AI-native identity governance now has to cover agents and leaks

At a glance

What this is: Josys argues that identity security now has to cover stolen credentials, AI agents and continuous policy enforcement in one control plane.

Why it matters: IAM and IGA teams need a model that governs human, machine and agent identities together because credential theft and shadow AI now expand the same attack surface.

By the numbers:

• 642.4 million credentials were stolen from infostealer infections in 2025 alone.
• 56% of non-human identities sit entirely outside structured governance.

👉 Read Josys' press release on new identity governance capabilities for AI agents

Context

Identity governance is breaking down because organisations are trying to manage three different risk classes with older controls built for employee accounts alone. Human access, machine credentials and AI agents now move through the same SaaS estates, but they do not behave the same way or fail on the same timeline.

The result is a gap between what IAM and IGA teams can observe and what attackers can already use. When stolen credentials, unmanaged service accounts and invisible AI agents all share the same access layer, continuous discovery and lifecycle control become the baseline rather than the upgrade.

Key questions

Q: How should security teams respond when credentials are stolen from infostealer infections?

A: They should treat the exposed secret as an active access path, not a hygiene issue. Revoke the credential, rotate dependent secrets, check every application the identity can reach and confirm whether the same credential was reused elsewhere. Fast containment matters more than perfect attribution because valid access is usually the attacker’s advantage.

Q: Why do AI agents complicate identity governance programmes?

A: AI agents complicate governance because they can hold access, act across tools and remain active outside the review cycle designed for employees. That creates an ownership and lifecycle problem, not just a discovery problem. Teams need explicit accountability, scope mapping and revocation paths before agent behaviour becomes part of normal operations.

Q: How do organisations know whether identity governance is actually keeping pace?

A: Look for measurable reduction in standing access, faster revocation after exposure and fewer identities left outside structured governance. If leaked credentials remain usable for long periods or agents can be deployed without clear ownership, the programme is lagging behind risk. Continuous enforcement should shorten the time between discovery and control action.

Q: Who should own governance when humans, machines and agents share the same SaaS estate?

A: Ownership should sit with the identity programme, with clear operational handoffs to security, IT and application owners. Human users, service accounts and AI agents all need lifecycle rules, but the governance model must define who can approve access, who can revoke it and who is accountable when controls fail.

How it works in practice

Why credential theft now drives identity compromise at scale

Infostealer malware has industrialised credential collection by harvesting browser sessions, passwords and tokens from endpoints before defenders see a clear alert. That changes the economics of compromise because attackers often begin with already valid access instead of exploiting a fresh vulnerability. Once a credential is reused across SaaS, cloud and admin tools, one leak can become a multi-application event. Identity security therefore has to treat exposed secrets as active access paths, not just data loss artefacts.

Practical implication: connect exposure monitoring to immediate access revocation across every linked application.

How AI agent governance differs from classic SaaS oversight

AI agents create a governance problem because they can hold permissions, act across tools and persist outside the direct review cycle used for employees. A simple application inventory is not enough if the organisation cannot answer who owns the agent, what scope it has and when that scope changes. In practice, the control failure is not just discovery, but lifecycle governance for identities that can trigger actions without a human sitting in the request path.

Practical implication: assign ownership, map access and review AI agents as governed identities, not as apps.

Why continuous policy enforcement matters in SaaS-first environments

Periodic access reviews struggle in SaaS environments because permissions drift faster than manual governance cycles can close them. Policy-driven enforcement reduces that gap by checking entitlements continuously and triggering remediation when configuration or access moves outside policy. The architecture matters because the enforcement point has to sit close to the identity and application layer, not in a separate spreadsheet-driven review process. Without that, audit evidence may exist, but exposure still persists.

Practical implication: move from point-in-time review to continuous entitlement checks with automated remediation.

NHI Mgmt Group analysis

Identity governance has moved from account review to exposure containment. The article reflects a broader shift in which stolen credentials, unmanaged machine identities and AI agents all sit inside the same blast radius. That means the security problem is no longer who has access in theory, but which identities can still act after compromise. Practitioners should now judge governance by how quickly it can remove usable access.

Standing credential exposure is the failure mode this announcement exposes. The article is built around the premise that leaked credentials remain useful long enough for attackers to exploit them across connected systems. That is a lifecycle failure, not just an alerting failure, because access outlives trust. The implication is that programmes must treat exposed identity material as an active governance event, not an operational nuisance.

AI agent discovery only matters if ownership and authority are also explicit. Inventory without accountable ownership creates visibility theatre, not governance. An agent that is visible but unassigned still sits outside decision-making, so the programme cannot certify scope, revoke access or establish responsibility. Practitioners should use agent discovery as the start of lifecycle control, not the finish line.

Policy-driven automation is becoming the only viable response to identity volume. Manual reviews cannot keep pace with the speed at which credentials leak, settings drift and agents multiply across SaaS estates. That does not eliminate human governance, but it changes the operating model from periodic checkpoint to continuous control. The field is moving toward operationalised identity enforcement as a default expectation, not a premium capability.

From our research:

• The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
• Only 44% of developers are reported to follow security best practices for secrets management, which helps explain why policy and practice diverge so sharply.
• For deeper context on lifecycle and exposure control, see NHI Lifecycle Management Guide.

What this signals

Credential exposure is now a governance clock, not just a detection event. With remediation still taking 27 days on average according to The State of Secrets in AppSec, most programmes are already behind the attacker’s timeline once a secret leaks. Teams should shift reporting from discovery counts to time-to-revocation and time-to-validation.

AI agent sprawl will force identity teams to treat non-human actors as first-class governed subjects. The practical signal is not more dashboards, but clearer ownership, tighter entitlement mapping and stronger offboarding discipline. The NHI Lifecycle Management Guide is the right lens for how lifecycle control needs to evolve.

Josys’ framing also reinforces a broader market signal: identity platforms are converging on continuous enforcement because periodic review cannot keep up with SaaS drift, secret exposure and autonomous execution paths.

For practitioners

• Map exposed credentials to live access paths Connect stealer-log and dark-web monitoring to application entitlement maps so a leaked credential can be traced to every SaaS, cloud and admin service it can still reach.
• Establish accountable ownership for AI agents Require a named business owner, technical owner and revocation path for every AI agent so discovery produces governable records instead of an inventory of unknowns.
• Replace periodic reviews with continuous policy checks Move identity governance from quarterly certification to continuous evaluation of entitlements, configuration drift and policy exceptions, with automated remediation where possible.
• Treat leaked secrets as revocation events When a credential is exposed, revoke the associated identity, rotate dependent secrets and validate that no linked application still trusts the old token or session state.

Key takeaways

• The core risk is no longer identity sprawl alone, but the speed at which leaked credentials and unmanaged agents can still act.
• The evidence points to a structural governance gap, with credential remediation and NHI oversight moving far slower than compromise timelines.
• Practitioners should prioritise continuous entitlement control, explicit ownership and automated revocation before exposure becomes operational compromise.

Key terms

• Non-Human Identity: A non-human identity is any account, token, key, certificate or agent used by software rather than a person. In practice, it is the identity layer for systems that need access to other systems, and it becomes a governance problem when ownership, scope or lifecycle controls are unclear.
• Credential Exposure: Credential exposure is the point at which a secret, token or session artifact becomes available to an attacker or an unauthorised party. For identity programmes, it is not a theoretical leak. It is an access event that can immediately expand blast radius unless revocation and validation happen quickly.
• Identity Lifecycle Governance: Identity lifecycle governance is the set of controls that govern creation, use, review, change and removal of identities over time. It applies to humans, machine identities and AI agents alike, but the operational rules differ because each actor type changes and fails in different ways.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or programme maturity, it is worth exploring.

This post draws on content published by Josys: Enterprise identities are under siege, and Josys is changing how organisations fight back. Read the original.