TL;DR: AI agents and other non-human identities are multiplying across enterprise environments, and SailPoint says its new Agentic Fabric is designed to extend identity security beyond human users by combining discovery, governance, authorization, and protection across cloud, applications, and endpoints. The governance gap is now the central risk: visibility without ownership is not control, and machine-speed access demands lifecycle discipline, not just policy.
At a glance
What this is: SailPoint says Agentic Fabric extends identity security to AI agents and other non-human identities by linking discovery, governance, authorization, and protection around human ownership and activity context.
Why it matters: For IAM and NHI teams, the key issue is not just finding agents, but assigning accountability, enforcing least privilege, and keeping access reviewable as autonomous systems scale.
By the numbers:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.
👉 Read SailPoint's analysis of Agentic Fabric and enterprise AI identity governance
Context
AI agent identity is now an IAM problem, not just an AI deployment issue. Once autonomous software can act with execution authority, it becomes a non-human identity that needs ownership, policy, and auditability. The core gap is that many enterprises can provision access, but cannot reliably explain which agent is acting, who is accountable, or whether the access matches the task.
SailPoint's announcement frames that gap around discovery, governance, and protection. That framing is directionally right for NHI practitioners because the control challenge is lifecycle-based: inventory, entitlement, authorization, and ongoing review must all work together. The starting position described here is increasingly typical, not exceptional, because AI adoption is expanding faster than identity governance models were built to absorb.
The practical implication is that identity teams should stop treating AI agents as an edge case. They are becoming part of the enterprise identity population, and the governance model needs to reflect that reality with policy, telemetry, and ownership tied together.
Key questions
Q: How should organisations govern AI agent access without losing operational speed?
A: Use task-scoped access, explicit human ownership, and runtime monitoring together. Fast-moving agents still need a clear approval path, a defined purpose, and revocation when behaviour drifts. The goal is not to slow automation, but to make every action traceable and every entitlement reviewable before it becomes standing risk.
Q: What is the difference between least privilege and zero standing privilege for AI agents?
A: Least privilege limits what an agent can do, while zero standing privilege removes persistent access and grants it only when needed. For AI agents, ZSP is stronger because their behaviour can change at runtime. It reduces the chance that a forgotten credential becomes a permanent pathway into sensitive systems.
Q: Why do AI agents create more IAM risk than traditional service accounts?
A: AI agents can choose actions, call tools, and operate across multiple systems with less predictable behaviour than conventional service accounts. That means the access model must account for runtime context, not just identity creation. If the organisation cannot explain what the agent did and why, governance has already failed.
Q: Should teams prioritise discovery or policy first for NHI governance?
A: They should start both in parallel, but discovery usually comes first when shadow AI is already present. Policy without visibility cannot govern what the team has not found. Discovery without policy only inventories the problem, so the programme needs both to identify identities and then constrain them.
How it works in practice
How identity graphs help map AI agents to human ownership
An identity graph links an AI agent to the human owner, the data it can reach, and the systems it can call. In NHI governance, that matters because access decisions are rarely useful if they stop at the credential layer. The graph creates context for review, showing relationships among agents, service accounts, applications, and policy boundaries. Without that context, teams can discover an agent but still fail to answer who approved it, what it can do, and whether its access still matches the business task. Practical implication: build a record that connects each agent to ownership, scope, and review cadence.
Practical implication: connect each agent to ownership, scope, and review cadence.
Why least privilege breaks down for autonomous agents
Least privilege assumes access can be bounded to a stable role and predictable task. Autonomous agents complicate that assumption because their actions can vary based on prompts, tools, and runtime context. A static role may be too broad, while a narrow role may block valid work and push teams toward exceptions. That is why agentic governance usually needs dynamic authorization, short-lived entitlements, and stronger monitoring than human-centric IAM. The technical challenge is not just issuing access, but continuously proving that the current privilege set still matches the current execution path. Practical implication: replace static entitlements with task-scoped controls where possible.
Practical implication: replace static entitlements with task-scoped controls where possible.
What discovery and protection controls need to do at runtime
Discovery finds agents and their connected systems, but runtime protection is what limits damage when an agent behaves outside expectation. That means real-time authorization checks, activity correlation, and automated response when access patterns change. For NHI security, this is the difference between having an inventory and having enforcement. A discovery tool can expose shadow AI, but if access remains persistent and unreviewed, the risk only becomes visible faster. The useful architecture combines inventory, policy, and response so that detection feeds immediate containment. Practical implication: tie discovery findings directly to revocation and step-up controls.
Practical implication: tie discovery findings directly to revocation and step-up controls.
NHI Mgmt Group analysis
AI agent identity is becoming the next identity perimeter. The control problem is no longer limited to employees and contractors because autonomous software now carries execution authority, tools, and data reach. That changes the unit of governance from account-centric to relationship-centric, where ownership and context matter as much as authentication. Practitioners should treat AI agents as first-class identities and govern them with the same seriousness as privileged infrastructure accounts.
Discovery without accountability creates only a better inventory of risk. Finding agents is necessary, but it does not solve the governance gap if no one owns each identity or reviews its access lifecycle. A useful NHI model requires human attribution, entitlement scoping, and clear escalation paths when an agent acts unexpectedly. The field should measure success by revocable accountability, not by the number of discovered agents.
Ephemeral access is helpful, but it does not eliminate ephemeral credential trust debt. Short-lived permissions reduce exposure time, yet the trust assumption behind each token, key, or session still needs validation. That means organisations must combine JIT access, policy enforcement, and runtime monitoring rather than treating short duration as a substitute for control. Practitioners should assume temporary access can still create lasting risk if oversight is weak.
Shadow AI will push NHI governance from inventory to enforcement. Once undiscovered agents exist in production, the programme cannot rely on periodic review alone. Security teams will need continuous discovery, automated entitlement correction, and tighter linkage between policy violations and response. The governance standard is moving toward active control of agent behaviour, not passive documentation of it.
Agentic governance is converging with Zero Trust and Zero Standing Privilege. That convergence is not a slogan. It reflects the fact that autonomous identities should not hold persistent privilege simply because they are software. The organisations that operationalise this shift will be able to scale AI use without accepting unmanaged access as a side effect.
From our research:
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
- OWASP NHI Top 10 and Ultimate Guide to NHIs help teams translate that visibility problem into controls.
What this signals
Agentic identity governance is moving from pilot concern to programme requirement. With 96% of technology professionals identifying AI agents as a growing security threat, the operating assumption has changed. Teams should expect AI identity reviews to join standard access governance, not sit outside it.
Ephemeral access will matter more, but only when paired with enforcement. Short-lived credentials reduce blast radius, yet they do not resolve ownership or auditability on their own. Security teams should align that model with NIST AI Risk Management Framework governance practices and step-up controls.
Shadow AI is likely to surface first in access reviews, not in model monitoring. The discovery problem is now an identity problem, which means recertification, entitlement review, and session monitoring become the fastest detection points. Organisations should wire NHI discovery into OWASP Agentic AI Top 10 style threat modelling so the governance model stays ahead of deployment.
For practitioners
- Inventory every AI agent and machine identity Build a complete register of agents, service accounts, API keys, and related identities, then tie each one to an owner, purpose, and business system. Use the inventory to expose shadow AI and identify identities with no accountable human sponsor.
- Enforce task-scoped access for autonomous identities Replace broad standing permissions with short-lived, task-specific entitlements wherever the workflow allows. Pair the change with approval records and periodic validation so temporary access does not become de facto permanent access.
- Connect runtime alerts to automatic revocation When an agent exceeds its intended scope, trigger containment that can disable credentials, suspend sessions, or require step-up authorisation. Discovery is only useful if it feeds immediate response.
- Review agent ownership during access recertification Add explicit agent ownership checks to every access review cycle so teams can verify who is accountable, whether the access is still needed, and whether the agent's permissions remain aligned to its current task.
Key takeaways
- AI agents should be treated as non-human identities with ownership, scope, and review requirements, not as a separate AI-only exception.
- The main risk is governance drift: organisations can discover agents faster than they can assign accountability and restrict access.
- The strongest response combines discovery, task-scoped access, runtime enforcement, and recertification tied to human ownership.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | NHI-01 | Agent identity sprawl and tool use map directly to agentic application risk. |
| NIST AI RMF | AI RMF governance fits ownership, accountability, and runtime control for agents. | |
| NIST Zero Trust (SP 800-207) | PR.AC-4 | Continuous verification supports short-lived access and dynamic agent authorisation. |
Apply continuous verification to agent sessions and revoke access on policy drift.
Key terms
- Agentic Identity: An agentic identity is a non-human identity used by an autonomous system that can act, call tools, and access data with execution authority. It needs the same governance discipline as other privileged identities, plus runtime context, ownership mapping, and revocation paths.
- Identity Graph: An identity graph is a relationship map that connects identities, assets, data, and permissions so teams can see how access actually flows. In NHI programmes, it helps explain which agent is related to which owner, which system, and which policy boundary.
- Zero Standing Privilege: Zero standing privilege means no persistent access remains in place by default. Access is created only when needed and removed immediately after the task, which is especially valuable for NHI and agentic workflows where dormant permissions can become a quiet source of compromise.
What's in the full announcement
SailPoint's full post covers the operational detail this post intentionally leaves for the source:
- How the identity graph maps AI agents, humans, data, and systems across cloud and endpoint environments.
- What the Agentic Business and Agentic Business Plus packages change for least-privilege and zero-standing-privilege rollout decisions.
- How the Discovery Tool surfaces shadow AI and application relationships in existing environments.
- What the launch event and availability timeline mean for teams planning pilot-to-production transitions.
Deepen your knowledge
AI agent identity governance is a core topic in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for autonomous identities in a similar environment, it is worth exploring.
Published by the NHIMG editorial team on 2026-05-11.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
