AI agent discovery and policy controls are now an IAM problem

At a glance

What this is: This is a product announcement about a four-method AI agent discovery architecture and a real-time policy engine that together aim to surface registered and shadow agents, map them to NHIs, and control permitted actions.

Why it matters: It matters because IAM and NHI teams need more than inventory, they need enforceable control over agent privileges before autonomous software can write, delete, or execute in production.

👉 Read Astrix Security's announcement on AI agent discovery and policy enforcement

Context

AI agent governance fails when discovery is limited to the platform where an agent was created. Many agents operate through non-human identities, run outside central registries, and gain access through credentials that are invisible to platform-only checks. In practice, that means security teams can have a partial inventory and still miss the agents with the broadest access.

The current gap is not only visibility but control. A registered or unregistered agent can still act with production privileges unless policy is evaluated before execution, and review cycles measured in weeks are too slow for systems that can be deployed in minutes. For IAM and NHI practitioners, the issue is whether governance can keep pace with autonomous execution, not whether a dashboard can list names.

At RSAC 2026, Astrix Security is framing this as a move from discovery to enforcement. That framing is typical of the broader market shift, where agent inventory, identity mapping, and action-level policy are becoming part of the same governance conversation.

Key questions

Q: How should security teams govern AI agents that use non-human identities?

A: They should govern them as runtime entities, not just as accounts on a list. That means inventorying the agent, mapping every NHI it uses, assigning a human owner, and enforcing action-level policy before the agent can write, delete, or execute against sensitive resources. If an agent has no owner or policy, its access should be treated as untrusted.

Q: When does AI agent discovery become more than an inventory problem?

A: It becomes more than inventory when the agent can act in production with credentials that outlive the review process. At that point, the main risk is not whether the agent exists, but whether it can still perform high-impact actions after governance has already become stale. Discovery only matters if it feeds a control decision.

Q: What is the difference between discovering AI agents and controlling them?

A: Discovery identifies where the agents are and what identities they use. Control determines which actions they may perform, on which resources, and under what conditions. An organisation can have a complete inventory and still leave dangerous privilege untouched if it lacks a policy layer that evaluates actions before execution.

Q: Why do AI agents complicate least-privilege access models?

A: Because agents often use shared or long-lived NHIs, move quickly, and cross platform boundaries that human-centric review processes do not cover well. Least privilege still applies, but it has to be enforced at the identity, resource, and execution layers together. Otherwise the agent keeps more reach than the task requires.

How it works in practice

Why platform registries miss shadow AI agents

Platform registries only show what the platform knows about. AI agents built in IDEs, run locally, or deployed on homegrown infrastructure can authenticate through NHIs without ever appearing in Microsoft Copilot, Salesforce Agentforce, Amazon Bedrock, or similar registries. That creates a blind spot because the agent may still have write, delete, or execute permissions through the underlying identity. Discovery that starts at the platform layer therefore undercounts the real agent population and misses the systems where the riskiest access occurs.

Practical implication: Security teams need discovery methods that begin with identity and execution traces, not only with platform registration.

How NHI fingerprinting links identity use to agent activity

NHI fingerprinting looks at credential use patterns across cloud, SaaS, identity providers, and DevOps tools to infer that an agent is behind the activity. The architectural point is simple: if the agent authenticates through an NHI, then the identity layer becomes the durable record of reach, privilege, and accountability. This matters because platform ownership and identity usage are not the same thing. A shadow agent may be unregistered but still fully functional if its NHI remains valid and overprivileged.

Practical implication: Teams should treat NHI telemetry as an inventory source, not just an audit artifact.

Why real-time agent policies change the control model

Real-time agent policy engines move enforcement to the moment before action executes. In this model, allow, flag, and block decisions are evaluated against user, department, platform, and resource context, so the agent does not get a free pass simply because it was discovered earlier. This is closer to runtime authorization than static approval. It also closes a common failure mode in AI governance where visibility exists but no control plane prevents an agent from doing something risky after review has already gone stale.

Practical implication: Practitioners should design for pre-execution policy checks, not post-event review.

NHI Mgmt Group analysis

Discovery without enforcement creates an audit illusion. A complete inventory is useful, but it does not reduce risk unless it changes what the agent can actually do. In NHI programs, visibility often gets mistaken for control, especially when the environment includes autonomous software with its own execution path. The practical conclusion is that agent governance must be measured by prevented actions, not just by counted assets.

Identity is the control point for shadow agents. When an agent uses an NHI to reach production resources, the identity layer becomes the only place where unauthorized access can be shut down independent of platform registration. That makes credential provenance, ownership, and privilege scope central to agent security. The field should stop treating NHIs as a back-end detail and start treating them as the enforcement substrate for agent governance.

Real-time policy is the new least-privilege test for agents. Traditional approval workflows are too slow for software that can be deployed in minutes and act immediately. A policy engine that evaluates action, resource, and context before execution is what turns least privilege from a static principle into an operational control. Practitioners should assume that any agent without runtime policy enforcement is effectively operating on standing privilege.

Agent security is becoming a convergence category for IAM and endpoint telemetry. The discovery problem spans identity providers, SaaS platforms, EDR, browsers, network sensors, and homegrown services, which means no single source of truth is sufficient. That convergence is where the market is heading, because agent governance now depends on correlating execution, identity, and resource access across layers. Security teams should re-evaluate siloed tooling assumptions before deploying agents at scale.

From our research:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
• 48% of organisations say they cannot track and audit the data their AI agents access, leaving a complete blind spot for compliance and breach investigation.
• That governance gap is why practitioners should pair discovery with policy enforcement, using the NHI Lifecycle Management Guide to tighten ownership, review, and offboarding practices.

What this signals

Ephemeral AI agent access creates ephemeral trust debt. The operational problem is not only that agents are numerous, but that their privileges can be created faster than governance can review them. With 98% of organisations planning to deploy even more AI agents within the next 12 months, per AI Agents: The New Attack Surface report, teams should assume that unmanaged growth is the default unless discovery and runtime policy are joined together.

For practitioners, the next programme shift is toward correlated controls across identity, endpoint, and platform telemetry. A security stack that sees only one layer will miss the agent that authenticates elsewhere and executes somewhere else. That is why agent governance is becoming a cross-domain identity problem rather than a tooling add-on.

For practitioners

• Inventory agents by identity trace, not just platform registry Correlate AI platform data with NHI usage across cloud, SaaS, DevOps, and identity providers so unregistered agents do not remain invisible. Prioritise systems where the same credential can reach production resources and administrative functions.
• Map each agent to an accountable human owner Require every discovered agent to be linked to a named business owner, a technical owner, and the NHIs it uses. If an agent cannot be assigned ownership, treat it as an unmanaged system and restrict its access until reviewed.
• Enforce pre-execution policy checks for high-risk actions Block or flag actions before execution when an agent requests write, delete, or administrative operations against critical resources. Use context such as department, platform, and resource type to decide whether the action should proceed.
• Review NHI privileges assigned to autonomous software Identify service accounts, tokens, and certificates used by agents and reduce access to the minimum required scope. Revalidate those privileges on a short cycle so review lag does not outlive deployment changes.

Key takeaways

• AI agent risk is now an IAM and NHI governance problem because discovery without enforcement leaves autonomous software free to act inside production systems.
• Most organisations already see agent behaviour drifting beyond intended scope, which means the control gap is operational, not theoretical.
• Teams need identity-based discovery, accountable ownership, and runtime policy checks before they can trust agentic workloads at scale.

Key terms

• Non-Human Identity: A non-human identity is a credentialed account or token used by software rather than a person. In agentic environments, NHIs often carry the access that lets automation reach production systems, which makes their ownership, rotation, and privilege scope central to security governance.
• Agent Control Plane: An agent control plane is the policy layer that decides what an AI agent may do before execution. It connects discovery, identity, and authorization so the organisation can enforce task-scoped limits instead of relying on static registration or after-the-fact review.
• Shadow AI: Shadow AI is an AI agent or automated system operating without formal security visibility or governance. These agents may run locally, in developer tools, or through untracked services, which makes them hard to inventory but still capable of using valid NHIs to access enterprise resources.
• Runtime Authorization: Runtime authorization is the practice of evaluating a request at the moment an action is about to occur. For AI agents, this is the difference between knowing an agent exists and stopping it from performing a risky operation that exceeds its intended scope.

What's in the full announcement

Astrix Security's full product announcement covers the operational detail this post intentionally leaves for the source:

• Detailed coverage of the four discovery methods and how each contributes to a single inventory.
• Policy scope examples for allow, flag, and block decisions across users, departments, platforms, and resources.
• Examples of how agent behaviour monitoring detects anomalous access and credential misuse in real time.
• Implementation context for environments that need to map agents to NHIs and accountable owners.

👉 Astrix Security's full post covers the four discovery methods, policy controls, and inventory mapping details.

Deepen your knowledge

AI agent identity mapping and runtime control are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building an agent governance programme from a similar starting point, it is worth exploring.