows exposed AWS credentials can be targeted within minutes, and the State of Secrets in AppSec report shows how fragmented secrets management slows remediation. In practice, many security teams encounter unmanaged machine identities only after a leak, failed audit, or unexpected cloud spend has already exposed the gap.
How It Works in Practice
The most usable inventory is built by correlating identity signals across cloud providers, SaaS platforms, directories, CI/CD systems, secrets managers, and workload observability. Start with the sources that create or issue credentials, then normalize records into a single model with fields for owner, workload, purpose, environment, privilege scope, issuance method, and expiration. That makes it possible to separate a legitimate service account from a stale API key or an AI agent token that was issued for a single task.
For machine identities, treat the credential as only one signal. The stronger question is what workload the identity proves and whether that workload is still expected to exist. For agentic systems, use workload identity primitives such as SPIFFE or OIDC where possible, because they bind identity to the running workload rather than to a static shared secret. For traditional secrets, focus on discovery plus rotation plus revocation, not discovery alone. A discovered key that remains active is still an exposed identity.
- Pull identity data from cloud IAM, Kubernetes, CI/CD runners, secret stores, and SaaS app registrations.
- Deduplicate by owner and purpose, then tag anything without a clear business or technical owner as unmanaged.
- Map privilege and last-used signals so stale identities can be revoked before they are reused.
- Track AI agent credentials separately from service accounts because their access patterns are dynamic and task-driven.
For AI and autonomous workflows, current guidance suggests adding runtime context to the inventory: which agent requested access, which tool it called, and whether the token was JIT-issued for a bounded task. That aligns with emerging work in DeepSeek breach lessons and the broader shift toward agent-aware governance described by NIST Cybersecurity Framework 2.0. These controls tend to break down in multi-cloud environments with shadow IT because identity creation happens faster than central catalog updates.
Common Variations and Edge Cases
Tighter identity inventory often increases operational overhead, requiring organisations to balance visibility against the cost of constant reconciliation. That tradeoff is especially real in environments with ephemeral containers, short-lived build agents, and AI workloads that spin up identities per task. There is no universal standard for this yet, so teams should treat the inventory as a living control plane rather than a one-time register.
One common edge case is shared automation accounts used by multiple pipelines. Those identities look efficient, but they make ownership and blast radius analysis much harder. Another is vendor-managed agents or integrations that authenticate with opaque backend tokens. Those should still be inventoried, but the record may need to show the business owner, contract owner, and revocation path instead of full technical details.
Best practice is evolving toward dual classification: one view for traditional machine identities and one for agentic identities that can chain tools, request additional permissions, or change behaviour based on context. The JetBrains GitHub plugin token exposure is a good reminder that developer tooling can quietly introduce high-value identities into places defenders do not routinely inspect. Identity inventories lose value when they become static spreadsheets, so the real test is whether the team can detect drift, assign ownership, and remove access quickly.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Identity discovery and classification are core to hidden NHI inventory. |
| OWASP Agentic AI Top 10 | AGENT-03 | Agent tokens and runtime access need agent-aware inventory and control. |
| NIST CSF 2.0 | ID.AM-01 | Asset management requires knowing what identities exist across environments. |
Extend asset inventory to include service accounts, tokens, and agent identities.
Related resources from NHI Mgmt Group
- How should security teams implement policy-based provisioning for machine identities?
- How should security teams evaluate a platform that covers human, NHI, and AI agent identities?
- How should security teams govern non-human identities at scale?
- How should security teams govern non-human identities for compliance?
