TL;DR: Most organisations still cannot answer who their AI agents are, who owns them, what they can access, or whether that access is appropriate, highlighting a governance gap as agents take on more autonomous work, according to Omada Identity. The real issue is that access models built for people do not hold when digital actors can connect, act, and decide at machine speed.
At a glance
What this is: Omada Identity’s new agent governance message argues that AI agents are becoming unmanaged digital actors that current identity controls cannot fully see or govern.
Why it matters: IAM teams need to treat agent identities as a governance problem across NHI, autonomous, and human identity programmes because ownership, privilege, and auditability all break down at different points.
👉 Read Omada Identity's announcement on Omada Agent Governance
Context
AI agent governance is the problem of applying identity, access, ownership, and review controls to software actors that can use tools and make decisions during runtime. The gap is not just volume, but the fact that many organisations cannot consistently answer which agents exist, who owns them, or what they are allowed to do. For identity teams, that puts agent governance squarely alongside NHI management and lifecycle control.
Omada’s framing is that existing security and identity models were built mainly for people, then stretched to cover machine-like actors without redesigning the control model. That matters because agent access can span cloud platforms, shared services, and delegated workflows in ways that are difficult to review after the fact. For a practical NHI reference point, see the Ultimate Guide to NHIs.
Key questions
Q: How should security teams govern AI agents that access cloud systems and data?
A: Start by treating each agent as a governed identity with an owner, a business purpose, and a bounded permission set. Then track the agent through its lifecycle, including approval, review, revocation, and exception handling. Without that structure, agents quickly become unmanaged access paths rather than controlled digital workers.
Q: What breaks when AI agent access is managed like a normal service account?
A: The control model breaks when teams assume the agent will behave predictably, stay within a fixed access pattern, and remain easy to review later. AI agents can change execution paths during a task, so static entitlement thinking misses the real governance risk. The result is weak accountability and excess privilege.
Q: How do teams know whether AI agent permissions are too broad?
A: Measure whether the permissions assigned to the agent match what it actually uses in production. If the access set is much wider than observed activity, the agent is over-privileged. Review ownership and business justification together, because unused access is often the earliest sign of governance drift.
Q: Who should be accountable for AI agent identity risk?
A: Accountability should sit with the business or product owner that introduced the agent, with IAM or security providing control enforcement and review. If ownership is vague, the agent will drift into orphan status even if the technical controls look complete. Clear accountability is what makes lifecycle governance work.
How it works in practice
Why AI agent identity is not just another service account problem
AI agents can look similar to non-human identities at the policy layer, but their behaviour is different because they may choose actions, call tools, and change execution paths while a task is in flight. That makes identity governance harder than simple credential inventory. A service account is usually provisioned for a known function. An agent may be provisioned for a broad intent, then operate across multiple systems and data sets as it decomposes work. The governance challenge is therefore not only authentication, but runtime authorisation, ownership, and traceability across decisions. When the agent can adapt its behaviour during execution, the control surface expands beyond static entitlements.
Practical implication: Map AI agents separately from conventional service accounts so ownership, scope, and review logic can reflect runtime behaviour, not just stored credentials.
Why cloud-wide visibility matters for AI agent governance
Omada’s core point is that organisations often lack a reliable inventory of agent identities across cloud platforms. Without that inventory, governance becomes reactive, because no one can tell whether access is approved, excessive, or orphaned. In identity terms, visibility is the prerequisite for lifecycle management, recertification, and privilege cleanup. If an agent is created in one platform, connected through another, and used by a third party workflow, the resulting access path can be difficult to reconstruct. That is the same structural problem seen in NHI environments, but with a faster rate of change and more ambiguous accountability.
Practical implication: Build a cross-cloud register of agent identities, owners, and permissions before trying to automate approvals or recertification.
How over-privilege emerges when access is not tied to actual use
The article points to a familiar NHI failure mode: access grows faster than oversight. Over-privilege appears when an identity receives broad permissions at provisioning time and never gets narrowed to actual usage. With AI agents, that gap can widen because access may be granted for productivity, experimentation, or integration convenience, then left in place after the operational need changes. The result is not just excess permission, but weak accountability for what the agent can still reach. Governance is therefore about matching current authority to current function, not preserving the permissions that made the initial deployment easy.
Practical implication: Reconcile agent entitlements against observed usage and remove permissions that no longer map to an active business task.
NHI Mgmt Group analysis
Agent governance is becoming the new control plane for non-human identity. Omada’s framing reflects a broader shift: enterprises are no longer just inventorying machine identities, they are being forced to govern digital actors that can act with more discretion than traditional workloads. That pushes identity teams beyond secrets and access lists into ownership, lifecycle, and decision accountability. The practitioner implication is that agent governance will sit alongside, not inside, conventional IAM.
Existing identity models were designed for bounded access, not for actors that can operationalise intent. That assumption fails when an AI agent can connect to systems, choose tools, and continue execution without a human approving each step. The implication is not simply more control points, but a rethink of how access review, delegated authority, and privilege boundaries are defined for software actors.
Named concept: governance gap between discovery and control. This article describes a gap where organisations can adopt AI agents faster than they can assign ownership, map access, and evidence appropriate use. That gap is not a single control failure, but a programme-level mismatch between provisioning speed and governance capacity. The practitioner implication is that the issue belongs in identity operating models, not in isolated security exceptions.
Agent access has to be treated as lifecycle state, not a one-time onboarding event. Omada’s emphasis on reducing unmanaged and orphaned agents points to a familiar NHI lesson: what is not re-certified will drift. In agent environments, drift is amplified by cross-cloud dependency chains and rapid experimentation. The implication is that lifecycle governance must become continuous if agents are to remain accountable.
Framework alignment now matters because agent governance spans identity, AI risk, and operational resilience. The article’s reference to EU AI Act, NIST AI RMF, OWASP, and MITRE ATLAS reflects a category that no single control family covers completely. Identity practitioners should read this as a sign that agent governance is maturing into a multi-framework discipline. The implication is that ownership, access, and audit evidence need to be defensible across security, compliance, and AI governance review.
From our research:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- From our research: 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- For a deeper governance baseline, the Top 10 NHI Issues resource helps teams prioritise visibility, lifecycle control, and privilege reduction across machine identities.
What this signals
Governance programmes will need a separate operating model for AI agents. The practical issue is not just whether agents are allowed, but how ownership, approval, review, and revocation work when the identity is software rather than a person. Organisations that keep agent access inside human-centric IAM processes will struggle to keep up with the pace of deployment.
Identity teams should expect audit pressure to shift from entitlement evidence to lifecycle evidence. In practice, that means proving who owns an agent, why it still exists, and whether its permissions match current use. The same pattern already appears in NHI governance, but agent behaviour makes the evidence chain more time-sensitive and more difficult to reconstruct after the fact.
Cross-framework alignment will become a normal requirement, not an advanced option. Agent governance will increasingly sit at the intersection of IAM, AI risk, and zero trust. Teams that can map controls to the NIST Cybersecurity Framework 2.0 and the NIST AI Risk Management Framework will be better placed to defend their decisions to security, risk, and compliance stakeholders.
For practitioners
- Inventory every AI agent identity across cloud platforms Create a single register that records owner, purpose, connected systems, and current permissions for each agent. Include orphan detection so teams can see which agents lack a responsible business owner.
- Re-baseline privileges against actual agent usage Compare the permissions assigned to each agent with the systems it actually touches in production. Remove broad access that is not tied to an active workflow or approved business purpose.
- Extend recertification to software actors Treat agent access reviews as a lifecycle control, not a technical checkbox. Review ownership, access scope, and dependency chains on a recurring basis and document the business justification for continued access.
- Align governance evidence to AI and identity frameworks Map agent controls to relevant expectations in the NIST AI Risk Management Framework, OWASP guidance, and internal IAM policy so audit evidence can be reused across risk, compliance, and security reviews.
Key takeaways
- AI agent governance is an identity problem, not only an AI operations problem, because ownership, access, and lifecycle controls determine whether agents remain accountable.
- Limited visibility and excess privilege are the two fastest ways agent identities become unmanaged, especially when cloud sprawl outruns review processes.
- Identity teams should redesign governance for software actors now, because human-centric access models do not provide enough control for runtime decision-making systems.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agent governance and tool access map directly to runtime agent risk and privilege control. | |
| NIST AI RMF | The article links agent identity governance to AI risk, ownership, and accountability. | |
| NIST CSF 2.0 | PR.AC-4 | Access governance and least privilege are central to the article's identity control gap. |
Assign governance owners and document controls that make agent decisions auditable and accountable.
Key terms
- AI Agent Identity: An AI agent identity is the set of credentials, permissions, ownership, and governance records that define what a software actor can do. Unlike a fixed workload account, it may support runtime decisions and tool use, so identity controls must account for behaviour as well as static access.
- Agent Governance: Agent governance is the discipline of assigning ownership, limiting access, reviewing activity, and revoking permissions for AI agents. It combines lifecycle control with access oversight so that autonomous or semi-autonomous software actors do not become unmanaged digital workers.
- Orphaned Identity: An orphaned identity is an account, token, or agent that still exists but no longer has a valid business owner. In AI and NHI environments, orphaning creates accountability gaps, weakens recertification, and increases the chance that unused access remains active indefinitely.
- Over-privileged Identity: An over-privileged identity has more access than it needs to perform its current function. In non-human and agentic environments, excess privilege increases the attack surface, makes lateral movement easier, and hides governance drift when access is never re-baselined.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by Omada Identity: Omada Agent Governance for AI agents and non-human identities. Read the original.
Published by the NHIMG editorial team on 2026-06-15.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
