AI agent credential sprawl is outpacing enterprise IAM controls

At a glance

What this is: This is 1Password’s analysis of how AI agents are widening credential sprawl and exposing the limits of human-centric IAM, PAM, and SSO controls.

Why it matters: It matters because IAM teams now have to govern access that is created, copied, and used by software identities at machine scale across NHI, agentic, and human workflows.

By the numbers:

• 1 in 4 employees has used AI applications that were not approved by their company.
• Repositories with Copilot active are 40% more likely to have at least one leaked secret.

👉 Read 1Password's analysis of AI agent credential sprawl and machine identity risk

Context

Credential sprawl is the gradual loss of centralized visibility over the keys, tokens, certificates, and secrets that actually grant access. In this case, the primary keyword is AI agent credential sprawl, and the article argues that the problem has intensified because software identities now create and reuse credentials at machine scale.

That matters for IAM because traditional controls were built around interactive human sessions, not around non-human identities that duplicate access, persist quietly, and fall outside normal onboarding and offboarding processes. The result is a wider attack surface across service accounts, API keys, SSO tokens, and developer secrets.

The article also connects this to shadow AI and unsafe developer practices, showing that unmanaged applications create unmanaged credentials whether or not the tooling is formally approved. That is a familiar NHI problem, but AI agents make the scale and velocity materially worse.

Key questions

Q: How should security teams reduce credential sprawl caused by AI agents?

A: Start by discovering where non-human credentials are created, copied, and reused across code, chat tools, CI/CD logs, and agent workflows. Then separate human IAM from machine identity governance so service accounts, API keys, and tokens have their own ownership, review, and revocation path. The goal is to control the full credential lifecycle, not just store secrets more neatly.

Q: Why do SSO and MFA not fully solve credential sprawl?

A: SSO and MFA were designed for interactive human access, so they miss credentials that authenticate programmatically or exist outside the SSO boundary. That leaves service accounts, API keys, and other NHI credentials outside the main control plane. Organisations need separate controls for discovery, lifecycle management, and attribution if they want full visibility.

Q: What breaks when developer secrets are hardcoded or copied into collaboration tools?

A: The break is governance, not just storage. Once a secret is embedded in code, Slack, Jira, or Confluence, it escapes the normal lifecycle path and becomes harder to discover, review, and revoke. That increases the chance of stale access, overprivilege, and unauthorized reuse by people or machines.

Q: Who should own accountability for AI agent credentials and access?

A: Accountability should sit with the team that owns the workflow and the non-human identity, not with a human offboarding process or a generic IAM queue. AI agents can replicate access and act continuously, so the owner must be able to prove when access was issued, why it exists, and when it should end. That is the basis for clean attribution.

Technical breakdown

Why credential sprawl expands when AI agents create access

AI agents do not just consume credentials. They also create, copy, and reuse them as part of normal operation, which turns credential management into a machine-speed distribution problem. In practice, the identity surface now includes API keys, OAuth tokens, service accounts, and embedded secrets that can appear in code, chat tools, automation workflows, and agent memory. The challenge is not only exposure, but loss of authoritative inventory. When access is created outside a central process, security teams lose the ability to prove what exists, who uses it, and whether it should still be active.

Practical implication: build discovery around where credentials are actually generated and stored, not only where they are supposed to live.

Why human-centric IAM and PAM miss non-human identity behaviour

Legacy IAM and PAM controls assume a person at the keyboard, a clear login event, and a reviewable session boundary. NHIs break that model because they authenticate programmatically, often run continuously, and can retain access after their original task is complete. The article’s core point is that overprivileged machine identities become invisible when they look like ordinary service traffic. That is why SSO coverage, user-centric offboarding, and manual access reviews do not close the gap. They are structurally mismatched to identities that are not person-shaped in the first place.

Practical implication: map non-human identities to their own governance path instead of relying on human IAM workflows.

How agentic applications turn secrets hygiene into a runtime control problem

The article shows that AI tools are not only exposing existing weaknesses, they are also reproducing bad credential practices at scale. Vibe coding, shadow AI, and agent gateways can generate new secrets, hard-code them into workflows, and spread them across collaboration tools or local environments. Once that happens, static discovery alone is not enough, because the problem becomes when the credential is available, who or what can use it, and whether access can be scoped to task and time. The technical issue is runtime delegation, not just secret storage.

Practical implication: shift from one-time secret cleanup to continuous runtime control over credential issuance, use, and revocation.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Sisense breach — unauthorized GitLab access led to exfiltration of access tokens, API keys and certificates.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Credential sprawl is now an identity governance problem, not just a secrets problem. The article makes clear that credentials are spreading across code, collaboration tools, AI agents, and unmanaged apps faster than teams can inventory them. That means the governance boundary has moved beyond vaults and into the full application and workflow stack. Practitioners should treat every unmanaged credential as an unmanaged identity relationship, not a discrete secret to be rotated later.

Agent-created credential sprawl: AI agents do not merely inherit access, they multiply it through runtime creation and reuse. That is the named concept this article sharpens, and it explains why traditional inventories keep lagging behind reality. When software identities can create and replicate credentials at machine scale, the old assumption that access changes are slow enough to be centrally observed stops holding. The implication is that identity programmes need to govern credential generation and propagation, not only final entitlement state.

SSO coverage gaps and offboarding failures are the same governance issue at different points in the lifecycle. The article links shadow AI, missed SSO coverage, and post-employment access as symptoms of one broken control plane. When access sits outside onboarding, review, and offboarding paths, the organisation cannot prove who still has what. This is a lifecycle failure that crosses human and machine identities, and it should push teams to unify governance of application access, not manage each channel separately.

Overprivileged NHIs become breach multipliers when agents can reach them faster than teams can review them. The article’s machine-scale access model means that a single exposed token or service account can become a broad impact path if it is tied to tools, pipelines, or agents. That is why privilege scope and credential location matter together. Practitioners should assume blast radius grows whenever non-human credentials are long-lived, duplicated, and weakly attributed.

Credential governance has to shift from static posture to operational control. The source article shows that unmanaged AI tooling, developer habits, and collaboration systems all create new credential exposure paths that static scanning will not fully resolve. The field needs stronger linkage between discovery, approval, access delivery, and revocation. Teams that keep treating secrets as isolated artifacts will continue to miss the system-level risk.

From our research:

• NHIs now outnumber human identities by 144:1 in enterprise environments, a 44% increase year-over-year driven by AI agents, CI/CD automation, and third-party integrations, according to The NHI and Secrets Risk Report.
• Our research also found that over 5.5% of AWS NHIs hold full admin privileges, which means a small slice of machine identities can carry outsized breach impact.
• The broader lifecycle answer is in Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs, which helps teams connect discovery, provisioning, rotation, and offboarding.

What this signals

Credential sprawl is becoming a board-level governance signal because the identity boundary now includes software that can create its own access. With 144:1 non-human-to-human identity scale in enterprise environments, per The NHI and Secrets Risk Report, teams should expect ownership gaps to surface first in AI workflows, collaboration tools, and CI/CD pipelines.

Agent-created credential sprawl: this is the practical name for a programme problem that combines shadow AI, secrets leakage, and lifecycle drift. Teams that still rely on human-oriented offboarding and access review cycles will keep missing machine identities that duplicate faster than they can be certified.

For practitioners, the next step is to connect discovery and lifecycle control to the same governance model used for application access, then anchor that model in the NIST AI Risk Management Framework and the OWASP Agentic AI Top 10 where autonomous or semi-autonomous tooling is involved.

For practitioners

• Inventory credentials where they are actually created and reused Extend discovery beyond repositories into chat platforms, ticketing tools, CI/CD logs, local files, and agent workspaces so unmanaged secrets do not hide outside review scope.
• Separate non-human identity governance from human offboarding workflows Assign distinct lifecycle controls for service accounts, API keys, and agent identities so review, revocation, and ownership do not depend on employee-centred IAM processes.
• Reduce standing privilege on machine identities Re-scope long-lived service accounts and API tokens so they only carry the minimum access needed for the current workflow, and retire any access that survives beyond task completion.
• Add runtime attribution to agent and automation access Log which software identity used which credential, from which workflow, and for which action, so investigators can distinguish agent activity from ordinary system traffic.
• Treat shadow AI as a credential discovery problem Link application discovery to secret finding so unapproved AI tools and agent platforms are identified before they become a new source of unmanaged credentials.

Key takeaways

• AI agents intensify credential sprawl because they create and reuse non-human credentials at machine scale, outside human-centric IAM assumptions.
• The evidence points to a governance gap across SSO, offboarding, and secrets hygiene, with unmanaged access appearing in apps, chat tools, and developer environments.
• Practitioners need lifecycle-specific controls for machine identities, plus runtime attribution and privilege reduction, if they want to limit blast radius.

Key terms

• Credential Sprawl: Credential sprawl is the uncontrolled spread of secrets, tokens, keys, certificates, and similar access artifacts across tools and workflows. It matters because the organisation loses visibility into where access lives, who uses it, and whether it can still be justified.
• Non-Human Identity: A non-human identity is any machine account or credentialed software entity used to access systems, data, or services. That includes service accounts, API keys, tokens, certificates, bots, workloads, and AI agents that operate with independent access paths.
• Shadow AI: Shadow AI refers to AI tools, agents, or workflows that are in use but not approved, inventoried, or governed by the organisation. It creates hidden identity and credential risk because access may exist outside the normal onboarding, review, and revocation process.
• Runtime Credential Delivery: Runtime credential delivery is the practice of issuing access only when a workflow needs it, then removing it once the task is complete. For non-human identities, this reduces the lifespan of secrets and narrows the window in which exposed credentials can be abused.

Deepen your knowledge

AI agent credential sprawl and machine identity governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is dealing with shadow AI, service accounts, or secrets spread across collaboration tools, it is worth exploring.

This post draws on content published by 1Password: AI agent credential sprawl and machine identity risk. Read the original.