An attack exploiting inherited or cached credentials, delegated permissions, or implicit agent-to-agent trust to gain unauthorised access or escalate privileges. The primary intersection of agentic and NHI security.
Expanded Definition
Agent Identity Abuse (ASI03) describes a class of attacks where an OWASP Agentic AI Top 10-style weakness in delegated authority lets an attacker ride on inherited trust rather than break authentication outright. In NHI security, that usually means a compromised agent, cached token, service account, or tool connection is used to move laterally or escalate privileges.
Usage in the industry is still evolving, and definitions vary across vendors, but the security pattern is consistent: an autonomous Agent with execution authority is trusted more broadly than a human user, often because it must call tools, APIs, or other agents at machine speed. That makes ASI03 especially dangerous in workflows that blend NIST AI Risk Management Framework concerns with classic identity governance. The issue is not only stolen credentials; it is overbroad trust propagation across systems that were never designed for agent-to-agent delegation.
The most common misapplication is treating agent identity abuse like a normal account compromise, which occurs when inherited permissions, cached sessions, and tool scopes are not reviewed together.
Examples and Use Cases
Implementing controls for agent identity abuse rigorously often introduces latency and administrative overhead, requiring organisations to weigh automation speed against tighter trust boundaries.
- An AI coding agent inherits a developer’s cloud session and quietly provisions resources beyond the intended scope, creating an access path that looks legitimate until billing, logs, or data movement exposes the abuse.
- A customer support agent shares a delegated token with another service, and that token is later replayed to query records the original agent should not have reached. The trust chain, not the password, becomes the vulnerability.
- A workflow bot uses cached API credentials stored outside a secrets manager, echoing the broader exposure patterns documented in Ultimate Guide to NHIs.
- An agent-to-agent handoff in an orchestration stack permits one autonomous system to act on another’s behalf without re-authorisation, a pattern that maps closely to the risks discussed in OWASP NHI Top 10 and the OWASP Top 10 for Agentic Applications 2026.
- A security monitor flags unusual activity only after an agent has already used excessive delegated rights, which is why post-incident reviews often uncover trust assumptions that were never formally approved.
Why It Matters in NHI Security
Agent identity abuse matters because it turns NHI sprawl into an escalation engine. When non-human identities are over-privileged or poorly inventoried, attackers can chain trusted automations into a durable foothold. NHI Mgmt Group research in the Ultimate Guide to NHIs found that 97% of NHIs carry excessive privileges, which directly increases the blast radius when an agent is abused.
The governance challenge is not only revocation. It is designing for Zero Standing Privilege, short-lived access, and explicit trust between agents, which aligns with NIST AI Risk Management Framework principles and the identity controls emphasized in 52 NHI Breaches Analysis. In practice, the hardest failures emerge when token reuse, delegated authority, and weak approval boundaries overlap across CI/CD, cloud ops, and AI orchestration. Organisations typically encounter the consequence only after an agent has moved, exfiltrated, or modified data at machine speed, at which point agent identity abuse becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | ASI03 | Agent identity abuse is a core agentic-app threat involving delegated authority and trust chaining. |
| OWASP Non-Human Identity Top 10 | NHI-02 | Overbroad secrets and inherited access are directly addressed in NHI secret and privilege controls. |
| NIST Zero Trust (SP 800-207) | PR.AC | Zero Trust requires continuous verification instead of assuming trust across agent handoffs. |
Inventory agent secrets, rotate them, and remove any standing access that is not explicitly needed.
