AI agent identity security exposes the access-trust gap

At a glance

What this is: This is an analysis of how AI agents and NHIs are widening the access-trust gap, with the key finding that legacy SSO and PAM do not cover the unmanaged layer of credentials, apps, devices, and agents.

Why it matters: It matters because IAM teams now have to govern access decisions across human, NHI, and autonomous actors at the same time, not just within a controlled workforce perimeter.

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

👉 Read 1Password's analysis of the access-trust gap and AI agent identity

Context

AI agent identity security is now a governance problem, not just a tooling problem. Once applications, devices, service accounts, and software agents all participate in access decisions, the old assumption that SSO and PAM define the full boundary of control no longer holds.

The access-trust gap describes the space where identity exists, but governance does not. That gap is most visible when users work on unmanaged devices, when credentials live outside central controls, and when autonomous agents need auditable access without fitting human access patterns.

Key questions

Q: How should security teams govern AI agent access in enterprise environments?

A: Security teams should govern AI agent access as a runtime identity problem. That means defining scope, expiry, auditability, and device context for every agent path, rather than assuming human-style recertification will work. If the agent can act independently, the control model must verify what it can do while it is doing it, not only when it is provisioned.

Q: Why do SSO and PAM leave gaps for NHIs and AI agents?

A: SSO and PAM are designed around stable, mostly human access paths. They struggle when credentials, devices, and application use are fragmented across unmanaged endpoints, service accounts, and autonomous tools. The gap appears wherever access exists but the organisation cannot fully observe, constrain, or revoke it through the same control plane.

Q: What breaks when organisations treat AI agents like ordinary users?

A: What breaks is the assumption that access review, role assignment, and device confidence can be applied on a human schedule. Agents can change behaviour at runtime and may act through delegated credentials that outlive the moment they were intended for. That makes post-hoc governance too slow and often too incomplete.

Q: How can teams close the access-trust gap without slowing productivity?

A: Teams should reduce friction by making trust decisions explicit and automated at the point of access, not by broadening standing permission. Focus on discoverability, scoped entitlements, and auditable temporary access for users, devices, and agents. That preserves productivity while shrinking the unmanaged layer that creates security blind spots.

Technical breakdown

What the access-trust gap means in identity security

The access-trust gap is the space between an identity being able to authenticate and the organisation being able to trust its device, application path, or credential context. In practice, SSO covers a subset of applications, PAM covers a subset of elevated paths, and both leave a growing unmanaged layer outside policy coverage. That unmanaged layer now includes SaaS sprawl, personal or untrusted devices, and NHIs such as API keys and AI agents. The architectural problem is not just missing visibility. It is that the control plane was designed for stable, human-paced access, while modern access paths are fragmented and dynamic.

Practical implication: map where SSO and PAM coverage ends, then treat everything beyond that boundary as a separate governance surface.

Why AI agents behave like non-human identities

AI agents are not simply another automation layer. When they can request tools, access data, and act at runtime, they behave as identities with their own access needs, audit requirements, and risk boundaries. That makes them closer to NHIs than to users, but with a more volatile trust profile because their action set can change mid-session. The critical point is that agent access cannot be evaluated only at provisioning time. Runtime context, delegation scope, and auditable action trails become part of identity governance, not optional extras.

Practical implication: govern agent access as a runtime identity problem, not as a one-time setup problem.

Shadow AI and unmanaged credentials create compound exposure

Shadow AI becomes dangerous when undiscovered agents inherit the same credential sprawl that already affects service accounts and API keys. If credentials are shared unsafely, stored outside managed systems, or granted broad access to SaaS and infrastructure, the agent multiplies the blast radius of an existing NHI problem. The issue is compounded when device trust is weak, because access is then tied to neither a verified human nor a controlled machine. That combination makes auditability and containment far harder than in traditional IAM models.

Practical implication: discover unmanaged agents and the secrets they touch before expanding automation across sensitive workflows.

Threat narrative

Attacker objective: The objective is to operate inside the unmanaged layer of identity long enough to expand access and evade governance visibility across apps, devices, and credentials.

1. Entry begins when AI-based tools, unmanaged devices, or shadow AI agents obtain access through the fragmented identity perimeter rather than through a centrally governed access path.
2. Escalation follows when those actors inherit credentials, SaaS reach, or device-agnostic access that exceeds the intended trust boundary and is not continuously re-evaluated.
3. Impact occurs when the organisation cannot reliably audit, scope, or revoke the agent or NHI activity, leaving a persistent blind spot across applications and data.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• MongoBleed breach — MongoBleed exposed secrets across 87K MongoDB servers.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

The access-trust gap is the new boundary problem in identity security. SSO and PAM were built to control access inside a more stable perimeter, but that perimeter no longer describes how work actually happens. Application sprawl, unmanaged devices, and AI agents create identity activity outside the traditional control plane. The practitioner conclusion is that governance must start from the unmanaged edge, not from the assumed core.

AI agents should be treated as NHIs with runtime behaviour, not as extended users. Once an agent can select actions, call tools, and act at execution time, identity governance must account for delegation, auditability, and scope drift. That changes the question from who the user is to what the actor can do in the moment. Practitioners should classify agents by runtime behaviour, not by the label attached to the product.

Identity perimeter thinking now reaches across human IAM, NHI governance, and device trust. The same programme that struggles with service account sprawl will usually struggle with agent access if it still treats credentials, endpoints, and applications as separate problems. This is why cross-domain governance matters: the control failures are linked. Practitioners need one operating model for access, trust, and accountability across actor types.

Shadow AI is a named governance blind spot, not just an AI risk. Undiscovered agents inherit the same unmanaged credential patterns that already drive NHI exposure, but they can also make those patterns harder to detect because action becomes more dynamic. The issue is not only where credentials live. It is that organisations can no longer assume all meaningful identities are already known. Practitioners should treat discovery as a prerequisite to control, not a follow-on task.

Runtime access governance is the named concept this market still lacks. The article points to a world where access must be time-bound, auditable, and aligned to device and application trust in real time, yet most identity programmes still certify static entitlements after the fact. That mismatch is the structural problem. Practitioners should re-evaluate whether their current controls can govern identities that act outside review cadences.

From our research:

• Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
• That visibility gap is why practitioners should also study the 52 NHI Breaches Analysis for recurring root-cause patterns.

What this signals

Runtime governance is becoming the practical dividing line between manageable automation and hidden identity risk. As agentic tools spread, teams need to know whether their current controls can prove who or what acted, on which device, under which trust conditions, and for how long. The programmes that survive this shift will be the ones that can govern access at runtime instead of relying on static certification cycles.

Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs, so most identity teams are already operating with blind spots before AI agents enter the picture. That means the immediate programme priority is discovery, inventory, and trust-boundary mapping, not just policy tuning.

The access-trust gap will keep widening unless identity, device, and application governance move together. When one control plane cannot see the whole path, the organisation ends up compensating with manual exceptions. The better path is to align human IAM, NHI governance, and device trust around a shared model of auditable access.

For practitioners

• Map the unmanaged access boundary Identify which apps, devices, service accounts, and agents sit outside SSO and PAM coverage, then classify them as separate governance populations.
• Inventory AI agents and shadow AI paths Build discovery into your identity programme so agents, credentials, and delegated access paths are visible before they are allowed to scale.
• Separate human, NHI, and agent trust rules Apply different access assumptions to users, service accounts, and autonomous tools so device trust and runtime scope are evaluated correctly for each actor type.
• Make agent access time-bound and auditable Require explicit expiry, logging, and revocation for agent access so runtime actions can be traced and contained without relying on static entitlements.

Key takeaways

• AI agent identity security exposes a structural gap between where access exists and where governance can actually see it.
• Only 5.7% of organisations have full visibility into their service accounts, which shows how limited current identity observability really is.
• Teams need runtime, auditable access controls for agents and NHIs if they want to reduce blind spots without blocking adoption.

Key terms

• Access-trust gap: The access-trust gap is the space between an identity being able to reach a resource and the organisation being able to trust the surrounding context. It appears when applications, devices, and credentials sit outside the same governance plane, making access possible but not fully controlled or auditable.
• Non-human identity: A non-human identity is any machine or software identity used to authenticate and access systems, including service accounts, API keys, tokens, certificates, bots, workloads, and AI agents. These identities often outnumber humans and need explicit lifecycle, ownership, and access governance.
• Shadow AI: Shadow AI refers to AI tools or agents used inside an organisation without formal visibility, approval, or governance. The risk is not just unapproved software. It is the hidden access, credentials, and data pathways those tools may create or inherit outside central identity controls.
• Runtime access governance: Runtime access governance is the practice of deciding and enforcing access based on current execution context rather than only on static assignment. For autonomous or semi-autonomous actors, it requires time-bound permissions, audit trails, and revocation logic that can keep up with live action.

Deepen your knowledge

AI agent identity security and NHI governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls around unmanaged access and runtime trust, it is worth exploring.

This post draws on content published by 1Password: Inside 1Password’s Enterprise Identity Transformation. Read the original.