Subscribe to the Non-Human & AI Identity Journal

Agent-Led Session

An agent-led session is a customer interaction that is initiated or carried materially forward by AI rather than by direct human browsing. These sessions often appear unusually efficient, with fewer clicks, thinner device identity and more direct paths to product pages or checkout.

Expanded Definition

An agent-led session is not just an efficient user journey. It is a web or app interaction where an AI agent materially drives the path to discovery, comparison, or checkout, often by using tools, saved context, or delegated actions rather than continuous human input. In practice, that means the session can look unusually short, high-intent, and low-friction, with fewer clicks, less device entropy, and a faster transition from landing page to transaction. That distinction matters because many analytics and fraud models still assume a human browser pattern.

Definitions vary across vendors because some teams classify these as assisted sessions, while others treat them as a distinct agentic commerce pattern. The closest governance lens comes from the NIST AI Risk Management Framework and the OWASP Agentic AI Top 10, both of which stress control, accountability, and misuse prevention when an AI system can act with operational authority. The most common misapplication is treating every fast session as bot traffic, which occurs when teams ignore delegated user intent and tool-enabled automation.

Examples and Use Cases

Implementing agent-aware session handling rigorously often introduces attribution ambiguity, requiring organisations to weigh conversion speed against stronger identity signals and auditability.

  • An AI shopping assistant compares products, follows links, and reaches checkout with only one or two human prompts, creating a session that looks automated but is still user-authorised.
  • A support agent in a browser extension opens a knowledge base article, pulls account data, and drafts a service request on behalf of the user, producing a sparse but legitimate interaction trail.
  • A procurement workflow uses an AI agent to search approved vendors, assemble a cart, and hand off for final approval, blending autonomy with human sign-off.
  • Security teams reviewing anomalous traffic compare these sessions against patterns discussed in NHIMG research such as OWASP NHI Top 10 and the external OWASP Top 10 for Agentic Applications 2026, especially where tool use and delegated actions intersect.
  • Incident responders investigate whether a high-conversion journey was initiated by a human and carried forward by an agent, or whether a compromised agent credential drove the entire path.

NHIMG’s Ultimate Guide to NHIs — 2025 Outlook and Predictions notes that NHIs outnumber human identities by 25x to 50x in modern enterprises, which helps explain why agent-led journeys are becoming more visible across customer and employee workflows.

Why It Matters for Security Teams

Agent-led sessions blur the boundary between user intent, machine execution, and identity assurance. That matters because security controls designed for human browsing can miss delegated automation, over-trust low-friction journeys, or misclassify them as fraud. The result is often weak telemetry, unclear accountability, and blind spots in step-up authentication, rate limiting, and transaction approval. The NIST SP 800-53 Rev 5 Security and Privacy Controls becomes relevant when teams need stronger logging, access enforcement, and integrity checks around these flows.

For organisations building agentic commerce or support automation, the key question is not whether the session is human-like, but whether the delegated authority is bounded, traceable, and revocable. That is why CoPhish OAuth Token Theft via Copilot Studio is such a useful warning case: once an agent can act through a token, the session can continue long after a person has stopped paying attention. Organisations typically encounter the operational cost of this term only after anomalous conversions, disputed actions, or compromised agent tokens surface in production, at which point agent-led session analysis becomes unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF, NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Agentic AI Top 10 Defines agentic app risks where delegated actions shape session behavior.
NIST AI RMF Sets governance expectations for AI systems that materially drive actions.
NIST CSF 2.0 PR.AA-01 Supports identity and access assurance for machine-assisted interactions.
NIST SP 800-53 Rev 5 AU-2 Requires auditable records for actions that may be initiated by agents.
OWASP Non-Human Identity Top 10 Addresses non-human identities that often power agent-led sessions.

Classify agent-led flows as agentic actions and gate tool use with explicit authorization.