A failure mode where an actor begins with a narrow, acceptable level of access or intent, then expands its effective authority as the session unfolds. In agentic systems, this often appears when the platform keeps trusting the interaction after the actor has already started to deviate from the original purpose.
Expanded Definition
runtime authority drift describes a condition in which an AI agent, service account, or other non-human identity starts within an approved scope but gradually accumulates effective power during execution. The scope may expand through reused tokens, inherited session context, permissive tool routing, or trust that was valid at launch but not rechecked later. In NHI security, this is distinct from simple privilege escalation because the expansion can occur without a single explicit permission change.
Definitions vary across vendors, but the core idea is consistent: the system’s live authority no longer matches the authority that was originally granted. This is especially relevant in agentic workflows where tool use, delegated actions, and chained calls can amplify risk. The control model should be anchored in Zero Trust principles, as reflected in the NIST Cybersecurity Framework 2.0, with continuous validation rather than one-time approval. The most common misapplication is treating a session-start authorization as sufficient for the entire workflow, which occurs when downstream actions are not re-authorised as context and tool access expand.
Examples and Use Cases
Implementing runtime authority controls rigorously often introduces latency and orchestration overhead, requiring organisations to weigh smoother agent execution against stricter step-by-step validation.
- An AI agent starts with read-only access to a ticketing system, then gains write capability through a delegated tool chain and quietly changes production settings.
- A service account used for a deployment run inherits broader CI/CD permissions than intended, allowing the session to reach secrets and repositories unrelated to the original task.
- An OAuth token remains valid after the agent’s purpose shifts, and the token is reused to access a sales record system outside the approved transaction path, similar to patterns discussed in the Salesloft OAuth token breach.
- A retrieval-augmented workflow begins with a constrained prompt, then appends higher-trust context from prior messages and starts invoking tools that were never part of the original approval.
These cases align with the broader NHI governance concerns documented by NHI Mgmt Group in the Ultimate Guide to NHIs, where long-lived access and weak revocation discipline repeatedly show up as control failures.
Why It Matters in NHI Security
Runtime authority drift matters because it turns a properly scoped identity into an unstable control surface. Once authority expands mid-session, audit assumptions break down: logs may show a legitimate identity performing actions that were never intended at issuance time, and incident responders must reconstruct not just who acted, but how the session became overpowered. This is especially dangerous for secrets-bearing identities, where a token that was acceptable at authentication can become a pathway to lateral movement, data exposure, or destructive automation.
NHIMG research shows the scale of the problem: 97% of identities carry excessive privileges, and 71% are not rotated within recommended time frames, conditions that make runtime overreach easier to exploit and harder to contain. The control lesson is to pair least privilege with continuous revalidation, bounded tool access, and tight session expiration. This aligns with NIST Cybersecurity Framework 2.0 expectations for adaptive protection and with the NHI governance priorities outlined by NHI Mgmt Group. Organisations typically encounter the operational cost of runtime authority drift only after an agent or service account has already made an out-of-scope change, at which point the term becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Runtime authority drift often begins with weak secret and session handling. |
| OWASP Agentic AI Top 10 | Agentic systems can expand tool authority during chained execution. | |
| NIST Zero Trust (SP 800-207) | Zero Trust requires continuous verification instead of trusting a live session. |
Bound NHI sessions tightly and revalidate tool access before each sensitive action.
