Subscribe to the Non-Human & AI Identity Journal

Observed Access

Observed access is the set of systems and data an identity actually touches in production, based on telemetry rather than design assumptions. For AI agents, it is the foundation for policy because entitlement reviews alone rarely reveal the communication paths the agent uses at runtime.

Expanded Definition

Observed access is the runtime record of what an identity actually reaches: APIs, datasets, queues, secrets stores, control planes, and downstream services. In NHI and agentic AI environments, this matters because an agent’s effective blast radius is often wider than its documented role, and design-time entitlement maps miss tool chaining, delegated calls, and ephemeral paths. The concept aligns closely with the visibility and least-privilege principles in the OWASP Non-Human Identity Top 10 and the control intent in NIST SP 800-53 Rev 5 Security and Privacy Controls. Usage in the industry is still evolving, because some teams treat observed access as a logging exercise while others use it as the source of truth for policy refinement. At NHI Management Group, observed access is treated as evidence, not assumption, and it becomes especially important when AI agents inherit permissions through orchestration layers or service accounts. The most common misapplication is confusing assigned entitlements with actual runtime access, which occurs when reviews focus on static IAM records instead of production telemetry.

Examples and Use Cases

Implementing observed access rigorously often introduces telemetry and analysis overhead, requiring organisations to weigh better containment and auditability against data volume, instrumentation cost, and review effort.

  • An AI support agent is approved to query a ticketing system, but runtime traces show it also calling a customer identity API and a file store; the policy team narrows access after reviewing the evidence in the context of the Ultimate Guide to NHIs.
  • A service account is meant to write metrics only, yet observed access reveals read operations against production configuration endpoints, which triggers control correction aligned with OWASP Non-Human Identity Top 10.
  • An agent workflow uses temporary tokens to call multiple internal services; telemetry from distributed traces and API gateways exposes those paths even though the original entitlement review showed a narrow scope.
  • In post-incident review, investigators compare actual calls against the intended access model and use findings from the 52 NHI Breaches Analysis to identify where runtime access escaped governance.
  • A secrets broker allows a workload to retrieve only one credential, but production logs show the workload also touching other secret namespaces, prompting a tighter segmentation design.

Why It Matters in NHI Security

Observed access is critical because NHI compromise usually spreads through paths that were never intended in the original design. In practice, over-permissioned identities and weak visibility compound each other: NHI Management Group reports that only 5.7% of organisations have full visibility into their service accounts, while 97% of NHIs carry excessive privileges. That gap means security teams often do not learn what an identity can truly reach until after an incident exposes the missing telemetry. Observed access turns production behavior into a governance input for least privilege, separation of duties, and Zero Trust enforcement, especially when an agent’s tool usage changes dynamically over time. It also helps distinguish harmless chatter from high-risk access such as secret retrieval, administrative API calls, or lateral movement through shared infrastructure. The control logic is consistent with Ultimate Guide to NHIs — Key Challenges and Risks and the access governance expectations described in NIST SP 800-53 Rev 5 Security and Privacy Controls. Organisations typically encounter the true scope of access only after an outage, data exposure, or agent misfire, at which point observed access becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST Zero Trust (SP 800-207) and NIST SP 800-63 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-01 Observed access is part of runtime visibility and least-privilege verification for NHIs.
NIST CSF 2.0 PR.AC-4 Access permissions must be monitored and adjusted based on real use, not just assignment.
NIST Zero Trust (SP 800-207) SC Zero Trust relies on continuous verification of runtime access paths and resource use.
NIST SP 800-63 Digital identity assurance depends on knowing what the identity actually does in production.
OWASP Agentic AI Top 10 A-03 Agent tool use and delegated actions must be observed to prevent hidden capability expansion.

Instrument agent tool calls and tighten controls when observed access exceeds intended task scope.