An agent that behaves like legitimate user activity but does not identify itself to the platform. These sessions are difficult because they often run on real devices and inherit normal browser characteristics, so the trust decision must rely on behaviour, context, and workflow sensitivity rather than declaration.
Expanded Definition
A non-disclosing agent is an autonomous or semi-autonomous software entity that consumes services, completes workflows, and appears operationally ordinary, while withholding any explicit signal that it is an agent. In NHI terms, the security problem is not simply “who logged in,” but whether the session should be trusted when it behaves like a normal user and may even run on a real device with familiar browser traits. That makes declaration-based policy weak on its own.
The practical distinction is between identity proof and behavioural inference. A disclosed agent can be governed through registration, scoped credentials, and policy-based oversight. A non-disclosing agent instead forces defenders to evaluate context, task sensitivity, request patterns, and downstream impact. This is why guidance is still evolving across vendors: no single standard governs this yet, and operational definitions vary in how much “agent-like” autonomy is required before a session should be treated as an AI agent rather than a user script. For broader NHI governance context, see Ultimate Guide to NHIs — 2025 Outlook and Predictions and the NIST AI Risk Management Framework.
The most common misapplication is treating any browser session as human by default, which occurs when telemetry lacks an explicit agent declaration and the workflow is assumed to be low risk.
Examples and Use Cases
Implementing controls for non-disclosing agents rigorously often introduces friction in user experience and incident triage, requiring organisations to weigh seamless automation against stronger trust decisions.
- A customer support workflow uses a browser-based agent to open tickets and retrieve account data without identifying itself to the application.
- A code-assist workflow acts through a standard browser session, making requests that resemble a human developer while using tool access behind the scenes. This pattern is consistent with the risks discussed in OWASP NHI Top 10 and the external OWASP Top 10 for Agentic Applications 2026.
- A procurement agent submits forms, reads confirmations, and follows redirect chains that mirror an employee’s normal browser behaviour.
- A finance automation session runs on a managed laptop, inherits cookies and device reputation, and is therefore hard to distinguish from a legitimate user without workflow context.
- A security team investigates anomalous access after a breach and finds that the session was never marked as automated, similar to patterns described in the AI LLM hijack breach.
Why It Matters in NHI Security
Non-disclosing agents matter because they erase the traditional boundary between user identity and machine execution. If a platform cannot reliably tell when a session is an agent, then RBAC, approval flows, logging, and anomaly detection can all be evaluated against the wrong trust model. That creates a direct path to over-permissioned access, silent data exposure, and missed containment opportunities when a workflow is abused.
NHIMG research shows that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, which is a strong indicator that hidden automation belongs in the core threat model, not the margin. The issue also intersects with agentic AI governance because concealed execution can bypass controls designed for declared tools and registered workloads. The Moltbook AI agent keys breach shows how quickly agent trust assumptions become operational liabilities, while the Anthropic report on the first AI-orchestrated cyber espionage campaign and the MITRE ATLAS adversarial AI threat matrix reinforce that agent behaviour can be weaponised.
Organisations typically encounter the consequences only after a suspicious workflow, fraud event, or data exfiltration investigation, at which point non-disclosing agent handling becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Hidden agents often rely on unmanaged secrets and unclear ownership. |
| OWASP Agentic AI Top 10 | A1 | Non-disclosing agents fit agentic misuse where execution is concealed from the platform. |
| NIST AI RMF | GOVERN | AI RMF requires governance and transparency for AI system behavior and impact. |
Classify opaque automation as an agentic risk and require explicit governance before tool use.
