Delegated intent is the machine-verifiable statement of what a human authorised an agent to do, for which purpose, and within which scope. It becomes a governance boundary when linked to the principal, the resource, the trust level, and the policy version active at the time of execution.
Expanded Definition
Delegated intent is the recordable, machine-verifiable expression of authorisation for an AI agent to act on behalf of a human principal. In NHI governance, it is not the action itself, but the bounded permission behind the action: what may be done, for which purpose, against which resource, under which trust level, and using which policy version.
The term sits between identity, policy, and execution. It is narrower than a general permission grant because it ties a specific instruction to a specific context, and it is broader than a simple token because it carries semantic meaning that can be evaluated before, during, and after agent activity. This makes it especially relevant where agent behaviour must be auditable under frameworks such as the NIST Cybersecurity Framework 2.0.
Definitions vary across vendors on whether delegated intent should be stored as a policy object, an event record, or a signed claim, but no single standard governs this yet. The most common misapplication is treating a broad service credential as delegated intent, which occurs when teams confuse standing access with a time-bound, purpose-bound authorisation.
Examples and Use Cases
Implementing delegated intent rigorously often introduces policy complexity, requiring organisations to weigh tighter control and better auditability against extra orchestration overhead.
- An employee approves an AI agent to generate a customer-facing support response only for one ticket thread, with a five-minute execution window and read-only access to the relevant case record.
- A finance agent is allowed to reconcile invoices, but only for a named vendor list, only during business hours, and only after a human reviewer signs the intent record.
- A developer delegates intent to an automation agent to open a single pull request against a specific repository, while blocking secret access and production deployment actions.
- A procurement workflow records intent for an agent to compare renewal offers, using the policy version active at approval time so later changes do not rewrite the original scope.
- Security teams use delegated intent alongside NHI governance controls described in the Ultimate Guide to NHIs to distinguish permitted automation from uncontrolled agent activity.
In practice, delegated intent is often paired with external identity and authorisation mechanisms such as OAuth-style scoped access or workload identity patterns, but the intent record remains the governance layer that explains why an agent was allowed to act.
Why It Matters in NHI Security
Delegated intent matters because it turns agent activity into something that can be governed, reviewed, and revoked with precision. Without it, organisations tend to rely on broad credentials, shared tokens, or informal operator assumptions, all of which make it difficult to prove whether an agent stayed within authorised bounds. That gap directly increases exposure when NHIs are over-privileged, under-monitored, or difficult to offboard, problems highlighted in the Ultimate Guide to NHIs.
NHIMG research shows that Ultimate Guide to NHIs reports 97% of NHIs carry excessive privileges, which helps explain why intent-based controls matter so much when agents can inherit reach far beyond what a human intended. Delegated intent also supports the NIST Cybersecurity Framework 2.0 emphasis on controlled access, traceability, and governance.
Organisations typically encounter the consequences only after an agent overreaches, at which point delegated intent becomes operationally unavoidable to reconstruct authorisation and contain blast radius.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agentic AI guidance focuses on bounded tool use and human authorization of agent actions. | |
| OWASP Non-Human Identity Top 10 | NHI-04 | Intent records help govern non-human access by tying action to principal, scope, and purpose. |
| NIST CSF 2.0 | PR.AA | Access authorization principles align with verifying who approved what the agent may do. |
Map delegated intent to authorization controls and review approvals whenever the policy version changes.
