TL;DR: Enterprise adoption of AI agents is outpacing traditional identity models, with 57% of practitioners calling them NHIs and 43% treating them as a distinct identity type, according to Token Security and NHI Mgmt Group polling. The governance gap is structural because human-paced access review, ownership, and offboarding assumptions do not map cleanly to agent behaviour.
At a glance
What this is: This is an identity playbook for discovering, prioritising, and safely enabling AI agents, with the central finding that existing IAM and NHI frameworks do not fully fit their hybrid behaviour.
Why it matters: It matters because AI agents can inherit human-style flexibility and machine-style speed, forcing IAM, IGA, PAM, and NHI teams to govern a new class of identity with clear ownership and lifecycle control.
By the numbers:
- 57% said AI agent identities are just NHIs, while 43% said they are a new breed of identity.
👉 Read Token Security's playbook for discovering and safely enabling AI agents
Context
AI agent identity governance is the problem here, not the vendor's playbook. AI agents now sit between human intent and machine execution, and that hybrid behaviour creates ambiguity around ownership, privilege, and accountability that conventional IAM programmes were built to avoid.
The core governance gap is that these agents can look like users, operate like workloads, and persist like service accounts. That means teams must decide whether to govern them through human identity processes, machine identity controls, or a distinct model that spans discovery, lifecycle, and least privilege.
Key questions
Q: How should security teams govern AI agent identities in the enterprise?
A: Start by giving every AI agent a unique identity, an explicit owner, and a defined lifecycle. Then apply least privilege, credential monitoring, and expiry controls so the agent cannot outlive its business purpose. The key is to govern the agent as an accountable identity, not as a hidden extension of a user or workload.
Q: What breaks when AI agents are managed like normal user accounts?
A: Normal user-account governance assumes a human owner, predictable activity, and review cycles that can catch drift over time. AI agents can scale faster, operate continuously, and persist outside the original human context, so recertification and offboarding become unreliable if they are treated as ordinary users.
Q: How do organisations know if AI agent discovery is actually working?
A: Discovery is working when the team can link each agent to a business owner, a data or system scope, and a clear source of truth from logs or code. If an agent appears in production but not in inventory, ownership, or telemetry, the programme still has blind spots.
Q: Who should be accountable for AI agent access and lifecycle decisions?
A: Accountability should sit with a named human owner who can explain the agent's purpose, approve its access, and retire it when the use case ends. Security teams can enforce the controls, but business ownership is what keeps the identity from becoming an orphan.
Technical breakdown
Why AI agents break the human and machine identity split
AI agents combine two identity patterns that were usually kept separate. They accept natural language, adapt to context, and behave flexibly like humans, but they authenticate with tokens, scale quickly, and execute repeatedly like machines. That mix makes account classification harder, especially when an agent uses a personal API token or persists after the original employee has left. Traditional IAM reporting tends to miss these entities because they are often introduced through apps, plugins, or code rather than formal identity provisioning.
Practical implication: treat AI agents as a distinct governed identity class, not as an invisible extension of either a user account or a workload.
Discovery signals for AI agent identities
Discovery works best when you combine resource naming patterns, secrets telemetry, provider logs, code scanning, and runtime audit data. Search for agent-related naming, monitor API key usage across AI services, and inspect repositories for SDK imports or IaC templates that provision AI resources. No single control gives a complete inventory. The useful output is a map that links each agent to a human owner, the systems it touches, and the risk context in which it operates.
Practical implication: build discovery around telemetry and code signals, then reconcile that inventory against ownership and access scope.
Identity-first controls for safe enablement
Safe enablement depends on formal identity, explicit ownership, least privilege, expiry, and credential oversight. The article's playbook is clear that blocking adoption usually fails because teams work around it, so the real mechanism is to make approved use cases easier than shadow deployments. For AI agents, that means right-sizing permissions, ensuring they do not persist indefinitely, and managing the secrets they use to authenticate. This is closest to NHI governance, but with a stronger requirement for ongoing business ownership.
Practical implication: use identity-first guardrails to make authorised AI agent use safer than unsanctioned deployment.
NHI Mgmt Group analysis
AI agent identity is a governance category, not a naming convention. The article is right to treat these systems as distinct because the failure is not just technical classification, it is control misfit. Human identity processes assume a person, NHI processes assume a stable machine workload, and AI agents can move across both modes in one operational chain. Practitioners should stop asking which existing bucket to force them into and start asking which lifecycle and access assumptions still hold.
Discovery is the first control boundary for AI agent governance. If teams cannot see where agents live, they cannot assign ownership, scope access, or detect orphaned behaviour. That makes discovery more than inventory hygiene, because hidden agents become unreviewable identities that bypass recertification and lifecycle controls. For the field, the lesson is that visibility is now a prerequisite for identity governance, not a reporting afterthought.
Identity-first enablement is the only realistic adoption model. The article correctly argues that business units will route around blanket blocks, which means security has to shape the path of least resistance. That shifts the programme from prohibition to controlled enablement, with pre-vetted identities, explicit ownership, and expiry as the baseline. Practitioners should treat approved AI use as a governance design problem, not a policy memo.
Ephemeral access windows are the named concept that now matters most. AI agent access can be created, used, and left behind faster than many IAM review cycles can observe. That means access review, orphan remediation, and ownership attestation all assume a slower identity lifecycle than these systems actually exhibit. Practitioners need to recognise that the control problem is not just privilege breadth, but the speed at which identity state changes.
From our research:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
- That visibility gap makes discovery and ownership the immediate control frontier, which is why practitioners should also review Ultimate Guide to NHIs for lifecycle and governance patterns.
What this signals
Ephemeral identity state is becoming the real governance problem. With 98% of companies planning more AI agents within 12 months, the identity programme has to assume scale will keep rising even where controls are still immature. That makes lifecycle traceability, not deployment speed, the decision point for security leaders.
The practical signal for IAM teams is that discovery, ownership, and expiry now belong in the same operating model. If an AI agent cannot be mapped back to a responsible human and an auditable access scope, the programme has not yet achieved governable state.
The right next reference point is the Ultimate Guide to NHIs, because the AI agent problem quickly converges on the wider questions of machine identity, secret handling, and lifecycle enforcement.
For practitioners
- Define AI agents as a separate identity class Update identity taxonomy so agents are not hidden inside user or workload buckets. Tie each agent to a named owner, a business purpose, and a lifecycle path that includes onboarding, monitoring, review, and removal.
- Build discovery from real operational signals Correlate secrets vault activity, AI provider logs, repository scans, and runtime telemetry to surface informal deployments. Use naming patterns like agent, GPT, and LLM only as leads, not as proof of coverage.
- Right-size access before agents reach production Restrict production, customer, and regulated-data access until the agent has an explicit owner and a verified use case. Review cross-environment access and hard-coded credentials first, because those are the fastest routes to overreach.
- Add expiry and review to every approved agent Set expiration policies so agents do not persist indefinitely, then require periodic reassessment of access, purpose, and ownership. If no one can explain why an agent still exists, it should be treated as an orphan.
Key takeaways
- AI agents create an identity governance gap because they blur the line between user-like flexibility and machine-like execution.
- The main operational risk is not just exposure, but orphaned or over-privileged agents that escape normal IAM visibility and review.
- Teams should govern AI agents through explicit identity, ownership, expiry, and discovery controls rather than treating them as informal automation.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agent identity and tool use map directly to agentic application risk controls. | |
| OWASP Non-Human Identity Top 10 | NHI-01 | Unique identity assignment and lifecycle governance are central to the article. |
| NIST CSF 2.0 | PR.AC-4 | Access control and least privilege are the main governance themes here. |
Map agent permissions to least-privilege policy and remove standing access that is not clearly justified.
Key terms
- AI Agent Identity: An AI agent identity is the accountable credential and policy context used to govern a software system that can decide and act at runtime. Unlike a simple automation job, it may interact with tools, data, and workflows in ways that require ownership, lifecycle tracking, and least privilege.
- Orphaned Identity: An orphaned identity is an account or credential that still exists after the person, service, or workflow that created it should no longer rely on it. In AI agent governance, orphaning is especially risky because agents can continue operating long after the original business context has changed.
- Identity First Control: Identity first control is the practice of making identity, ownership, access scope, and lifecycle the starting point for security design. For AI agents and NHIs, it means approval, review, and expiry are built into the identity model rather than added later as a compensating control.
What's in the full article
Token Security's full blog covers the operational detail this post intentionally leaves for the source:
- Step-by-step discovery methods for finding AI agents in secrets vaults, code repositories, and runtime logs
- Practical prioritisation criteria for ranking agents by access sensitivity, ownership, and risk
- Examples of red flags such as broad permissions, cross-environment access, and hard-coded credentials
- Identity-first control patterns for formal identities, expiry policies, and approved catalogues
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
Published by the NHIMG editorial team on 2026-06-05.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org