A set of autonomous software entities that perform business or technical work with delegated authority. In identity terms, these agents behave like non-human identities because they authenticate, access tools, and execute actions across systems. Governance must cover ownership, scope, monitoring, and retirement.
Expanded Definition
An AI Workforce is a managed population of autonomous software agents assigned business or technical tasks with delegated authority. In NHI security, each agent should be treated as a distinct non-human identity with scoped authentication, observable actions, and a defined lifecycle. That makes the term broader than a chatbot and narrower than general automation: an AI Workforce can initiate tool calls, retrieve data, and trigger workflows, which creates identity, access, and governance obligations. Definitions vary across vendors, especially when products blur the line between workflow automation, copilots, and fully agentic systems. NIST’s NIST Cybersecurity Framework 2.0 remains useful here because its governance and protection functions map cleanly to ownership, risk review, and access control for machine actors. The practical distinction is whether the software merely suggests action or is allowed to execute it without human intervention. The most common misapplication is calling any AI-enabled feature an AI Workforce, which occurs when teams grant persistent credentials to systems that only needed transient, read-only access.
Examples and Use Cases
Implementing an AI Workforce rigorously often introduces operational overhead, requiring organisations to weigh faster execution against tighter identity controls, approval paths, and auditability.
- A customer support agent that opens tickets, updates CRM records, and drafts responses under a named NHI with role-based access and logging.
- A software engineering agent that reviews pull requests, runs tests, and proposes code changes but cannot merge without just-in-time approval.
- An incident response agent that queries telemetry, isolates endpoints, and rotates secrets after escalation, using scoped privileges and monitored sessions.
- A finance operations agent that reconciles invoices, detects anomalies, and routes exceptions, with separation between read access and payment execution.
These use cases become safer when the organisation applies zero standing privilege and short-lived credentials, not standing service-account access. The same design logic appears in NHI attack research: the LLMjacking research showed how exposed credentials can be abused quickly, while the DeepSeek breach illustrated how AI ecosystems can accumulate sensitive data and secrets at scale. For implementation, the identity model should stay aligned to the task, not the model, and governance should follow the agent wherever it can execute.
Why It Matters in NHI Security
An AI Workforce matters because every autonomous action expands the blast radius of a compromised identity. If one agent is overprivileged, poorly monitored, or never retired, the organisation inherits the same risks associated with dormant service accounts, except with faster execution and broader system reach. That is especially relevant when secrets are fragmented across environments; GitGuardian & CyberArk reported that organisations maintain an average of 6 distinct secrets manager instances, which weakens central control and complicates revocation. When agent credentials are exposed, attackers do not need to “hack the AI” in the abstract, they can simply use the identity behind it. This is why AI Workforce governance must cover ownership, approval scope, session monitoring, secret rotation, and retirement triggers. NHI teams should also remember that AI systems can reproduce insecure patterns from code and prompts, which makes access design and secret hygiene inseparable. Practitioners typically encounter the AI Workforce problem only after an agent overreaches, leaks data, or is hijacked, at which point identity governance becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers secret handling and access control for non-human identities. |
| OWASP Agentic AI Top 10 | Addresses autonomous agent risks, tool use, and unsafe execution paths. | |
| NIST CSF 2.0 | PR.AA | Identity, authentication, and authorization govern machine actors as well as people. |
Map agent identities to access policies and verify permissions continuously across the workflow.
