Subscribe to the Non-Human & AI Identity Journal

Segment-of-One Access

A Zero Trust access pattern in which each session is scoped to one user, device, and resource relationship at a time. It is designed to remove lateral movement opportunities by preventing broad network reach after authentication. For non-human and autonomous contexts, it limits what a compromised identity can touch during execution.

Expanded Definition

Segment-of-One Access is a Zero Trust access pattern that treats each request as a uniquely bounded transaction, with the session scoped to one user, one device, and one resource relationship at a time. In NHI and agentic AI environments, that scope matters because a service account, API key, or autonomous agent often has more reach than the single action it needs to complete. The pattern reduces ambient trust by narrowing the blast radius of every authenticated interaction.

Definitions vary across vendors on how tightly the “segment” is enforced, but the core idea is consistent: access should be contextual, ephemeral, and purpose-built rather than network-wide or role-wide. This aligns with the Zero Trust direction described in the OWASP Non-Human Identity Top 10 and with least-privilege control intent in NIST SP 800-53 Rev 5 Security and Privacy Controls. The most common misapplication is treating Segment-of-One Access as a network segmentation exercise only, which occurs when teams restrict subnets but leave broad identity permissions and reusable credentials intact.

Examples and Use Cases

Implementing Segment-of-One Access rigorously often introduces policy complexity and more frequent authorization checks, requiring organisations to weigh tighter containment against operational overhead.

  • A build agent receives a short-lived token that can write only to one artifact repository, not the broader CI/CD environment.
  • An API key for a third-party integration is limited to a single tenant, a single endpoint family, and a narrow time window.
  • An autonomous AI agent is allowed to query one knowledge base and create one ticket type, but not browse adjacent systems or escalate permissions.
  • A production support workflow grants a privileged session only to one managed host and one remediation action, then expires immediately after use.

These patterns become easier to justify when paired with the visibility and lifecycle gaps documented in the Ultimate Guide to NHIs and the incident patterns in 52 NHI Breaches Analysis. They are especially relevant when organizations adopt short-lived credentials, JIT access, and tool-scoped agent permissions in place of standing access.

Why It Matters in NHI Security

Segment-of-One Access matters because non-human identities rarely fail in isolation. When a credential is over-scoped, compromise can jump from a single workflow into infrastructure, data stores, and downstream automation. That is why NHIMG research shows that 97% of NHIs carry excessive privileges, and why broad identity scope is so often the hidden reason a small leak turns into a systemic event. Segment-of-One Access directly counters that failure mode by making each session materially less reusable.

This control also supports governance: if a service account, token, or agent can only reach one thing at a time, monitoring, revocation, and incident response become much more precise. It is especially valuable in environments where secrets are embedded in code or used by autonomous tools that can act faster than human operators can intervene. The same risk logic appears in the Ultimate Guide to NHIs — Key Challenges and Risks and in Microsoft SAS Key Breach, where overbroad access magnified exposure.

Organisations typically encounter the need for Segment-of-One Access only after lateral movement, unauthorized data reach, or agent-driven damage has already occurred, at which point the pattern becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST Zero Trust (SP 800-207), NIST CSF 2.0 and NIST SP 800-63 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-04 Scopes NHI permissions narrowly to reduce lateral movement and overbroad access.
NIST Zero Trust (SP 800-207) RA-3 Zero Trust requires continuous, contextual authorization instead of broad implicit trust.
NIST CSF 2.0 PR.AC-4 Least-privilege access management aligns with narrowly segmented session authorization.
NIST SP 800-63 IAL/AAL Assurance and binding of identity to device and context support segmented access decisions.
OWASP Agentic AI Top 10 A2 Agentic systems need constrained tool and action scope to prevent unsafe autonomous reach.

Enforce per-session, per-resource limits so each NHI can reach only the exact target needed.