The retention of a deleted software artifact in backend storage or metadata systems after the user interface says it is gone. In identity terms, it matters because embedded secrets can remain recoverable and replayable even when the package appears removed from circulation.
Expanded Definition
Ghost persistence describes a lifecycle failure where an apparently deleted artifact still exists in backend stores, object versioning, package registries, metadata indexes, or backup layers. In NHI environments, the risk is not just residue, but recoverable material that can be reactivated, replayed, or extracted after the UI shows removal. The concept overlaps with deletion hygiene, retention policy, and offboarding, but it is narrower than general data retention because it focuses on operationally reachable remnants that preserve identity or access value.
Definitions vary across vendors because some teams use the term for any hidden copy, while others reserve it for artifacts that remain executable or credential-bearing. For governance purposes, it is best treated as a post-deletion integrity issue: the system claims an object is gone, yet one or more authoritative backends still preserve its useful state. That distinction matters in service accounts, API keys, agent configs, and signed packages, where deletion from a dashboard does not guarantee destruction of the underlying secret or reference. NIST guidance on access and audit controls such as NIST SP 800-53 Rev 5 Security and Privacy Controls is relevant because deletion assurance depends on traceable control execution, not interface state alone.
The most common misapplication is assuming a delete action in one console erased all copies, which occurs when backend replicas, caches, or retained versions are not reconciled.
Examples and Use Cases
Implementing deletion rigorously often introduces operational overhead, requiring organisations to weigh quick offboarding against the cost of verifying every dependent store and recovery path.
- A CI/CD secret is removed from the app UI, but an older package version in artifact storage still contains the same token and can be replayed.
- A service account is marked inactive, yet a metadata service retains its key reference, allowing an internal tool to restore access later.
- An AI agent configuration is deleted, but a backup snapshot preserves embedded credentials that remain valid after restoration.
- A compromised API key is rotated, but logs, caches, or config history still expose the retired value to anyone with read access.
- A deleted integration package still appears in a registry index, enabling accidental redeployment of the retired identity material.
These cases are especially relevant when deletion controls are fragmented across systems. The Salt Typhoon US telecoms breach shows how stolen credentials can remain valuable long after the original compromise path is believed closed, and the same logic applies when remnants survive a supposed delete. In broader identity governance, guidance from NIST SP 800-53 Rev 5 Security and Privacy Controls helps teams tie deletion to logging, retention, and verification instead of relying on a front-end confirmation.
Why It Matters in NHI Security
Ghost persistence is dangerous because it creates a false sense of remediation. Teams may believe an exposed secret, token, or package has been removed, while a surviving copy in backup, replication, or indexing layers keeps the attack surface alive. That gap is especially damaging for NHI because service credentials are machine-consumable, often automated, and frequently embedded in workflows that no human notices until misuse appears elsewhere.
NHI Mgmt Group data shows that 91.6% of secrets remain valid five days after the targeted organisation is notified, which underscores how weak remediation and deletion verification can prolong exposure. This is exactly where ghost persistence becomes a governance problem: it turns an incident response task into a lifecycle assurance issue spanning inventory, offboarding, rotation, and recovery testing. The underlying control objective is to prove that removal is complete across all authoritative stores, not just the user interface.
Practitioners also need to account for third-party exposure, because cached or synchronized copies outside the primary system can silently preserve access paths. A retained secret in one environment can enable lateral movement, unauthorized re-registration, or agent reuse long after the original object appears erased. Organisations typically encounter the full impact only after a supposedly deleted credential is used in a later intrusion, at which point ghost persistence becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers improper secret handling and deletion gaps that leave recoverable NHI material behind. |
| NIST CSF 2.0 | PR.AA-1 | Identity and access assurance requires knowing when credentials truly no longer exist or work. |
| NIST SP 800-63 | Digital identity assurance depends on reliable lifecycle state transitions for authenticators and credentials. | |
| NIST Zero Trust (SP 800-207) | AC-4 | Zero Trust relies on continuously enforced access decisions, which fail when dead identities persist. |
| OWASP Agentic AI Top 10 | A1 | Agentic systems are exposed when retired tool credentials remain recoverable in storage. |
Verify that deleted NHI assets are purged from all backend stores, replicas, and recovery paths.