1Password’s board move signals identity security for agents

At a glance

What this is: 1Password’s board appointment highlights a market shift toward continuous identity security for humans, machine identities, and AI agents.

Why it matters: It matters because IAM teams are being pushed to govern delegated access, credential use, and accountability across actor types that no longer fit a human-only control model.

👉 Read 1Password’s board appointment note on identity security for humans and AI agents

Context

Identity security is moving beyond static human logins and into continuous governance of credentials, secrets, and runtime access. As AI agents and automated workflows become part of day-to-day operations, the old assumption that access is tied to a single person and reviewed on a predictable cycle starts to break down.

This is why the article’s signal matters to IAM, PAM, and NHI programmes at the same time. Human access controls, non-human credential governance, and emerging agentic workflows are converging on one problem: how to authorise, observe, and revoke access when the actor can act continuously and at machine speed.

Key questions

Q: How should security teams govern AI agents that use delegated access?

A: Security teams should bind delegated access to a narrow task, a clear authority chain, and a short lifespan. The right model is not “agent gets broad access and behaves responsibly,” but “agent receives only the minimum access needed for the current action, then loses it automatically.” This is especially important where AI agents trigger tools, touch secrets, or interact with production systems.

Q: Why do AI agents change IAM and PAM assumptions?

A: AI agents change IAM and PAM assumptions because they can act continuously, use tools directly, and execute without the human pacing that traditional review cycles expect. That makes static entitlements, delayed approvals, and post-hoc certification weaker controls. The programme has to govern runtime use, not just the assignment of access.

Q: What breaks when access is treated as permanent in agentic workflows?

A: Permanent access breaks accountability, because you can no longer prove whether a credential was still needed, who actually used it, or whether the action stayed inside the original purpose. In agentic workflows, long-lived access also increases blast radius when an agent, workflow, or delegated token is reused across multiple tasks.

Q: Who should own governance when humans and AI agents share access paths?

A: Ownership should sit with the identity, security, and platform teams jointly, because the control problem spans human delegation, machine credentials, and runtime auditability. If each team manages only its own layer, no one can reconstruct the full action chain or revoke access cleanly when the workflow changes.

Technical breakdown

Continuous authorisation for mixed human and machine access

Traditional IAM often treats access as a point-in-time decision. Continuous authorisation changes that model by verifying access during use, not just at login or provisioning. In mixed environments, the control has to account for human users, service accounts, and AI-driven workflows that may reuse credentials, call tools, or move across systems without a new approval event. That is why visibility into credential use becomes as important as entitlement assignment. The technical challenge is not simply granting access, but proving that the access is still appropriate while it is being exercised.

Practical implication: track where runtime access checks exist today and identify which privileged flows still rely on static approval alone.

Delegated identity and ephemeral access in AI agent workflows

Delegated identity is access granted for a narrow purpose under a specific authority chain, while ephemeral access exists only for the task window in which it is needed. In AI agent workflows, those two ideas matter because the agent may act on behalf of a human, but not as that human. If the authority boundary is unclear, credentials can outlive the task, and audit trails become hard to interpret. The governance problem is therefore about binding action to authority, scope, and time in a way that survives automation and delegation.

Practical implication: separate human authority from delegated agent execution and require task-scoped, time-bound credentials for any automated workflow.

Credential and secrets governance across developer environments

Developer environments are where human and machine identities overlap most often. Secrets, API tokens, certificates, and service account credentials commonly appear in code, pipelines, and runtime systems, then spread through tooling chains. The practical risk is that identity governance fragments across vaults, CI/CD, cloud consoles, and app platforms, leaving no single place to see who or what used a credential. From an NHI perspective, that fragmentation is a control failure because it weakens ownership, rotation, and auditability at the same time.

Practical implication: map every place credentials can be created, used, and observed, then close the gaps between vaults, pipelines, and runtime systems.

Threat narrative

Attacker objective: The objective is to operate inside trusted identity boundaries long enough to use credentials, tools, and delegated permissions without reliable accountability.

1. Entry occurs when credentials or delegated access are available to both humans and AI-driven workflows without a clearly bounded authority chain.
2. Escalation happens when the same access path is reused continuously, allowing an actor to move from one task to another without fresh authorisation.
3. Impact is the loss of visibility and accountability across secrets, machine identities, and automated actions, which makes misuse harder to detect and contain.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• MongoBleed breach — MongoBleed exposed secrets across 87K MongoDB servers.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Identity security is becoming a governance problem for authority chains, not just accounts. The article reflects a broader market shift: organisations are no longer trying to secure only users or only machine identities, but the delegation chain between them. That means the control question changes from “who authenticated?” to “who authorised the action and under what scope?” Practitioners should treat identity governance as a runtime discipline rather than a provisioning-only process.

Access control built for people cannot fully explain AI agent behaviour. The article points to a setting where access is continuous, delegated, and potentially non-linear across tools and environments. That is a structural mismatch for programmes that assume a human operator sits behind every meaningful action. Identity teams should re-evaluate whether their current IAM, PAM, and NHI controls can represent an actor that is neither a person nor a simple service account.

Long-lived privilege is the wrong baseline for agentic systems. Dr. Apte’s comments align with a growing reality: if access persists, it can be reused, repurposed, or inherited beyond the original task. That creates a broader identity blast radius across human, machine, and AI workflows. The practitioner takeaway is that governance models should assume delegation decay, not perpetual entitlement.

Ephemeral delegated access is now a named requirement, not an edge case. The most useful concept here is delegated identity entropy: the longer a delegated credential lives, the harder it becomes to prove who used it, why it existed, and whether it remained within authority. That is not a tooling nuance. It is a governance failure mode that will keep appearing as enterprises scale AI agents and workflow automation.

Human, NHI, and agentic controls are converging into one audit problem. The article shows why separate programme silos are no longer sufficient. If humans can trigger automated workflows, and automated workflows can invoke machine credentials, then auditability depends on joining identity data across all three actor types. Practitioners should expect future governance pressure to focus on provable lineage, not just access grants.

From our research:

• 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
• Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
• That confidence gap makes the Ultimate Guide to NHIs a useful next step for teams rebuilding governance around delegated and machine access.

What this signals

Delegated identity entropy: as access chains lengthen across humans, applications, and AI agents, the governance challenge shifts from control placement to proving lineage. Teams that cannot correlate identity events across vaults, workflow systems, and cloud logs will struggle to explain who acted under whose authority, which is why continuous auditability should now be treated as a core programme requirement.

The market is moving toward security models that can represent runtime use rather than static entitlement alone. In that context, the 85% visibility gap into third-party OAuth-connected vendors from our NHI research is a warning sign, not a niche statistic. The same blind spots that weaken NHI governance will also undermine agentic workflows unless teams unify identity telemetry and lifecycle controls.

For programmes formalising this shift, the relevant reference point is our Guide to SPIFFE and SPIRE and the broader Zero Trust pattern in the NIST AI Risk Management Framework. The practical implication is simple: identity policy has to follow the action path, not just the login event.

For practitioners

• Map delegated authority chains Inventory where humans delegate to applications, service accounts, and AI-driven workflows. For each path, document the authority boundary, the credential used, the allowed tools, and the revocation trigger.
• Tighten task-scoped credential lifetimes Replace broad, reusable access with credentials that expire with the task and cannot be reused outside the approved workflow. Prioritise the highest-risk developer and automation paths first.
• Unify audit trails across humans and non-humans Correlate identity events from SSO, vaults, cloud logs, and workflow systems so you can reconstruct who acted, what credential was used, and whether the action stayed inside authority.
• Review privileged workflows for standing access Identify any workflow where access survives longer than the operational need. If revocation depends on manual cleanup or delayed review, the entitlement is already too persistent.

Key takeaways

• Identity security is moving toward continuous governance of delegated access, not just one-time authentication or provisioning.
• The evidence points to a growing visibility problem across humans, machine identities, and AI-driven workflows, especially where access is reused across systems.
• Practitioners should redesign controls around short-lived authority, lineage-aware auditing, and tighter separation between human intent and machine execution.

Key terms

• Delegated Identity: Delegated identity is an identity used on behalf of another actor under a limited authority chain. In practice, it lets a human, application, or workflow act with narrower permissions than the original account, which reduces exposure if the delegation is time-bound and tightly scoped.
• Continuous Authorisation: Continuous authorisation is the practice of checking whether access still fits the current action while the session is active, not just at login. It is most useful where credentials can be reused, tools can be called repeatedly, or automated workflows may drift beyond their original purpose.
• Identity Blast Radius: Identity blast radius is the amount of damage that can flow from one compromised, misused, or overly broad identity. The larger the credential scope, lifespan, and reuse potential, the harder it becomes to contain misuse across systems, teams, and automated workflows.

Deepen your knowledge

Delegated identity and runtime access governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are rebuilding controls for humans, machine identities, and AI agents, it is worth exploring.

This post draws on content published by 1Password: April 7, 2026 board appointment of Dr. Manoj Apte and the company’s identity security position for humans and AI agents. Read the original.