Subscribe to the Non-Human & AI Identity Journal

How should security teams prove what identities are actually doing inside applications?

They should combine identity governance records with application-layer telemetry, then validate live actions against policy instead of relying on certification alone. The key is to observe actual execution, not just stated entitlement, so the team can confirm who acted, what they did, and whether the behavior matched current intent.

Why This Matters for Security Teams

Proving what identities are actually doing inside applications is different from proving who was granted access. Certification data, role assignments, and periodic reviews show intended access, but they do not prove live behaviour. The operational risk is that service accounts, API keys, OAuth grants, and agent identities can act in ways no reviewer anticipated, especially after deployment drift, token theft, or privilege accumulation.

Current guidance suggests pairing identity governance with application-layer telemetry so evidence can be tied to real execution. That means correlating identity records with request logs, action trails, and policy decisions, then confirming whether those actions matched current intent. NIST’s NIST SP 800-53 Rev 5 Security and Privacy Controls supports this kind of auditability, while NHIMG research on The Ultimate Guide to NHIs shows why visibility gaps are so common in practice. In that research, only 5.7% of organisations have full visibility into their service accounts.

In practice, many security teams discover misuse only after a token has already been used for lateral action, rather than through intentional monitoring of identity behaviour.

How It Works in Practice

The most reliable approach is to build an evidence chain from identity to action. Start with the identity record: the service account, workload identity, API key, OAuth client, or agent credential that was authorised to act. Then capture application telemetry that records the authenticated principal, the request context, the operation performed, and the downstream effects. Finally, compare that observed activity to the policy that was in force at the time.

This is stronger than certification alone because certification proves approval at a point in time, not ongoing behaviour. When teams need higher assurance, they should combine telemetry with cryptographic workload identity and short-lived credentials. Standards such as SPIFFE and SPIRE are useful here because they help bind an application or workload to a verifiable identity at runtime, while real-time policy evaluation through policy-as-code can decide whether the action is still allowed. That aligns with the direction implied by The State of Non-Human Identity Security, especially where inadequate monitoring and logging are already a known attack cause.

  • Correlate IAM, PAM, and IdP records with application logs using a shared identity key.
  • Record who or what initiated the action, what resource was touched, and whether elevation occurred.
  • Use short TTLs and revoke credentials on completion so old permissions do not keep producing valid actions.
  • Evaluate each sensitive request against current policy, not just a preapproved entitlement list.
  • Preserve immutable logs so investigators can reconstruct the sequence of actions without relying on memory or screenshots.

For agentic or automated workloads, this becomes even more important because a single identity may chain tools, branch into new tasks, and generate side effects that were never part of the original approval. Current best practice is evolving toward runtime evidence and context-aware authorization, not static certification. These controls tend to break down in highly distributed microservice environments when logs are inconsistent across services and no shared principal identifier exists.

Common Variations and Edge Cases

Tighter action-level logging often increases storage, correlation, and review overhead, so organisations must balance evidence quality against operational cost. That tradeoff is especially visible in high-volume API platforms, event-driven systems, and AI agent pipelines where every request can fan out into many sub-actions.

There is no universal standard for this yet, but the safest pattern is to treat different identity types differently. Human access reviews are still useful, while machine identities need runtime proof of use. For agentic systems, NGHIMG guidance should be read alongside emerging work such as JetBrains GitHub plugin token exposure and Hard-Coded Secrets in VSCode Extensions, both of which show how hidden execution paths can expose or misuse credentials outside traditional review workflows.

One common edge case is third-party OAuth delegation, where the app acts legitimately on behalf of a user but the organisation cannot easily distinguish approved automation from excessive access. Another is ephemeral container workloads, where identities exist only for minutes and logs must be preserved centrally before the workload disappears. Best practice is evolving, but the core principle remains the same: if the team cannot tie observed execution back to a live identity and a current policy decision, it does not have proof.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-06 Requires visibility into NHI usage and activity, not just issued credentials.
OWASP Agentic AI Top 10 A-04 Agentic systems need runtime proof of tool use and side effects.
CSA MAESTRO GOV-03 Governance depends on evidence of actual agent behaviour and accountability.
NIST AI RMF AI risk management requires traceability and measurable oversight of model actions.
NIST CSF 2.0 DE.CM-8 Continuous monitoring supports proof of identity activity inside applications.

Log each agent action with policy context and verify it before allowing downstream execution.