By NHI Mgmt Group Editorial TeamPublished 2025-11-18Domain: Agentic AI & NHIsSource: CYATA

TL;DR: A broader shift in AI agent security toward open, community-driven standards is reflected by Cyata’s OWASP corporate supporter status, according to CYATA. The source argues that autonomous agents create new governance gaps around access, data handling, and attributable action, and the implication is that agent identity must be governed as a first-class control plane, not treated as an extension of traditional app security.


At a glance

What this is: Cyata’s OWASP corporate supporter move is framed around the need for open standards as AI agents become enterprise actors that can make independent access and data-handling decisions.

Why it matters: It matters because IAM, IGA, and PAM teams now have to govern agent behaviour, entitlement scope, and auditability in ways that conventional human-centric controls do not fully cover.

👉 Read CYATA's analysis of AI agent identity governance and OWASP support


Context

AI agent identity governance is becoming a distinct control problem because the subject is no longer just a tool that a person operates. When an agent can make runtime decisions about access, data use, and process execution, identity controls have to account for independent behaviour rather than static application permissions.

The source argues for posture-first control of agents, with discovery, explanation, and policy-based control at scale. That direction aligns with the wider shift in agentic AI security toward open standards and clearer accountability, especially as organisations try to avoid shadow AI and ungoverned privilege growth.


Key questions

Q: How should security teams govern AI agent identities across enterprise systems?

A: Security teams should treat AI agents as governed identities with ownership, classification, and scoped access. The core tasks are continuous discovery, least-privilege entitlements, runtime posture checks, and auditable action trails. If an agent can make independent decisions, governance must follow behaviour, not just the initial account setup. Suggested anchor: governed identities.

Q: Why do AI agents create more identity risk than ordinary automation?

A: AI agents create more identity risk because they can change actions, timing, and tool use at runtime. Ordinary automation usually follows a fixed script, but an agent may adapt to context and expand its reach across systems. That makes static approval models and broad reusable credentials much weaker. Suggested anchor: adapt to context.

Q: What do teams get wrong about AI agent access controls?

A: Teams often assume that registering an agent once is enough to control it. In practice, the risky part is what the agent can do after deployment: which tools it can call, what data it can see, and whether its privileges stay aligned to the task. Effective control requires continuous review of those conditions. Suggested anchor: continuous review.

Q: Who should own AI agent identity governance in an organisation?

A: Ownership should sit across IAM, security architecture, and the business team that uses the agent. IAM defines the identity model, security sets control requirements, and the business owner validates purpose and acceptable access. Without named ownership, agents become shadow identities with unclear accountability and weak offboarding. Suggested anchor: named ownership.


Technical breakdown

Why agentic identity needs a posture-first control plane

A posture-first control plane starts by discovering every AI agent, then classifying what it can do, what it can reach, and under which conditions it should operate. That is different from simple secrets inventory or app registration, because the governance object is the agent’s runtime identity and behaviour, not just its configuration. In practice, this means policy must follow the agent across tools, workflows, and environments. The hard problem is attribution: if an agent can act independently, security teams need continuous visibility into its current posture, not periodic approval of a static account record.

Practical implication: inventory agent identities continuously and bind policy to runtime posture, not to one-time registration.

How autonomous agents expand the NHI attack surface

AI agents fit the NHI category because they are non-human executors with credentials, permissions, and system reach. What changes with autonomy is the speed and variability of that reach. Traditional NHI controls assume a relatively stable purpose for a service account or token. An agent can change what it touches based on context, tool availability, or task progression, which raises the risk of credential abuse and unauthorised access. That makes governance closer to runtime identity management than classic secrets handling.

Practical implication: segment agent privileges by task, environment, and data sensitivity rather than granting broad reusable access.

Why open security standards matter for AI agents

Open standards give security teams a shared model for naming, discovering, and governing agent identities across products and platforms. Without that, organisations end up with fragmented policy definitions and inconsistent audit evidence, which makes compliance and incident response harder. OWASP’s role here is not a product substitute, but a reference point for common risk language and control expectations. For IAM programmes, that matters because identity governance only scales when the control model is understandable across teams and vendors.

Practical implication: align internal agent governance models to open security standards so policy and evidence stay portable.


NHI Mgmt Group analysis

AI agent identity is now an NHI governance problem, not just an appsec concern. Once an agent can hold credentials, act across systems, and make independent runtime decisions, the identity question moves out of the application layer and into governance. That is why posture, attribution, and access scope become the primary control points. Practitioners should treat agent identity as an operational class in IAM, IGA, and PAM programmes.

Posture-first governance is the right abstraction for agentic security. The source’s emphasis on discover, explain, and control reflects the reality that agent behaviour cannot be managed through static registration alone. Runtime context determines risk, so policy has to be evaluated continuously rather than only at onboarding. The practical conclusion is that identity teams need controls that observe behaviour, not just entitlement lists.

Open standards will shape whether agent governance becomes scalable or fragmented. Proprietary agent control models can work inside one stack, but they rarely solve cross-platform identity portability, audit consistency, or governance handoff. Community standards give practitioners a language for policy, evidence, and control boundaries that can survive vendor change. The implication is that architecture teams should bias toward interoperable governance models now, before agent sprawl makes cleanup difficult.

Agentic AI exposes a control gap between human review cycles and machine-speed action. Traditional access governance assumes a human operator or at least a stable non-human workload with predictable scope. That assumption weakens when agents can vary tools, timing, and task paths in response to runtime conditions. The implication is that identity programmes must re-evaluate where review, attestation, and approval actually happen in an agentic environment.

Agentic identity governance will converge with broader NHI lifecycle discipline. Discovery, entitlement scope, auditability, and offboarding are the same lifecycle questions that IAM teams already manage for service accounts and tokens. The difference is that AI agents make those questions dynamic and harder to bound. Practitioners should expect agent governance to reuse NHI lifecycle patterns, but with tighter runtime controls and stronger evidence requirements.

From our research:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
  • Only 44% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
  • That gap matters because 98% of companies plan to deploy even more AI agents within the next 12 months, according to AI Agents: The New Attack Surface report, which means governance demand is rising faster than control maturity.

What this signals

Identity blast radius: agent governance will increasingly be measured by how far a single identity can move across tools, datasets, and workflows before policy catches up. That makes runtime visibility more valuable than static entitlement review, especially in environments where agent scope can change mid-task.

With 98% of companies planning to deploy even more AI agents within the next 12 months, according to AI Agents: The New Attack Surface report, the operational question is no longer whether to govern agents, but how to avoid building another layer of unmanaged identity sprawl.

Security teams should expect agent governance to borrow from workload identity and NHI lifecycle discipline, then add stronger evidence requirements for attribution and task-scoped access. The practical challenge is making policy portable enough to survive multi-platform agent deployments without losing control fidelity.


For practitioners

  • Inventory AI agent identities continuously Build a live register of agents, associated credentials, connected tools, and current data scopes. Treat any agent that can access production systems as an identity object that requires ownership, classification, and review. Suggested anchor: live register of agents.
  • Bind policy to runtime posture Move beyond onboarding checks and apply controls that adjust when an agent’s context, tool set, or data access changes. Use posture as the decision input for permissions, not just the initial approval record. Suggested anchor: runtime posture.
  • Separate agent privileges by task and data class Limit each agent to the smallest practical set of tools, environments, and datasets needed for the current job. Avoid reusable broad access that survives task completion or crosses operational domains. Suggested anchor: task and data class.
  • Align governance to open standards Map internal agent governance controls to open terminology and control models so identity, audit, and compliance teams can share the same policy language. That reduces fragmentation when platforms change or multiple vendors are involved. Suggested anchor: open standards.

Key takeaways

  • AI agents are becoming governed identities, which pushes them into IAM, IGA, and PAM scope rather than leaving them in appsec alone.
  • Independent agent behaviour creates runtime access risk that static registration and one-time approvals do not fully control.
  • Open standards and posture-based governance are the clearest path to making agent identity manageable at enterprise scale.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF, NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10The article centers on agentic AI identity and open security practices.
OWASP Non-Human Identity Top 10NHI-01AI agents are non-human identities that need discovery and governance.
NIST AI RMFGOVERNThe article is about governance of autonomous AI behaviour and accountability.
NIST CSF 2.0PR.AC-4Least-privilege access management is central to controlling agent scope.
NIST Zero Trust (SP 800-207)3.4Context-aware access for agents aligns with zero trust principles.

Classify agents as NHIs, then enforce lifecycle, scope, and ownership controls from onboarding onward.


Key terms

  • Agentic Identity: Agentic identity is the identity assigned to an AI system that can make runtime decisions and act across tools or services. It requires governance beyond ordinary application access because the subject can change behaviour, scope, and timing during execution.
  • Posture-First Control: Posture-first control means making access decisions based on the current state of an identity, its permissions, and its operating context. For AI agents, that is more useful than one-time approval because risk can shift while the agent is already active.
  • Identity Blast Radius: Identity blast radius is the amount of damage an identity can cause if it is overprivileged, misused, or compromised. In agentic environments, the concept includes tool reach, data reach, and workflow reach, not just account permissions.
  • Shadow AI: Shadow AI is an AI system or agent that operates without proper discovery, approval, or governance. It creates blind spots for security, compliance, and incident response because teams may not know what it can access or who owns it.

What's in the full article

Cyata's full article covers the operational detail this post intentionally leaves for the source:

  • How the vendor frames posture-first control for agentic identity across discovery, explanation, and enforcement.
  • The specific OWASP community context behind its corporate supporter position and why that matters for standards work.
  • The vendor's own view of what a control plane for agentic identity should include in practice.
  • How Cyata positions agent governance relative to open collaboration and community-driven security practices.

👉 CYATA's full post covers its control-plane framing for agentic identity and the OWASP community context.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM or security architecture programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2025-11-18.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org