An Intent Mandate is a cryptographically signed authorization that lets an agent make purchases within defined limits when the user is absent. It records the identity being represented, the spending boundary, and the permitted merchant context, making consent provable and later reviewable.
Expanded Definition
An Intent Mandate is a time-bound, cryptographically signed delegation that authorises an AI agent to act on a person’s behalf within explicit spending, merchant, and purpose limits. It sits between user consent and transaction execution, making the delegation verifiable, auditable, and revocable after the fact.
In NHI and agentic AI governance, the mandate matters because the agent is not simply “trusted” in a broad sense. It is operating under a constrained identity posture that should be inspectable alongside other controls such as policy enforcement, key custody, and approval workflows. Industry usage is still evolving, and no single standard governs this yet, so implementations vary in how they encode scope, expiration, and merchant restrictions. NIST’s Cybersecurity Framework 2.0 is useful here as a governance reference point for access control and traceability, even though it does not name this pattern directly.
The most common misapplication is treating an Intent Mandate like a static payment token, which occurs when teams omit merchant context, expiry, or spending ceilings.
Examples and Use Cases
Implementing Intent Mandates rigorously often introduces user-experience and policy-design friction, requiring organisations to weigh delegation convenience against tighter controls and more reviewable approvals.
- An executive authorises an AI assistant to buy airfare only from approved travel merchants, with a hard cap and a 24-hour expiry.
- A procurement agent is allowed to reorder office supplies from a vetted supplier list, but only within a monthly budget threshold.
- A household assistant bot is permitted to renew a subscription service, while blocking upgrades, add-ons, and one-click checkout changes.
- A finance workflow agent receives a mandate to initiate low-value vendor purchases, but any exception triggers human approval before execution.
- Security teams use mandate logs to reconstruct whether a purchase aligned with the represented identity, approved intent, and merchant scope.
This pattern is closely related to broader NHI lifecycle issues described in the Ultimate Guide to NHIs, especially where delegated authority can outlive its intended use. For protocol-level thinking about constrained delegation and verifiable authorisation, teams also look to standards work such as the JSON Web Signature (JWS) specification, which underpins signed assertions in many systems.
Why It Matters in NHI Security
Intent Mandates reduce the risk that an autonomous agent can over-spend, shop outside approved contexts, or continue acting after the user’s intent has changed. That matters because NHI exposure is already widespread: NHI Mgmt Group reports that 97% of NHIs carry excessive privileges, and 80% of identity breaches involved compromised non-human identities such as service accounts and API keys. In practice, an Intent Mandate adds a narrow, reviewable boundary around agent action so that consent can be proven rather than inferred.
Without mandate controls, organisations tend to discover the failure only after an unexpected charge, a policy violation, or a dispute over whether the agent was actually authorised. At that point, the evidence trail, expiry logic, merchant constraints, and signing keys become operationally unavoidable to address.
Security teams often pair this concept with NIST Cybersecurity Framework 2.0 for governance and with identity-centric guidance from the Ultimate Guide to NHIs when defining revocation, logging, and blast-radius limits.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agentic AI guidance addresses delegated actions, tool use, and approval boundaries. | |
| NIST CSF 2.0 | PR.AA-01 | Identity and authentication controls support verifiable delegated authorization. |
| NIST Zero Trust (SP 800-207) | Zero trust principles require continuous verification of delegated agent actions. |
Constrain agent purchase actions to signed mandates, scope checks, and revocation-ready approvals.
Related resources from NHI Mgmt Group
- What is the difference between logging actions and logging intent for AI agents?
- What is the difference between role-based access and intent-based access for agents?
- What is the difference between RBAC and intent-aware access for autonomous workflows?
- What is the difference between access control and intent governance for AI agents?