Access that is initiated or transformed through an AI tool rather than a direct human action alone. In practice, the identity controls underneath the tool still determine who can reach data, what the tool can expose, and whether the resulting activity is auditable.
Expanded Definition
AI-mediated access describes access flows where an AI tool acts as the operational intermediary between a person and a protected resource. The AI may draft, route, transform, or execute the request, but the underlying trust model still depends on the identity attached to the tool, the service account, or the delegated token. That makes the concept more specific than simple automation: the AI is not just a workflow step, it can change what is requested, how much is revealed, and what gets logged.
In NHI security, this term sits at the intersection of delegated authorization, auditability, and tool privilege. The core question is not whether a human started the interaction, but whether the AI is acting within a bounded identity context that can be reviewed and constrained. Guidance varies across vendors on how to model this boundary, so practitioners should treat it as an identity-and-control problem first, and an interface problem second. The OWASP Non-Human Identity Top 10 is a useful reference for understanding how hidden privilege and weak secret governance can turn mediated access into exposure.
The most common misapplication is treating the AI tool as a neutral assistant, which occurs when the request path is allowed to inherit broad backend privileges without explicit scoping or logging.
Examples and Use Cases
Implementing AI-mediated access rigorously often introduces a trust-boundary constraint, requiring organisations to weigh faster user workflows against tighter token scoping, approval logic, and audit requirements.
- An employee asks an AI assistant to retrieve a document from a ticketing or knowledge platform, and the tool accesses it through a delegated service identity rather than the employee’s direct session.
- A developer uses an AI coding assistant that can read repository secrets or configuration files, which creates exposure risk if the assistant is not constrained to the minimum necessary context; see Ultimate Guide to NHIs.
- An AI agent submits an API request on behalf of a user, but the effective privilege comes from the agent’s token scope, not the person’s role, a pattern that aligns with the identity concerns described in the OWASP Non-Human Identity Top 10.
- A support bot generates a response from customer records and transactional data, where access must be limited and logged so that the AI cannot broaden retrieval beyond the approved record set.
- An internal workflow uses an AI tool to open, classify, and route security incidents, which is useful only if the mediation layer preserves clear attribution for every action.
Why It Matters in NHI Security
AI-mediated access becomes a security issue when organisations lose sight of which identity actually performed the action. If the AI holds long-lived credentials, overbroad scopes, or reusable tokens, then a helpful interface can become an exfiltration path, a privilege escalation path, or an untraceable decision layer. This is especially dangerous when secrets are embedded in prompts, tool connectors, or backend workflows, because the access surface expands beyond the user’s immediate session.
NHIMG research on compromised NHIs shows how quickly exposed credentials are targeted in the wild, with attackers attempting access within an average of 17 minutes when AWS credentials are public, and as quickly as 9 minutes in some cases, as reported in LLMjacking: How Attackers Hijack AI Using Compromised NHIs. That risk is amplified in mediated AI flows because the attacker may not need to attack the human at all, only the service identity behind the assistant. For broader breach patterns, the 52 NHI Breaches Analysis and the DeepSeek breach illustrate how exposed identities, secrets, and backend access can cascade into larger data exposure events.
Organisations typically encounter the operational reality of AI-mediated access only after a prompt, tool call, or automated action leaks data or triggers an unauthorised change, at which point the term becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers secret exposure and misuse in non-human identities behind AI tools. |
| NIST CSF 2.0 | PR.AC-1 | Access control must account for machine-mediated actions and delegated privilege. |
| NIST Zero Trust (SP 800-207) | SC-4 | Zero trust requires continuous verification of every mediated request and session. |
Bind AI actions to explicit identities and verify authorization before tool execution.
