A security model that governs where data can travel, not just who can enter a system. In agentic AI, it limits what the model can retrieve, combine, store, or reveal based on context, sensitivity, and policy, making exposure prevention part of identity governance.
Expanded Definition
Information-flow control is the discipline of constraining how data moves after it enters a system. In NHI security, the question is not only whether an AI agent or service account is authenticated, but whether it is permitted to combine, persist, transform, or disclose specific data across contexts. That makes it a closer fit for NIST Cybersecurity Framework 2.0 concepts around protecting information assets than a simple access-control rule.
For agentic systems, the control boundary often extends beyond static permissions. A model may be allowed to retrieve a record, but not to mix it with another tenant’s data, export it into logs, or reveal it in a downstream tool call. Definitions vary across vendors, but the practical pattern is consistent: policy follows the data and the context, not just the login event. NHI Management Group treats this as a core governance layer for preventing sensitive data exposure in autonomous workflows. The most common misapplication is treating information-flow control as a proxy for RBAC, which occurs when teams assume an authenticated agent can safely move data anywhere its token reaches.
Examples and Use Cases
Implementing information-flow control rigorously often introduces workflow friction, requiring organisations to weigh stronger exposure prevention against slower agent execution and more complex policy design.
- An agent can read customer tickets, but policy blocks it from copying payment details into a summarisation prompt or external support tool.
- A service account can access production telemetry, but it cannot transfer secrets into a shared vector store or long-term memory index.
- A retrieval pipeline can pull policy-approved documents, but it is prevented from combining confidential HR data with public web sources in a single output.
- A machine-to-machine integration can send alerts to a SIEM, but redaction rules stop it from forwarding raw tokens or certificates.
- An organisation maps agent data movement rules to guidance in the Ultimate Guide to NHIs — Standards, then validates the same policy path against NIST Cybersecurity Framework 2.0 so the control is enforceable across identities and systems.
In practice, this term is most visible when autonomy is combined with multiple data sources, because policy must decide not just what the agent can see, but what it can infer, retain, and emit.
Why It Matters in NHI Security
Information-flow control matters because NHI compromise is often an exposure problem before it becomes a takeover problem. If a service account, API key, or agent can move sensitive data too freely, one poisoned prompt, overbroad connector, or misrouted export can turn a narrow access event into enterprise-wide leakage. NHI Management Group reports that 79% of organisations have experienced secrets leaks, and 77% of those incidents resulted in tangible damage, which shows how often data movement failures become business incidents. That risk is amplified when secrets, prompts, logs, and retrieved documents are treated as separate concerns instead of one governed data path.
Strong information-flow control also supports Zero Trust by reducing implicit trust between agents, tools, and datasets. It helps prevent silent propagation of sensitive context into places that are hard to monitor or revoke later. It is especially relevant where organisations expose NHIs to third parties, because downstream systems can become unexpected disclosure channels. Organisations typically encounter the need for information-flow control only after a model leaks sensitive content into logs, tickets, or an external integration, at which point the term becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-06 | Data exposure paths in NHI workflows are governed through misuse-resistant flow controls. |
| NIST CSF 2.0 | PR.DS | Protecting data integrity and confidentiality directly maps to controlled information movement. |
| NIST Zero Trust (SP 800-207) | SC | Zero Trust requires explicit policy for every resource access and data exchange path. |
Restrict agent and service-account data movement so sensitive inputs cannot be copied, combined, or exfiltrated.
