Agentic AI and NHI sprawl are forcing IAM governance to adapt

At a glance

What this is: This is an analysis of how agentic AI and NHI growth are stretching enterprise IAM, with the key finding that identity sprawl is now large enough to make static governance models unreliable.

Why it matters: It matters because IAM, NHI, and PAM teams need controls that can evaluate machine behavior continuously, not just periodically review human access.

By the numbers:

• Within the average enterprise, non-human identities now outnumber employees, contractors, and customers by anything between 10-to-1 and 92-to-1.
• Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
• Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems.
• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes.

👉 Read One Identity's analysis of how agentic AI and non-human identities are transforming cybersecurity

Context

Non-human identity sprawl is now a core IAM problem, not a side effect of automation. As machine identities, service accounts, tokens, and AI agents multiply across hybrid environments, the control plane that was built for people has to govern entities that act faster, scale wider, and behave less predictably than human users.

The article frames agentic AI as an extension of that problem because autonomous systems can request, reuse, and trigger access without the same behavioral cues that traditional IAM relies on. For NHI governance, the issue is not whether automation helps, but whether policy, monitoring, and revocation can keep pace with machine-driven access patterns; that starting point is typical for modern enterprise IAM, but the scale is increasingly atypical.

Key questions

Q: How should security teams govern AI agents that can act on their own?

A: Security teams should govern AI agents as privileged non-human identities with explicit ownership, narrow scope, and continuous monitoring. The practical standard is to combine least privilege, short-lived access, and event-driven revocation so the agent cannot keep acting after risk changes. If an agent can call tools, it needs the same controls as other high-impact machine identities.

Q: What is the difference between zero trust for people and zero trust for NHIs?

A: Zero trust for people often relies on login friction, user context, and periodic review. Zero trust for NHIs has to be machine-speed, because credentials can be embedded in workflows and used repeatedly without human intervention. For machine identities, the control objective is continuous revalidation, tight privilege scope, and automatic shutdown when behavior changes.

Q: When does just-in-time access reduce risk for machine identities?

A: JIT access reduces risk when the privilege is truly temporary, the scope is tightly limited, and revocation happens automatically after the task or signal ends. It becomes less effective when the underlying credential remains reusable, the session can be extended without review, or the entitlement is broad enough to support multiple actions. The control only works when expiration is enforced.

Q: Why do AI agents complicate traditional IAM and PAM controls?

A: AI agents complicate IAM and PAM because they can make decisions, chain tools, and act faster than human review cycles can respond. They also blur the line between authentication and authorization, since the same identity may trigger multiple actions after a single approval. That means organizations need policy, telemetry, and revocation designed for autonomous behavior, not just human login events.

Technical breakdown

Why NHI sprawl breaks human-centric IAM models

Traditional IAM assumes users have stable identities, understandable work patterns, and review cycles that match business process. NHIs break those assumptions because they are numerous, ephemeral, and often embedded in automation, pipelines, and workloads. Once those identities are allowed to chain actions, the access problem shifts from authentication to authorization drift, where the real risk is not just who authenticated but what the entity can keep doing after entry. In agentic systems, the control point has to follow the identity across sessions, tools, and data sources.

Practical implication: inventory machine identities separately from people and treat each one as a governed subject, not a background credential.

How zero-trust and JIT access change the trust model

Zero trust for NHIs is not a slogan. It means each access decision should be conditional, time-bound, and continuously re-evaluated based on context and behavior. Just-in-time access reduces standing privilege, but only if revocation is automatic and scope is narrow enough to prevent privilege carryover. For agents, the important architectural question is whether the system can revalidate intent before each tool call or sensitive transaction, rather than trusting a session that may now be acting autonomously.

Practical implication: use JIT and adaptive policy to shrink credential lifetime and force reauthorization when risk changes.

Why IAM and SIEM integration matters for anomalous machine behavior

The article points to a practical control pattern: IAM can consume SIEM signals to decide whether access should be restored or blocked, and IAM can also feed audit data back into the SIEM. That loop matters because NHI abuse often looks legitimate at the credential level while being abnormal at the behavioral level. For AI agents, anomaly detection is only useful if policy enforcement is immediate enough to interrupt abuse before lateral movement or exfiltration completes.

Practical implication: connect identity telemetry to detection workflows so anomalous machine activity can trigger policy action, not just alerts.

Threat narrative

Attacker objective: The attacker objective is to turn trusted machine access into durable control over infrastructure, data, or downstream workflows.

1. Entry occurs when an attacker abuses exposed or over-permissioned non-human credentials, which can be embedded in automation, APIs, or machine workflows.
2. Escalation follows when the compromised identity retains enough standing privilege to move into additional systems or invoke more powerful tools without reauthorization.
3. Impact is achieved when the attacker uses the machine identity to manipulate infrastructure, access sensitive data, or carry out actions that appear to originate from legitimate automation.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Salesloft OAuth token breach — hackers stole OAuth tokens to access Salesforce data via Salesloft.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

NHI governance has moved from inventory management to blast-radius control. Once machine identities outnumber people by an order of magnitude, the question is no longer whether they exist but how far each one can move if compromised. That shifts the centre of gravity from access catalogues to privilege containment, session control, and event-driven revocation. Practitioners should treat blast radius as the primary design variable.

Agentic AI creates an ephemeral credential trust debt. Autonomous systems inherit trust from the identities and tokens they use, but they also multiply the number of decision points where that trust can be abused, persisted, or replayed. The problem is not only static secrets but the length of time a machine can act before governance catches up. Practitioners should reduce the time between authorization, use, and verification.

Zero trust for NHIs only works when enforcement is machine-speed. Human review cycles cannot keep pace with automated access requests, workflow chaining, or rapid misuse of credentials. That means policy has to be conditional, telemetry-driven, and capable of cutting access mid-session when behavior diverges from the expected pattern. Practitioners should design for interruption, not just approval.

Identity fabrics are becoming a governance layer for automation, not a replacement for IAM. The useful part of this trend is orchestration across self-service, authentication, authorization, and monitoring so that machine activity can be governed consistently. The risk is assuming orchestration alone solves policy design. Practitioners should anchor any fabric-style approach in clear rules, scoped privilege, and measurable revocation outcomes.

AI should augment identity governance, but never become the final authority over trust. The article’s core lesson is that AI can help identify patterns, enforce repetitive controls, and reduce manual burden, yet the rules themselves still need human-defined boundaries. Autonomous governance without strict policy design simply automates ambiguity. Practitioners should use AI to enforce intent, not invent it.

From our research:

• Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, according to the 2026 Infrastructure Identity Survey.
• 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to the same survey.
• For a broader control baseline, see OWASP Agentic AI Top 10 for the risks that should shape access policy and monitoring design.

What this signals

Ephemeral credential trust debt: the more often an agent can obtain and reuse access, the more trust the enterprise accumulates without a matching governance model. With 70% of organisations already granting AI systems more access than human employees, per the 2026 Infrastructure Identity Survey, programme owners should expect autonomous privilege to outgrow human review capacity unless they re-architect entitlement controls.

Identity governance teams should prepare for broader delegation between IAM, infrastructure, and platform teams because autonomous access decisions increasingly sit closer to the workload than the help desk. That makes ownership, auditability, and revocation paths the first things to standardise before agentic deployments spread.

The practical next step is to align machine-identity controls with NIST Cybersecurity Framework 2.0 and OWASP Agentic AI Top 10 so policy, detection, and response all cover autonomous actions rather than only user logins.

For practitioners

• Build a dedicated NHI inventory Separate service accounts, API keys, tokens, certificates, and AI agents from human identities, then map each one to an owner, purpose, and revocation path. Tie the inventory to your lifecycle processes for provisioning, rotation, and offboarding.
• Replace standing access with JIT controls Move high-risk machine access to time-bound entitlements that expire automatically after the task completes. Require reauthorization for sensitive actions and ensure the privilege scope cannot expand silently during the session.
• Connect identity telemetry to SIEM response Feed access decisions, failed reauthorizations, and anomalous machine behavior into detection workflows so the IAM layer can suspend or deny access when behavior diverges from policy.
• Review AI agent permissions as if they were privileged users Treat autonomous agents as high-risk NHIs and apply the same scrutiny used for PAM accounts, including narrow scope, short session duration, and explicit approval for tool use that can change infrastructure.

Key takeaways

• Non-human identities now create a scale problem for IAM, because the volume and speed of machine access outstrip human-centric governance models.
• Agentic AI increases the risk of credential reuse and privilege drift, which makes continuous verification more important than periodic review.
• The operational priority is to shrink standing privilege, connect identity telemetry to response, and treat machine identities as high-risk subjects.

Key terms

• Non-Human Identity: A non-human identity is any digital identity used by software rather than a person. That includes service accounts, API keys, tokens, certificates, workloads, bots, and AI agents. The governance challenge is that these identities often scale faster than their ownership, rotation, and revocation controls.
• Agentic AI: Agentic AI is software that can make decisions and take actions with execution authority, often by calling tools or services on its own. In security terms, it behaves like a machine identity with operational power, which makes authorization boundaries and monitoring more important than a simple login event.
• Identity Fabric: An identity fabric is an orchestration layer that connects authentication, authorization, self-service, and monitoring across fragmented identity systems. For NHI governance, it is useful only when it enforces clear policy and revocation, rather than simply automating the movement of access decisions between tools.
• Zero Standing Privilege: Zero Standing Privilege means no access remains permanently available when it is not needed. Credentials or entitlements are granted only for a specific task, then removed automatically. For machine identities, this reduces the chance that a reused token or stale privilege becomes a long-lived attack path.

Deepen your knowledge

Agentic AI and NHI governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for autonomous systems and machine identities, it is worth exploring.

This post draws on content published by One Identity: How agentic AI and non-human identities are transforming cybersecurity. Read the original.