TL;DR: AI agents and machine identities are increasingly operating outside traditional identity controls, while 1Password says its platform is built to discover, secure, and continuously audit those accesses, as its recognition on CRN’s 2026 AI 100 list lands in a market where identity programmes now have to account for credentials, autonomy, and visibility across human and non-human actors.
At a glance
What this is: 1Password’s AI 100 recognition highlights the widening governance gap as AI agents and machine identities begin operating beyond traditional identity controls.
Why it matters: IAM teams need to treat AI agents, machine identities, and human access as one governance surface because visibility, authorisation, and continuous audit now have to work across all three.
👉 Read 1Password’s AI 100 recognition coverage and AI identity governance framing
Context
AI agent identity risk is becoming an operational IAM issue, not a future-planning exercise. Once agents can act with increasing autonomy, identity teams have to govern credentials, access paths, and auditability across human users, machine identities, and software entities that may not fit legacy review cycles.
1Password’s announcement sits in that shift. The real question for practitioners is not whether an AI security category exists, but whether current identity controls can still prove who or what has access, when that access was used, and whether the programme can continuously account for non-human actions.
For background on the identity side of that problem, see the Ultimate Guide to NHIs and the Top 10 NHI Issues, both of which map the governance, lifecycle, and visibility failures that become harder to ignore as AI adoption moves from experimentation to production.
Key questions
Q: How should security teams govern AI agents alongside human and machine identities?
A: Security teams should govern AI agents in the same identity programme as humans and workloads, but with different runtime controls. Human access reviews are not enough when software entities can act continuously. Teams need ownership, scope limits, continuous authorisation, and audit trails that make agent actions attributable without relying on manual review alone.
Q: Why do AI agents create new identity governance problems for IAM teams?
A: AI agents create new governance problems because they can act faster than review cycles, use tools dynamically, and blur the line between authentication and action. That breaks assumptions behind static entitlements and periodic certification. IAM teams need policies that can explain access at runtime, not just at provisioning time.
Q: What breaks when credentials are reused across AI tools and machine workflows?
A: What breaks is accountability, not just security hygiene. When the same credential can reach multiple systems, teams lose clear evidence of which actor used it, for what purpose, and under which control boundary. That expands blast radius and makes incident containment slower because the trust chain is harder to reconstruct.
Q: How do security teams decide whether AI identity controls are actually working?
A: They should look for evidence that access can be traced, bounded, and revoked across actor types without relying on ad hoc manual intervention. If a team cannot show who or what used the credential, when it was used, and whether the access was still justified at the time, the control is not working as intended.
Technical breakdown
Why AI agents break traditional access governance
Traditional access governance assumes identities are provisioned to known subjects, reviewed on a schedule, and constrained by roles that remain stable long enough to certify. AI agents disrupt that model when they can create, combine, or use credentials across multiple services while operating faster than human review cycles. In practice, the control issue is not just privilege level. It is whether the identity layer can preserve provenance, bounded scope, and continuous accountability when the actor is a software entity rather than a person.
Practical implication: identity teams need to separate stable human governance from runtime access controls for non-human actors.
Continuous authorisation across human and non-human identities
Continuous authorisation means access is not treated as a one-time grant. It is re-validated as context changes, which is especially relevant when AI tools, service accounts, and machine identities can move across systems without a human user in the loop. This creates a different operational requirement from MFA or periodic access reviews. The system has to know whether the identity still deserves access at the moment the action occurs, not just at login or provisioning time.
Practical implication: treat continuous authorisation as a runtime control layer, not a policy checkbox.
Why exposed credentials matter more in AI-driven environments
AI-driven environments expand the blast radius of exposed credentials because secrets can be reused by agents, pipelines, and workloads that act on behalf of multiple teams. The core problem is not only leakage but uncontrolled reuse across systems with different trust levels. Once credentials are embedded in workflows that touch AI tools, the organisation inherits a wider chain of trust than most legacy secrets programmes were designed to monitor.
Practical implication: map every credential to the systems and actors that can reuse it, then remove standing trust wherever possible.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- MongoBleed breach — MongoBleed exposed secrets across 87K MongoDB servers.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
AI security recognition is becoming a proxy for identity governance maturity. The fact that vendors are being recognised for AI security capabilities shows the market is moving from abstract AI strategy to operational control questions. In that setting, identity governance is no longer limited to users and service accounts. The programme now has to answer how it governs machine and agent access with the same discipline it applies to human access, or it will lose visibility at the boundary where AI work actually happens. Practitioners should treat AI-security recognition as a signal that identity scope is broadening.
Continuous authorisation is the right framing, but only if it extends across all actor types. AI agents and machine identities do not fit neatly into static approval models, and human access reviews alone cannot explain what software identities are doing at runtime. The field should stop treating NHI governance as a narrow secrets problem and start treating it as an access assurance problem that spans people, workloads, and agents. Practitioners need governance that can explain access before, during, and after action.
Identity visibility is now a channel requirement, not just an internal control requirement. The article’s emphasis on solution providers and managed service providers reflects a broader market shift toward delegated identity administration. That means the hidden risk is not just unmanaged credentials, but fragmented accountability across partners, platforms, and customers. For security teams, the implication is that access governance must survive the channel model rather than assume a single owner end to end.
Unified Access-style positioning matters because the market is converging on one identity control plane for three actor classes. Human users, AI agents, and machine identities are increasingly being governed in the same operational environment, even if their lifecycle rules differ. That convergence does not erase the differences between actor types. It does, however, make siloed governance untenable. Practitioners should design for a single control surface with distinct policy logic per actor type, not separate programmes that drift apart.
Hybrid identity programmes need a named control boundary for agent and machine access. The article points to a broader industry problem we call identity blast radius: once a credential, token, or agent permission is exposed, it can propagate across multiple systems faster than traditional review processes can react. This is where NHI governance, PAM discipline, and continuous audit need to work together. Practitioners should define that boundary explicitly before AI adoption expands the attack surface further.
From our research:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- 79% of organisations have experienced secrets leaks, and 77% of those incidents caused tangible damage, according to Ultimate Guide to NHIs.
- Use Top 10 NHI Issues to translate that exposure into an inventory, rotation, and offboarding agenda before AI scale makes the gap harder to close.
What this signals
With 52% of security leaders saying AI security decision-making is shifting toward platform and infrastructure teams, governance is moving closer to the operators who actually control access. That makes identity design a shared responsibility across IAM, platform, and security engineering, not a back-office certification exercise.
Identity blast radius: once AI tools, agents, and machine identities share exposed credentials or broad permissions, the impact of one mistake spreads across more systems than a human-only model would allow. That is why access scope, not just credential storage, is becoming the decisive programme boundary for hybrid identity estates. For teams formalising that boundary, the Ultimate Guide to NHIs remains the cleanest reference point.
If 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, the next maturity step is not another policy memo. It is operational proof that secrets, agent permissions, and access reviews can be reconciled before the next automation wave expands the control gap.
For practitioners
- Map AI tools and machine identities into one access inventory Build a single inventory of human users, service accounts, AI tools, agents, and exposed credentials so ownership and review paths are visible in one place. Prioritise systems where credentials can be reused across multiple workloads or partner-managed environments.
- Define runtime review triggers for non-human access Set conditions that force revalidation when an agent changes tool scope, touches a new system, or begins acting outside its normal workflow. Pair those triggers with logs that preserve actor, action, and context together for later investigation.
- Reduce standing trust in shared credential paths Replace long-lived secrets wherever possible and remove credentials from code, configs, and automation paths that can be reached by AI tooling. Where secrets cannot be removed immediately, bind them to narrow scope and short-lived use.
Key takeaways
- AI security recognition is now closely tied to whether an organisation can govern human, machine, and agent identities together.
- The evidence points to a growing gap between AI deployment speed and the identity controls needed to keep access bounded and auditable.
- Practitioners should move from static access thinking to continuous authorisation and shared inventory models across all actor types.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | The post focuses on identity discovery and exposed credential governance. |
| NIST CSF 2.0 | PR.AA-01 | Continuous authorisation and traceable access align with identity assurance practices. |
| NIST Zero Trust (SP 800-207) | PR.AC-4 | Least privilege and dynamic access decisions are central to hybrid identity governance. |
Inventory every non-human identity and map its credential exposure before granting broader access.
Key terms
- Non-Human Identity: A non-human identity is any digital identity used by software rather than a person, including service accounts, API keys, tokens, certificates, workloads, and AI agents. These identities need ownership, scope, lifecycle, and audit controls because they often act at machine speed and scale.
- Continuous Authorisation: Continuous authorisation is the practice of re-checking whether access is still valid while an identity is active, rather than only at login or provisioning time. For non-human and agentic actors, it helps close the gap between granted access and what the actor is actually doing.
- Identity Blast Radius: Identity blast radius is the spread of impact that follows when one credential, token, or permission is overexposed or reused across multiple systems. In hybrid environments, it measures how far a single identity failure can travel through workloads, agents, partner access, and downstream services.
Deepen your knowledge
AI agent and machine identity governance is a core topic in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for the same mixed environment described here, it is worth exploring.
This post draws on content published by 1Password: 1Password Earns Recognition on the Third Annual CRN AI 100 List. Read the original.
Published by the NHIMG editorial team on 2026-05-27.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
