TL;DR: A new US AI security order adds voluntary benchmarking, pre-release review, and federal cyber enforcement focused on AI-enabled abuse as researchers report an 89% year-over-year rise in AI-driven attacks, according to Zenity. The practical lesson is that agent governance now has to account for runtime visibility, delegated access, and misuse detection, not just model safety.
At a glance
What this is: This is Zenity's analysis of a new US AI security order and its implications for AI agent governance, with the key finding that runtime visibility now matters as much as model review.
Why it matters: It matters because the same governance gaps that affect NHI and human identity programmes now apply to AI agents with delegated access to tools, credentials, and production systems.
By the numbers:
- Researchers documented an 89% year-over-year increase in attacks by AI-enabled adversaries.
👉 Read Zenity's analysis of the US AI security blueprint and agent governance
Context
AI agent security governance is the problem of controlling what autonomous or semi-autonomous systems can access, decide, and execute once they are connected to enterprise tools. The article argues that a new US policy framework responds to a real shift in threat capability, where AI-enabled adversaries are already operating at a pace that outstrips human defenders.
For identity teams, the issue is not just model evaluation. It is whether the organisation can see which agents are active, what credentials or APIs they can reach, and whether their behaviour stays within sanctioned boundaries across NHI, agentic AI, and broader IAM programmes.
Key questions
Q: How should security teams govern AI agents that can act on delegated access?
A: They should govern AI agents as identities with owned permissions, runtime telemetry, and clear approval boundaries. The key is to track what the agent can access, what it actually does, and who is accountable when its behaviour strays from the intended task. Without that chain, access review and incident response both lose evidentiary value.
Q: Why do AI agents complicate existing IAM and NHI controls?
A: AI agents complicate IAM and NHI controls because they can make decisions at runtime, call tools dynamically, and execute faster than human review cycles can keep up. That breaks assumptions behind static approval, fixed least privilege, and retrospective recertification. Governance must therefore focus on observable behaviour, not only entitlement state.
Q: What breaks when access review processes are used for autonomous agent governance?
A: Access review processes break when the system under review changes access and action paths within the same operating session. Human-paced recertification assumes privileges remain stable long enough to be observed and attested. For autonomous agents, the control can arrive after the risky action has already completed, which makes the review mostly historical.
Q: Who is accountable when an AI agent misuses credentials or triggers fraud?
A: Accountability should rest with the organisation that authorized the agent, the team that owns its permissions, and the operators who can evidence its intended use. If an agent can access sensitive systems, the governance model must identify human owners for approval, monitoring, and revocation. Otherwise responsibility becomes ambiguous exactly when it matters most.
Technical breakdown
Voluntary benchmarking and pre-release review for frontier models
The order creates a voluntary process in which the government can benchmark advanced models and invite developers to share pre-release access for review. That matters because it treats security review as a coordinated gate around release, not a fixed compliance label. The mechanism is not licensing. It is a structured assessment of model capability, confidentiality, and insider-risk constraints before broader deployment. For identity leaders, the technical signal is that access governance is moving closer to the release pipeline, where authorization, review, and distribution are increasingly linked.
Practical implication: security teams should map who can grant pre-release access to AI systems and treat that access as a governed identity event.
Why runtime visibility is the real control plane for AI agents
The article draws a sharp line between model security and agent behaviour. An AI agent can hold credentials, call tools, and operate across production systems after deployment, which means the security problem shifts to runtime observability. In identity terms, the risk is not merely that an agent exists, but that its action path is hard to distinguish from legitimate automation once it begins using access at speed. That is why visibility into active agents, tool use, and delegated permissions becomes the practical control plane.
Practical implication: teams should instrument agent activity logs, tool invocation traces, and approval boundaries as first-class identity telemetry.
AI-enabled cybercrime turns agent governance into a compliance issue
The order explicitly prioritises enforcement against malicious AI use for unauthorized access, identity fraud, and wire fraud. That is important because it moves AI agent misuse from a theoretical governance concern into an enforcement-backed risk category. The policy language also recognises that agentic deployment can be legitimate or malicious depending on intent and control context. For practitioners, the technical takeaway is that identity governance for agents is no longer only about prevention. It is also about evidence, attribution, and demonstrable control over how access is exercised.
Practical implication: security and compliance teams should preserve audit evidence that links each agent action to an authorised business purpose.
NHI Mgmt Group analysis
Agent governance has crossed from experimental risk into identity control territory. The article shows that policy makers now see AI agents as systems that can exercise access in ways comparable to other non-human identities, but at greater speed and with less predictable intent. That means existing IAM and NHI models must be judged by whether they can observe and constrain runtime behaviour, not just issue credentials. Practitioners should treat agent governance as an identity discipline, not a model-safety add-on.
The assumption that access can be approved before execution is collapsing for autonomous systems. Least privilege was designed for a condition where intent is knowable at provisioning time and use is reviewable after the fact. That assumption fails when an AI agent decides what to do, which tool to call, and when to act in the middle of a session. The implication is that access governance needs a new operating model for runtime decision authority, not just tighter entitlement assignment.
Runtime visibility is the named concept this order makes unavoidable. Once agents can inherit credentials and operate across production systems, the real governance gap is the lack of a control that shows what they actually did with that access. Static approval records do not answer that question. The field now needs identity telemetry that follows the agent through action, not just entitlement. Practitioners should re-evaluate whether their current monitoring stack can distinguish sanctioned agent behaviour from misuse.
Identity fraud and unauthorized access are now being framed as AI-adjacent enforcement problems. That matters because the policy connection between malicious AI use and existing cybercrime statutes will influence how organisations document access, attribution, and operator accountability. AI governance programmes that stop at policy statements will not be enough. Security leaders should align legal, IAM, and detection teams around evidence that proves who or what initiated each action.
Frontier model review will influence the broader market for AI and NHI governance tooling. Voluntary benchmarking and trusted-partner selection will push organisations to ask which controls they can prove, not just which controls they claim. That pressure favours tools that can show runtime access, delegated authority, and behavioural boundaries in one audit trail. Practitioners should expect procurement conversations to shift from capability lists to demonstrable control evidence.
From our research:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, according to The State of Secrets in AppSec.
- For a broader lifecycle view, see Ultimate Guide to NHIs - Lifecycle Processes for Managing NHIs for how governance has to adapt when credentials and access change faster than review cycles.
What this signals
Runtime visibility is becoming the dividing line between AI experimentation and governable deployment. Organisations that can show which agents are active, what they can touch, and how their actions are logged will be better placed to respond to regulatory pressure and security incidents. The control challenge is no longer whether AI can be deployed, but whether its delegated access can be proven and defended across the full identity lifecycle.
That pressure will also change procurement. Security leaders should expect more scrutiny on whether their IAM, PAM, and NHI tooling can correlate agent identity, tool use, and downstream effects in one audit trail. If the answer is no, the programme is already behind the governance curve.
For practitioners
- Map every active AI agent to a named identity owner Assign business and technical ownership to each agent that can reach credentials, APIs, or production systems. Without a named owner, incident triage and access review both fail because no one can attest to the agent's sanctioned purpose or revoke it quickly when behaviour changes.
- Instrument runtime telemetry for agent tool use Capture which tools an agent invoked, which data it touched, and which approvals, if any, were bypassed. Keep those logs correlated to identity records so compliance teams can reconstruct behaviour after the fact and distinguish normal task execution from misuse.
- Review delegated access as a live security event Treat credential access granted to AI agents as time-sensitive governance, not a one-time setup task. Revalidate access when the model, workflow, or data scope changes, and remove privileges that cannot be tied to a current business purpose.
- Build evidence trails for AI misuse investigations Ensure logs preserve the sequence from identity assumption to tool invocation to downstream action. That evidence is what allows security, legal, and compliance teams to prove accountability if an agent participates in unauthorized access or fraud.
Key takeaways
- The policy shift matters because it treats AI agent misuse as a real security and enforcement problem, not a hypothetical future issue.
- The core governance gap is runtime visibility, since agents can inherit access and act in ways static approval records do not capture.
- Identity teams should now evaluate whether their IAM, NHI, and compliance controls can prove who or what acted, with which access, and under whose authority.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | The article centers on AI agents, delegated access, and runtime behaviour. | |
| OWASP Non-Human Identity Top 10 | NHI-03 | Delegated credentials for agents create NHI lifecycle and rotation risk. |
| NIST CSF 2.0 | PR.AC-1 | The post focuses on access governance, monitoring, and accountability. |
Map agent permissions to access control and logging requirements across the programme.
Key terms
- AI agent governance: The discipline of controlling what an AI agent can access, decide, and execute in live systems. It combines identity ownership, policy boundaries, logging, and revocation so the organisation can prove the agent acted within approved scope and investigate quickly when it did not.
- Runtime visibility: The ability to see what an identity is doing while it is operating, not only what access it was granted. For AI agents and other NHIs, runtime visibility includes tool use, data access, approvals, and downstream effects, which makes accountability and detection possible.
- Delegated access: Access granted to a non-human or human actor to perform tasks on behalf of a business process. In agentic environments, delegated access must be tied to ownership, purpose, and boundaries because the actor may combine tools or act faster than manual review can respond.
Deepen your knowledge
NHI governance, agentic AI identity, machine identity security, and identity lifecycle management are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance maturity, it is worth exploring.
This post draws on content published by Zenity: The US Has a New AI Security Blueprint: Here's What It Actually Means. Read the original.
Published by the NHIMG editorial team on 2026-06-10.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
