AI security services make agent governance a runtime identity problem

At a glance

What this is: This is a vendor analysis of enterprise AI security coverage, with the key finding that autonomous agents and integrated AI workloads turn identity, data, and runtime security into one governance problem.

Why it matters: For IAM and NHI practitioners, it shows why agent privileges, secrets, and runtime enforcement can no longer be managed as separate controls.

By the numbers:

• A full 80% of data experts surveyed say AI is making data security more challenging.
• The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities.

👉 Read CrowdStrike's analysis of AI security services and agent governance

Context

AI security now extends beyond model abuse to the identities, permissions, and data flows that let software act on behalf of the business. When agents, workloads, and SaaS integrations can execute with elevated access, traditional IAM boundaries blur and NHI governance becomes a runtime discipline rather than a periodic review process.

This article centers on that operational shift. CrowdStrike argues that AI risk spans the build-to-runtime lifecycle, but the deeper issue for practitioners is that machine identities and secrets now determine how far an AI system can move once it is trusted. That is a typical evolution in modern AI programmes, not an edge case.

Key questions

Q: How should security teams govern AI agents that use enterprise credentials?

A: Treat each agent as a non-human identity with its own ownership, least-privilege scope, and revocation process. Do not rely on human IAM patterns alone. The control objective is to limit what the agent can reach, prove who approved access, and ensure every credential can be rotated or revoked quickly when behaviour changes.

Q: When does JIT access help with AI agent risk?

A: JIT access helps when an agent needs temporary privilege for a clearly bounded task and the environment can enforce expiry, approval, and auditing. It is less effective if the underlying permissions are already broad or if the agent can reuse credentials across workflows. JIT reduces window size, but it does not replace identity design.

Q: What is the difference between AI security and NHI governance for agents?

A: AI security focuses on model behaviour, data leakage, and prompt or tool abuse. NHI governance focuses on the identities, credentials, and entitlements that let the agent act. For most enterprises, both are needed because the most damaging AI incidents occur when a risky model behaviour is combined with over-privileged access.

Q: Why do AI agents create more risk than traditional automation?

A: AI agents can combine autonomy, tool use, and adaptive decision-making. That means their access patterns can change in response to prompts, context, or data, rather than following a fixed script. Traditional automation is easier to bound; agentic systems require continuous verification of identity, privilege, and data access.

Technical breakdown

Why AI agents turn identity into a runtime control plane

AI agents are not just applications with smarter logic. When they can call tools, read data, and take actions autonomously, their service accounts, tokens, and permissions become the control plane for every downstream operation. That changes the security model from static access provisioning to continuous authorization, because the agent’s effective privilege depends on context, task scope, and data sensitivity. In practice, the question is whether the identity bound to the agent is constrained tightly enough to survive misuse, compromise, or drift.

Practical implication: treat each agent identity as a high-value NHI and review its permissions as if it were a privileged service account.

How secrets, APIs, and retrieval paths expand the attack surface

AI systems depend on multiple trust edges: API keys for orchestration, tokens for SaaS access, credentials for cloud services, and retrieval channels for data. Each edge creates a distinct failure mode. A leaked secret can expose the model pipeline, while an overbroad API grant can let an agent exfiltrate data or trigger business actions at scale. The technical risk is compounded when vector stores, RAG pipelines, and backend services are linked without clear policy enforcement, because the agent inherits whatever the connected systems allow.

Practical implication: map every secret and API grant that an AI workflow depends on, then remove broad or shared credentials from the path.

Why runtime policy matters more than perimeter controls

AI workloads move across endpoints, cloud services, SaaS, and containers, which makes perimeter-only defenses too coarse. Runtime controls are needed because the meaningful decision point is often the moment the workload requests data, changes state, or invokes another tool. That is where AI-SPM, DSPM, and CIEM-style controls intersect: one discovers risk, one classifies data exposure, and one limits excessive permissions. Without runtime enforcement, teams may know a problem exists but still fail to stop the action that causes it.

Practical implication: pair discovery with runtime enforcement so AI systems are constrained at the moment of use, not after the fact.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI agent governance is now an identity problem, not only an AI problem. The article’s core message is that autonomous systems become risky when they can act with durable access across cloud and SaaS environments. That means IAM teams have to own agent identity design, privilege boundaries, and session scope alongside AI security teams. The practical conclusion is that agent governance belongs inside the NHI programme, not outside it.

Ephemeral access does not eliminate trust debt if the underlying identity model is weak. Short-lived credentials can reduce exposure windows, but they do not fix overbroad permissions, weak workload attestation, or poor separation between agents and humans. NHI governance still has to answer who issued the credential, what the agent can reach, and how quickly the privilege can be revoked. The practical conclusion is that JIT without strong identity hygiene only shortens the blast window.

Runtime enforcement is becoming the decisive layer for AI security. Static inventory and periodic review cannot keep pace with systems that make decisions at machine speed. The field is moving toward continuous control of privileges, data access, and tool invocation, which aligns AI security with zero-trust and zero standing privilege principles. The practical conclusion is that organisations need policy enforcement where the agent acts, not just where it is registered.

Shadow AI will increasingly look like Shadow NHI. Unmanaged AI tools are not only a data-loss issue, they are an identity sprawl issue because every hidden workflow can carry its own secrets, tokens, and elevated integrations. That changes the discovery problem from finding applications to finding autonomous identities with execution authority. The practical conclusion is that agent inventory and secret discovery must be treated as one control objective.

Identity blast radius is the right lens for executive risk review. The meaningful question is not whether an AI system is allowed to exist, but how far it can move if a token, prompt path, or connected service is abused. This is where NHI, PAM, and data controls intersect in a way many programmes still separate. The practical conclusion is that leaders should measure containment, not just deployment speed.

From our research:

• The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
• Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
• For a broader control lens, see NHI Lifecycle Management Guide for how issuance, rotation, and offboarding should be managed across non-human identities.

What this signals

Ephemeral credential trust debt: the faster AI systems move, the more security teams must account for residual trust in the identities behind them. In practice, the programme risk is not just exposure, but the gap between issuing access and proving it was still appropriate at the moment of use. That makes lifecycle discipline central to AI governance, especially where agents can reach cloud, SaaS, and data systems through delegated access.

With 43% of security professionals already concerned that AI systems may learn and reproduce sensitive information patterns from codebases, the governance problem now spans both identity and data behaviour. The reader’s programme should prepare for controls that join secrets oversight with retrieval and prompt monitoring, because the same workflow can leak data and extend privilege at the same time.

The operational signal is clear: teams that still separate AI security, IAM, and secrets management will struggle to answer basic questions about who or what acted, with which credential, and against which data. That is where frameworks like NIST Cybersecurity Framework 2.0 and NIST SP 800-63 Digital Identity Guidelines become relevant, because they push organisations toward accountable identity governance rather than one-time access checks.

For practitioners

• Map every AI workload identity Inventory service accounts, tokens, certificates, and API keys used by model pipelines, agents, and retrieval systems. Tie each identity to an owner, a purpose, and a revocation path so the environment can be reviewed as a living NHI estate.
• Enforce least privilege on agent tool access Restrict agents to narrowly scoped permissions for each tool, dataset, and SaaS connector. Remove broad shared credentials, and require task-scoped access for any action that can change data, send messages, or trigger automation.
• Add runtime controls at the decision point Pair discovery with enforcement so policy checks happen when the agent requests data or calls a tool. Use runtime telemetry to block unexpected connections, excessive data access, and privilege escalation attempts before they propagate.
• Unify secrets management with AI governance Track AI-related secrets in the same lifecycle process used for other NHIs, including issuance, rotation, and offboarding. Fragmented handling makes it harder to prove which credentials remain active across agents, clouds, and SaaS integrations.

Key takeaways

• AI agents are expanding the NHI problem because their access patterns can change at runtime, not just at provisioning time.
• Secrets, tokens, and SaaS connectors are the practical choke points for governing agentic systems, and they need lifecycle controls.
• Security teams should measure containment, revocation speed, and privilege scope if they want AI governance to be operational instead of theoretical.

Key terms

• Agent Identity: An agent identity is the set of credentials and entitlements that let an autonomous system act on behalf of a business process. It often includes service accounts, tokens, certificates, and API permissions. In NHI governance, the identity is the control boundary, not just the software component.
• Identity Blast Radius: Identity blast radius is the amount of damage a compromised non-human identity can cause before it is contained. It is shaped by privilege scope, credential lifetime, downstream trust, and connected systems. Reducing blast radius is a practical way to measure whether NHI controls are actually effective.
• Shadow AI: Shadow AI is the use of AI tools, agents, or integrations that are not fully inventoried or governed by the organisation. These hidden systems often carry their own credentials and data access paths, which makes them a parallel NHI risk. Discovery is only the first step; control requires lifecycle oversight.

Deepen your knowledge

AI agent identity governance and secrets lifecycle management are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is building controls for autonomous systems, it is a relevant starting point.

This post draws on content published by CrowdStrike: New AI Security Services to Strengthen AI Security and SOC Readiness. Read the original.