Subscribe to the Non-Human & AI Identity Journal

Dynamic Claims

Dynamic claims are token attributes calculated at issuance time from current identity, session, or policy inputs. They are more accurate than static mappings for sensitive access, but they still depend on the quality of the source policy and the reliability of the evaluation point.

Expanded Definition

Dynamic claims are computed at token issuance from current identity, session, device, workload, or policy signals rather than copied from a static directory record. That makes them especially useful when access decisions must reflect live conditions, such as risk score, workload posture, or approved scope. In NHI environments, dynamic claims often sit between the identity provider, the policy engine, and the resource server, and they influence what an AI agent or service account can do at that moment.

Unlike permanent attributes, dynamic claims may change from one token to the next, so their security value depends on both the freshness of the input signals and the trustworthiness of the evaluation point. Definitions vary across vendors, and no single standard governs every claim format or issuance rule yet, so practitioners should treat them as policy-derived assertions, not proof of identity by themselves. For a broader governance lens, the NIST Cybersecurity Framework 2.0 reinforces the need to control how access decisions are made and updated.

The most common misapplication is treating dynamic claims as inherently authoritative, which occurs when downstream systems accept them without validating the policy source or token issuance context.

Examples and Use Cases

Implementing dynamic claims rigorously often introduces latency and policy-engine complexity, requiring organisations to weigh tighter, context-aware access against slower token issuance and more failure points.

  • An AI agent receives a token with a claim that limits it to a single approved tool because its current task only requires read access to one internal API.
  • A workload identity is issued a claim that permits production access only if the runtime posture check shows the container image is signed and unmodified.
  • A service account gets time-bound claims during a privileged session, then loses those claims automatically when the session risk score changes.
  • Security teams correlate claim issuance patterns with the attack behavior described in the LLMjacking: How Attackers Hijack AI Using Compromised NHIs research when investigating compromised NHIs.
  • Governance teams compare claim logic against NIST Cybersecurity Framework 2.0 objectives to ensure access changes remain traceable and policy driven.

Used well, dynamic claims reduce the need for broad standing access and help align tokens with current operational context. Used poorly, they can create a false sense of precision if the issuer relies on stale inventory, weak device checks, or unreviewed policy exceptions.

Why It Matters in NHI Security

Dynamic claims matter because NHI security fails quickly when tokens carry the wrong privileges for the current moment. A service account or agent that can inherit elevated access from outdated policy data can move laterally, overreach its task scope, or continue operating after the intended risk threshold has changed. That risk is amplified in environments where secrets and credentials are already under pressure: NHIMG research on The State of Secrets in AppSec reports that organisations devote an average of 32.4% of security budgets to secrets management and code security, a signal that credential governance remains a major operational burden. Dynamic claims help reduce reliance on static entitlements, but only if their inputs are accurate, their policy is reviewed, and their issuance point is trusted.

They are also relevant to incident response because token content often becomes part of the evidence trail. If a compromised NHI was granted overbroad claims during an active session, the organisation must reconstruct how those claims were generated, why they persisted, and whether downstream systems trusted them too broadly. The most useful controls are therefore not just about token design, but about auditability, policy hygiene, and rapid revocation.

Organisations typically encounter dynamic-claim failures only after a privilege misuse, at which point token replay, over-permissioning, and session drift become operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST Zero Trust (SP 800-207) and NIST SP 800-63 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-07 Dynamic claims affect token content, scope, and trust in NHI authorization decisions.
NIST CSF 2.0 PR.AC-4 Access permissions should be managed dynamically and aligned to least privilege.
NIST Zero Trust (SP 800-207) JIT access decisioning Zero trust relies on continuously evaluated context rather than static trust.
NIST SP 800-63 AAL2 Assurance level concepts inform how much trust dynamic assertions should carry.
OWASP Agentic AI Top 10 A1 Agentic systems must constrain tool access and authorization based on live context.

Issue claims from validated policy inputs and recheck them against current NHI context before granting access.