Subscribe to the Non-Human & AI Identity Journal

Capability Disclosure

Capability disclosure happens when a service reveals what it can do, often through banners, metadata, or unauthenticated discovery calls. In identity security, disclosure matters because it gives attackers a map of the control plane before any command is executed.

Expanded Definition

Capability disclosure is the exposure of what a service can do before an authenticated workflow begins. In NHI environments, that exposure often appears in startup banners, OpenAPI or GraphQL metadata, discovery endpoints, agent tool manifests, or unauthenticated status calls. The security concern is not the message itself, but the fact that it reveals control-plane shape, available actions, and sometimes the naming of internal resources that can be targeted next.

Definitions vary across vendors when capability disclosure is discussed alongside service enumeration or information leakage. NHI Management Group treats it as a distinct risk because the disclosed surface often maps directly to privileged automation paths rather than user-facing features. That distinction matters in agentic systems, where an NIST Cybersecurity Framework 2.0 mindset would treat exposed capabilities as inputs to attack path discovery, not harmless documentation.

The most common misapplication is assuming unauthenticated discovery is safe simply because no secret value is returned, which occurs when teams expose capability metadata without considering how it helps attackers plan the next request.

Examples and Use Cases

Implementing capability disclosure controls rigorously often introduces friction for debugging and integration, requiring organisations to weigh operator convenience against reduced reconnaissance value.

  • A service returns an unauthenticated schema document that lists admin-only actions, allowing an attacker to target privileged endpoints even without valid credentials.
  • An AI agent exposes its tool catalog through a public discovery route, making it easier to infer which internal systems the agent can reach and what commands it can issue.
  • An API gateway reveals version strings, environment names, and backend product identifiers, which can be used to tailor phishing, exploit selection, or lateral movement.
  • A machine identity publishes health and metadata endpoints that include tenant context, revealing where high-value workloads sit in the control plane.
  • Operational teams rely on public banners for support, then later discover those banners helped attackers map service accounts and API paths before the first authenticated probe.

NHI Management Group’s Ultimate Guide to NHIs shows that only 5.7% of organisations have full visibility into their service accounts, which makes any additional disclosure even more valuable to an attacker. That is why capability exposure should be reviewed alongside identity inventory and not treated as a purely documentation concern.

For standards-oriented teams, the discovery pattern should be tested against the control expectations in NIST Cybersecurity Framework 2.0, especially where exposed interface details can be used to infer trust boundaries.

Why It Matters in NHI Security

Capability disclosure shortens the attacker’s research phase. Once an adversary knows which agents, APIs, or control functions exist, they can focus on the most promising credential targets, privilege escalation paths, or automation triggers. In NHI security, that is especially dangerous because service identities often have broad reach and few human-visible guardrails.

The risk is amplified by the broader NHI reality documented by NHI Management Group: 97% of NHIs carry excessive privileges, and 80% of identity breaches involved compromised non-human identities such as service accounts and API keys. In that environment, even modest disclosure can help an attacker choose the right identity to impersonate or the right endpoint to probe first.

Capability disclosure also complicates governance because teams sometimes hide full documentation behind authentication while leaving enough metadata public to reconstruct the system. That creates a false sense of restraint. The right question is not whether a banner contains secrets, but whether it reveals enough structure to accelerate exploitation. Organisations typically encounter the operational cost only after an incident review shows that public metadata helped attackers move from curiosity to compromise, at which point capability disclosure becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-03 Covers exposure of NHI metadata and information that aids reconnaissance.
NIST CSF 2.0 PR.PT-1 Addresses secure system configuration and limiting exposed technical details.
NIST Zero Trust (SP 800-207) Zero Trust reduces trust in exposed services and treats discovery as untrusted by default.
OWASP Agentic AI Top 10 Agent tool surfaces can disclose capabilities before any policy enforcement occurs.
CSA MAESTRO Agentic control planes must suppress unnecessary tool and action exposure.

Minimise public capability metadata and restrict discovery responses to necessary, authenticated contexts.