Code review checks whether the application works and whether the logic is acceptable. Access review checks whether the workload has the minimum permissions, secret handling, and identity lifecycle needed to operate safely. In vibe coding environments, both are necessary, because functional code can still carry dangerous privilege.
Why This Matters for Security Teams
Code review and access review answer different questions, and confusing them leaves a blind spot. Code review asks whether the software logic is sound, whether prompts or workflows behave as intended, and whether the change introduces defects. Access review asks whether the workload has only the permissions, secrets, and identity lifecycle it needs to operate safely. For AI-generated software, both matter because generated code can be functionally correct while still carrying dangerous standing privilege.
This is especially important in agentic systems, where the runtime may act autonomously, call tools, and chain actions beyond the original developer’s intent. Current guidance from the OWASP Non-Human Identity Top 10 and NHIMG’s Ultimate Guide to NHIs — What are Non-Human Identities treats non-human workloads as identities that must be governed, not just code artifacts that must compile. In practice, many security teams encounter over-permissioned AI workloads only after a secret has been reused, a token has been exposed, or a model-driven workflow has already touched systems it should never reach.
How It Works in Practice
A practical code review focuses on the application layer: prompt injection exposure, unsafe tool calls, hard-coded paths, insecure deserialization, weak validation, and whether the generated logic matches the business requirement. It is a quality and safety gate for the software itself. An access review focuses on the identity layer: what the workload can read, write, invoke, assume, or mint at runtime, and whether those privileges remain aligned with the task.
For AI-generated software, the second question is often more important than teams expect. A system can pass code review and still be unsafe if it ships with long-lived API keys, broad cloud roles, over-privileged service accounts, or secrets copied into configuration. NHIMG research on the NHI Lifecycle Management Guide and the Ultimate Guide to NHIs — Key Challenges and Risks shows why identity lifecycle and secret handling must be reviewed continuously, not only at deployment. The OWASP Non-Human Identity Top 10 also reinforces least privilege, credential hygiene, and runtime governance as first-class controls.
- Use code review to validate logic, safety checks, and tool invocation boundaries.
- Use access review to confirm RBAC scope, token TTLs, secret rotation, and revocation paths.
- Prefer JIT credentials and workload identity for agents that perform narrow, time-bound tasks.
- Verify that secrets are ephemeral and that the workload cannot self-extend its own access.
These controls tend to break down when generated code is merged quickly into cloud-native pipelines because standing credentials and inherited roles outlast the review that approved the code.
Common Variations and Edge Cases
Tighter access control often increases delivery overhead, requiring organisations to balance developer speed against runtime containment. That tradeoff is real, especially when the workload is a conversational assistant, a code-writing agent, or a multi-step automation chain that changes behavior from one request to the next.
There is no universal standard for this yet, but current guidance suggests that agentic and LLM-driven systems should be reviewed against runtime intent, not only static role definitions. In other words, code review may approve a feature, while access review must still ask whether the agent should have that permission at all. This is where intent-based authorisation, short-lived secrets, and workload identity become essential. NHIMG’s 52 NHI Breaches Analysis shows how often failure starts with identity misuse rather than source-code defects, and that pattern is echoed by vendor research on secret exposure and rapid attacker response. For broader governance, the DeepSeek breach is a useful reminder that leaked secrets and exposed data can coexist with apparently functional systems.
The clearest rule is simple: if a reviewer is asking whether the feature works, that is code review; if the reviewer is asking whether the workload should be trusted with access, that is access review. In agentic environments, both reviews must happen, and neither replaces the other.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Addresses over-privileged non-human identities and secret handling in AI workloads. |
| OWASP Agentic AI Top 10 | A1 | Agentic systems need runtime controls beyond static code quality checks. |
| NIST AI RMF | AI RMF supports governance of autonomous behavior, accountability, and risk control. |
Review each AI workload for least privilege, short-lived secrets, and revocation before release.
Related resources from NHI Mgmt Group
- What is the difference between code scanning and runtime identity monitoring?
- What is the difference between JIT access and Zero Trust for NHIs?
- What is the difference between scanning AI-generated code and governing AI agent identity?
- What is the difference between access review and continuous monitoring for AI integrations?
