By NHI Mgmt Group Editorial TeamDomain: Agentic AI & NHIsSource: ElisityPublished November 7, 2025

TL;DR: Forrester Summit coverage says security leaders are balancing enterprise, ecosystem, and external risk while AI agents rapidly reshape operations, with 32% of respondents seeing critical risk events rise year-over-year and 41% naming cyberattacks the top risk event, according to Elisity. The real issue is that governance, identity, and Zero Trust controls still assume slower, human-paced decision cycles that agentic systems do not follow.


At a glance

What this is: This is a practitioner summary of Forrester Security & Risk Summit themes, highlighting how AI agents, Zero Trust, and governance pressure are converging around identity control gaps.

Why it matters: It matters because IAM, NHI, and PAM teams now need controls that hold up when access decisions, remediation, and risk trade-offs move faster than traditional review and approval cycles.

By the numbers:

👉 Read Elisity's coverage of AI agents, Zero Trust, and Summit governance themes


Context

AI agents are changing the identity problem because they compress decision, access, and execution into the same operating window. That matters for NHI governance, because policies written for stable service accounts and periodic human review do not map cleanly to systems that can act, retry, branch, and escalate in-session.

The summit sessions also framed Zero Trust as a governance problem, not just a tooling problem. Once enterprise, ecosystem, and external risk are all in play at the same time, identity teams have to think about who can act, what they can reach, and how much authority should exist before the work begins.


Key questions

Q: How should security teams govern AI agents that can take action in production?

A: Security teams should govern AI agents as non-human identities with bounded runtime authority, explicit task scope, and revocation points. The control objective is to keep the agent from chaining actions beyond its intended workflow. That means policy, logging, and approval logic must be aligned before the agent is allowed to touch production systems.

Q: Why do AI agents complicate Zero Trust and least privilege?

A: AI agents complicate Zero Trust because they compress decision, access, and execution into one runtime loop. Least privilege is harder to define when intent can change mid-session and the system can select tools dynamically. Identity teams have to think in terms of runtime containment and blast radius, not just static entitlements.

Q: What do teams get wrong about AI-assisted remediation?

A: Teams often assume AI-assisted remediation is only a speed problem, when the deeper issue is trust in the underlying ownership data. If asset records, code owners, and dependencies are incomplete, AI simply accelerates misrouting. The decision to act should depend on verified context, not on the model's confidence.

Q: How do organisations prevent governance drift when third parties are involved?

A: Organisations prevent governance drift by assigning ownership across the enterprise, ecosystem, and external layers before exceptions accumulate. Third-party access, partner workflows, and shared integrations need the same identity scrutiny as internal systems, but with tighter limits on default trust. Without that, policy gaps appear first at the boundary.


Technical breakdown

AI agents and ephemeral identities

AI agents become an identity problem when they are granted tool access, API reach, and data permissions at runtime. Unlike classic service accounts, agentic systems can chain actions across applications, which means the security model has to account for both identity and decision flow. Temporary credentials, scope restrictions, and action logging all matter, but only if the surrounding governance can observe what the agent actually did. The critical design issue is not whether the agent can authenticate, but whether its runtime authority stays bounded to the task it was given.

Practical implication: Treat each agent as a distinct non-human identity with explicit session boundaries, task scope, and revocation points.

Zero Trust governance and access control

Zero Trust fails when it is treated as a network program instead of an identity and policy programme. The summit material points to a three-layer model: strategic decisions about risk appetite, operational ownership through RACI and policy mapping, and tactical enforcement through segmentation and conditional access. That structure matters because identity, network, data, and endpoint controls all need shared governance even when different teams own them. Without that, the control plane fragments and exceptions become the real policy.

Practical implication: Map ownership across strategic, operational, and tactical layers before expanding Zero Trust enforcement.

Remediation workflows under AI-assisted operations

AI is moving security work toward faster triage and remediation, but it does not remove human accountability. The operational shift is from long lists of findings to smaller sets of recommended actions, with the system helping decide what to do and who should do it. That works only when the underlying asset, code owner, and dependency data are trustworthy. Otherwise, AI accelerates bad routing as efficiently as it accelerates good routing.

Practical implication: Use AI to accelerate remediation recommendations, but require verified ownership and dependency data before execution.


Threat narrative

Attacker objective: The objective is to exploit compressed decision cycles and over-broad access so that AI-driven operations can cause fast, high-blast-radius impact before humans can intervene.

  1. Entry begins when AI agents receive broad operational access to applications, data sources, and control planes under the assumption that they will remain bounded by policy.
  2. Escalation occurs when those agents chain tasks, tools, and retries faster than governance cycles can observe, turning temporary authority into expanded effective reach.
  3. Impact follows when compressed decision loops outpace review and change control, allowing errors or abuse to scale across identity, data, and infrastructure layers.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

AI agents turn governance from periodic review into continuous containment. The summit's framing confirms that security leaders are no longer dealing only with static NHI sprawl, but with identities that can decide, retry, and chain actions mid-session. That shifts the question from whether an access grant is approved to whether the programme can survive a decision loop that moves faster than review cadences. Practitioners should treat agentic behaviour as a containment problem, not a scheduling problem.

Least agency is the right analogue to least privilege for agentic systems. The summit's call for temporary, minimum authority captures the central constraint identity teams now need, but the real challenge is proving when that constraint breaks. An agent that can select tools, invoke APIs, and continue execution without a human checkpoint is no longer being governed like a service account. The implication is that traditional provisioning assumptions need to be re-evaluated for systems whose authority is created and consumed inside one runtime window.

Zero Trust governance only works when accountability spans the whole decision chain. Forrester's three-layer model maps well to the identity problem because AI, network, and data controls fail when ownership is fragmented. The ecosystem layer is especially weak, since third parties and partners are where governance often has the least visibility. Practitioners should assume that policy drift will appear first where identity crosses organisational boundaries.

Identity blast radius is now the metric that matters most. Once AI agents and automation are allowed to speed up operations, the main question is not how much they can do, but how far they can move when they fail. That means entitlement review, segmentation, and runtime guardrails need to be judged by the damage they prevent rather than the access they merely record. Identity teams should measure blast radius reduction as a core control outcome.

From our research:

  • 23.5% of security professionals are unsure about the biggest threat to their non-human identities, indicating a significant awareness gap, according to The 2024 Non-Human Identity Security Report.
  • Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities.
  • That confidence gap points to a broader control issue, which our Ultimate Guide to NHIs , 2025 Outlook and Predictions frames through lifecycle governance and workload identity discipline.

What this signals

Least agency is becoming an operational design principle, not just a conference theme. As AI agents enter production workflows, the next control failure will come from assuming runtime authority is still stable enough for periodic review. Identity teams should expect pressure to prove where authority starts, where it stops, and how fast it can be revoked when an agent changes scope.

The governance gap is widening fastest at the ecosystem boundary, where partner access, delegated workflows, and shared tools are hardest to observe. That is where NHI programmes, Zero Trust controls, and access review processes need to converge, because the old separation between policy, identity, and execution is no longer holding.


For practitioners

  • Re-baseline agent authority by task, not by role Define the minimum runtime permissions each AI agent needs for a single workflow, then revoke or isolate anything that is not required before the next execution cycle.
  • Map Zero Trust ownership across all three governance layers Assign clear owners for strategy, policy design, and real-time enforcement so identity, network, and data controls do not fragment across teams.
  • Instrument AI-assisted remediation with verified ownership data Require validated asset, code owner, and dependency records before an AI-generated action is approved or executed in production.
  • Measure identity blast radius, not just access count Track how far an identity can move across applications, clouds, and data paths if it is misused or over-permissioned, then use that metric to prioritise control changes.

Key takeaways

  • AI agents are forcing identity teams to move from periodic review to runtime containment.
  • The most useful control question is now how far an identity can move when it fails, not how many permissions it has.
  • Zero Trust, NHI governance, and remediation workflows all need shared ownership if security decisions are going to keep pace with AI-driven operations.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF, NIST Zero Trust (SP 800-207) and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10Agentic AI governance and tool-use boundaries are central to the article.
OWASP Non-Human Identity Top 10NHI-03Temporary authority and identity scoping are core NHI governance themes here.
NIST AI RMFGOVERNThe article is about governance, accountability, and AI risk ownership.
NIST Zero Trust (SP 800-207)Zero Trust architecture and continuous verification are explicit summit themes.
NIST CSF 2.0PR.AC-4Least privilege and access management are central to the article's identity themes.

Apply continuous verification to identities, devices, and workflows that participate in AI-driven operations.


Key terms

  • Least agency: The principle that an AI agent should receive only the smallest runtime authority needed to complete one task. For autonomous systems, this is the operational equivalent of least privilege, but it must also limit tool choice, execution timing, and the ability to chain actions.
  • Identity blast radius: The amount of damage an identity can cause if it is over-permissioned, compromised, or misused. For non-human and agentic identities, the metric should include how far access can move across systems, how quickly it can spread, and how hard it is to revoke in-session.
  • Ecosystem risk: Risk that sits outside direct enterprise control, usually through vendors, partners, integrations, or delegated access. In identity programmes, it is where governance weakens first because ownership is shared, visibility is partial, and the operational consequences still land inside the enterprise.
  • Runtime containment: A control approach that limits what an identity can do while it is active, not just how it is provisioned. It is especially relevant for AI agents and other non-human identities because behaviour can change during execution, making static permissions insufficient on their own.

What's in the full article

Elisity's full post covers the operational detail this summary intentionally leaves for the source:

  • The summit session-by-session context behind AEGIS, Zero Trust governance, and proactive security.
  • The specific operational trade-offs discussed for AI agents, including temporary authority, documentation, and guardrails.
  • The full set of examples and metrics tied to remediation speed, vendor evaluation, and governance alignment.
  • The practical framing used by the speakers to connect enterprise, ecosystem, and external risk into one operating model.

👉 Elisity's full post expands on the summit themes, including AEGIS, governance alignment, and remediation priorities.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM or NHI governance programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org