An identity made up of more than one control relationship, typically a human owner, an AI agent, and the credentials or services the agent uses. It matters because accountability, access scope, and runtime behaviour all have to be governed together, not as separate problems.
Expanded Definition
Composite Identity describes a single operational identity that is assembled from multiple control relationships: a human owner, an AI agent with execution authority, and the credentials, services, or delegated permissions the agent can use. In NHI management, the point is not just who initiated the action, but which identity chain can actually act, approve, rotate, and revoke at runtime. That makes Composite Identity a governance pattern, not a credential type.
Definitions vary across vendors because some treat this as a policy construct while others describe it as an application architecture pattern. In practice, the model aligns closely with least privilege, delegated authority, and traceable accountability in NIST Cybersecurity Framework 2.0. It is especially relevant where an agent can call tools, retrieve secrets, or trigger workflows under a human sponsor’s authority. NHIMG’s guidance on the Ultimate Guide to NHIs frames this as a visibility and lifecycle problem as much as an access problem. The most common misapplication is treating the human owner and agent credentials as separate identities, which occurs when approvals exist but runtime permissions are not bound to the same governance record.
Examples and Use Cases
Implementing Composite Identity rigorously often introduces more orchestration and review overhead, requiring organisations to weigh better accountability against slower change and tighter policy design.
- A finance operations agent drafts payment exceptions, but a named human approver must remain tied to the same identity record before execution is allowed.
- A developer copilots deployment steps through an AI agent, while the agent’s tokens, service account, and rollback permissions are governed as one composite unit.
- A support workflow lets an agent open, enrich, and route tickets, but the human owner is still responsible for access review and offboarding decisions.
- An enterprise uses Top 10 NHI Issues to prioritise composite access paths where a single mis-scoped token could let an agent act outside sponsor intent.
- Teams reference 52 NHI Breaches Analysis when mapping how a compromised secret can cascade through an agent, a service account, and downstream tooling.
For implementation language, the identity chain should be represented in policy and logging as one governed unit, even when the underlying artifacts are separate. That is where NIST Cybersecurity Framework 2.0 becomes useful for control mapping, because it supports linking identity, access, and monitoring responsibilities across systems.
Why It Matters in NHI Security
Composite Identity matters because compromise rarely stays confined to one layer. If a human sponsor, agent runtime, and secret store are governed independently, accountability fragments and revocation becomes incomplete. That creates blind spots in offboarding, privilege review, and incident response. NHIMG research shows that 97% of NHIs carry excessive privileges, and 96% of organisations store secrets outside secrets managers in vulnerable locations including code, config files, and CI/CD tools. Those conditions are especially dangerous when an agent inherits broad authority from a human workflow but the supporting credentials are never re-evaluated together.
The security consequence is not only unauthorized access, but also ambiguous responsibility after a delegated action causes damage. Composite Identity makes it possible to answer who approved, what executed, and which permissions were active at the moment of use. It also supports better containment when a token, agent, or service account has to be revoked without breaking unrelated business functions. Organisations typically encounter the need for Composite Identity only after a delegated action, secret leak, or agent misuse has already occurred, at which point the identity chain becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agent authority and tool use map directly to composite identity risk. | |
| OWASP Non-Human Identity Top 10 | NHI-01 | Composite identities require clear ownership and lifecycle tracking across NHI relationships. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access and role governance apply to composite identity chains. |
Review delegated permissions together and revoke excess access across the whole chain.
