Subscribe to the Non-Human & AI Identity Journal

Proxy Action

Proxy action is work performed by one actor on behalf of another, where the visible identity in logs is not the entity making the decision or executing the task. In shadow AI scenarios, the user appears in the record while the AI tool performs the actual operation through borrowed access.

Expanded Definition

Proxy action is a control and observability problem, not just a logging issue. It occurs when one identity is credited with an action while a different actor made the decision or executed the work. In NHI and agentic AI environments, that usually means a human session, service account, or delegated token is used to mask AI-driven execution, which complicates attribution, audit, and incident response. The distinction matters because authority, intent, and execution can separate across multiple identities, especially where borrowing access is normalised. NHI Management Group treats this as a governance boundary issue that must be evaluated alongside NIST Cybersecurity Framework 2.0 functions for logging, access control, and recovery. Industry usage is still evolving, and some vendors use proxy action loosely to describe any delegated operation, but in security practice the critical question is whose authority was exercised and whose trace appears in evidence. The most common misapplication is assuming the named user in the log is the true operator, which occurs when AI tools or automation run through borrowed credentials without separate execution tracing.

Examples and Use Cases

Implementing proxy-action detection rigorously often introduces traceability overhead, requiring organisations to weigh clean accountability against added instrumentation, tighter delegation rules, and more complex workflows.

  • A sales rep approves an AI-generated contract change, but an autonomous agent submits the final request through the rep’s session token.
  • A service account executes cloud configuration changes after a human operator triggers an assistant, leaving the human as the visible actor in the audit trail.
  • A support chatbot resets access using a delegated API key, while the user-facing ticket records only the agent name, not the automation path.
  • A CI/CD pipeline performs environment updates under a release engineer’s access, even though policy decisions came from a separate AI workflow.
  • An incident responder launches containment steps through an orchestration tool that inherits temporary credentials from a privileged session.

These patterns are easier to spot when organisations compare identity logs with execution telemetry and delegation records. NHI Management Group’s Ultimate Guide to NHIs is a useful reference for understanding why borrowed access, visibility gaps, and weak offboarding create persistent attribution blind spots.

Why It Matters in NHI Security

Proxy action becomes dangerous when organisations cannot tell whether a request was authorised, automated, or simply impersonated by borrowed access. That uncertainty weakens investigation quality, disrupts segregation of duties, and makes revocation decisions less reliable. It also increases the chance that a compromised token, service account, or AI agent can continue operating under a trusted human label. This risk is especially acute in environments where NHIs already carry excessive privilege; NHI Management Group reports that 97% of NHIs carry excessive privileges, which broadens the blast radius when proxy paths are abused. Practitioners should align this term with stronger verification, explicit delegation boundaries, and evidence-rich logging so that the visible identity is not mistaken for the true actor. Organisations typically encounter the consequences only after a suspicious change, fraud event, or lateral movement investigation, at which point proxy action becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-02 Proxy action often hides unsafe secret and token handling behind a trusted identity.
NIST CSF 2.0 PR.AC-3 This term exposes the need to control and verify access pathways and delegation.
OWASP Agentic AI Top 10 Agentic workflows can perform actions through human-visible sessions and tokens.

Instrument agents so decision source, execution authority, and audit identity remain distinct.