Extending zero trust to non-human and agentic identities

At a glance

What this is: This analysis argues that zero trust must be extended to non-human and agentic identities because enforcement alone cannot govern identities that are unseen, unowned, or over-privileged.

Why it matters: It matters because IAM, PAM, and NHI teams need identity ownership, lifecycle control, and inline enforcement to cover machine traffic and agentic access paths.

👉 Read Oasis Security's analysis of extending zero trust to non-human and agentic identities

Context

Zero trust only works when the identity behind a connection is known, accountable, and governable. That assumption fails in many enterprises because service accounts, API keys, OAuth tokens, IAM roles, secrets, and AI agents often operate without clear ownership or lifecycle control, which makes the policy decision itself incomplete.

For identity programmes, the issue is not just more machine traffic. It is that non-human identities and agentic access now sit on the same control plane as human identities, but they do not behave like human accounts and cannot be managed with the same visibility assumptions.

Oasis Security frames the gap as one of control plane separation, where inline enforcement can block or allow traffic but cannot by itself answer who owns the identity, what it should reach, or whether it still needs access.

Key questions

Q: How should security teams extend zero trust to non-human identities?

A: Start by treating identity governance as part of the zero trust control model. Security teams need inventory, ownership, entitlement scope, rotation, and offboarding for service accounts, tokens, roles, and agents. Inline policy can enforce decisions at runtime, but it cannot compensate for identities that are unknown, over-privileged, or permanently valid.

Q: Why do non-human identities create gaps in zero trust programmes?

A: They create gaps because zero trust assumes each request can be tied to a governed identity. Many NHIs operate with standing access, hardcoded secrets, or weak ownership, so the policy engine sees traffic without meaningful lifecycle context. That leaves organisations able to broker connections but unable to prove the identity should exist in that form.

Q: What breaks when AI agents are given access without ownership and expiry?

A: The governance model breaks first. An agent can generate traffic, call tools, and expand its activity faster than human review cycles can detect. Without ownership and expiry, teams lose the ability to distinguish intended behaviour from persistent privilege, which makes containment and accountability much harder.

Q: Who should be accountable for governing machine and agentic identities?

A: Accountability should sit with the teams that own the identity lifecycle, not only with network enforcement teams. IAM, PAM, and NHI owners need to define who creates the identity, who approves its scope, who reviews its access, and who revokes it when the use case ends. Zero trust only works when those responsibilities are explicit.

Technical breakdown

Why zero trust needs identity context for machine-to-machine traffic

Zero trust is a decision model, not a product layer. It assumes every request can be tied to a known identity, then evaluated continuously against policy. In machine-to-machine environments that assumption weakens because the request may come from a service account, token, role, or secret that has no human operator standing behind it. Without identity context, inline controls see traffic but not governance state, so they can inspect or broker a connection without knowing whether the identity is orphaned, over-privileged, or stale.

Practical implication: treat visibility into NHI ownership and entitlement state as a prerequisite for any zero trust enforcement path.

How agentic identities change the enforcement problem

AI agents introduce a faster and less predictable access pattern than traditional workloads. They can generate their own traffic, call tools, and in some cases spawn sub-agents, which means identity is no longer just a static credential attached to a workload. The control problem shifts from authenticating a fixed caller to governing a runtime actor whose access scope may expand as it executes. That makes inline enforcement necessary but insufficient unless it is tied to lifecycle rules, entitlement scope, and revocation signals.

Practical implication: map every agent to an owner, a permitted scope, and a revocation condition before it is allowed to connect.

Why standing access and hardcoded secrets defeat policy-only controls

Hardcoded secrets, broad standing access, and unmanaged OAuth tokens undermine zero trust because the decision point arrives too late. If the credential already grants wide access, the policy engine is only deciding whether to observe or deny misuse, not whether the identity should have had the privilege in the first place. This is a governance failure, not just a network failure. For NHI programmes, the real control surface is the credential lifecycle, ownership, and right-sizing of access before the connection ever reaches the broker.

Practical implication: pair inline policy with rotation, scope reduction, and offboarding so the control plane can act on governed identities rather than inherited privilege.

NHI Mgmt Group analysis

Zero trust for NHIs is a governance problem before it is an enforcement problem. Policy engines can only make meaningful decisions when the underlying identity is visible, owned, and lifecycle-managed. That is why machine traffic breaks many zero trust programmes: the connection is authenticated, but the identity behind it is not governed with the same discipline as a human account. The implication is that zero trust architectures need an NHI governance layer, not just more inspection points.

Identity ownership is the missing control variable in agentic access. AI agents can move faster than human review cycles and can generate tool calls that do not map cleanly to traditional account administration. When an agent can create traffic, expand its own execution path, or use attached credentials without clear ownership, the control model becomes ambiguous. Practitioners should treat ownership as a first-class security control, because anonymous or unowned access is not zero trust at all.

Standing privilege is the real boundary failure in zero trust programmes. Zero trust can broker a connection in real time, but it cannot compensate for credentials that already encode broad and persistent access. The problem is not simply that access exists, but that it exists outside a meaningful lifecycle boundary. That is why entitlement scope, revocation, and expiry must be governed as part of the identity, not left to the network layer alone.

Inline enforcement and identity governance must operate as one control plane. The article's core point is that enforcement without governance leaves the organisation with a visible policy and an invisible identity problem. Governance without enforcement leaves the identity visible but not stoppable at the point of use. The practitioner conclusion is straightforward: zero trust for NHIs and agents only works when policy, ownership, and lifecycle decisions are linked.

From our research:

• 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to the State of Non-Human Identity Security.
• Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, which shows how far governance still lags behind access complexity.
• For a broader baseline on identity exposure, see 52 NHI Breaches Analysis for recurring patterns in credential misuse, orphaned access, and lifecycle failure.

What this signals

Identity context is becoming the gating factor for zero trust success. As enterprises move more traffic through brokers and policy engines, the programme question shifts from whether connections can be inspected to whether the identities behind them are actually governed. With 85% of organisations lacking full visibility into third-party vendors connected via OAuth apps, according to the State of Non-Human Identity Security, the gap is structural rather than tactical.

Standing privilege is the point where zero trust and NHI governance meet. A broker can stop a bad call, but it cannot by itself correct a credential that was over-scoped from day one. That is why identity teams should expect more pressure to connect lifecycle control, entitlement reviews, and enforcement telemetry into one operating model, not three separate programmes.

Governance teams should expect AI agents to force faster access decisions. The more agentic traffic flows through enterprise systems, the less useful delayed review becomes unless ownership and revocation conditions are already defined. That makes agent identity more than an AI topic. It becomes a test of whether IAM can govern runtime access without relying on human-paced assumptions.

For practitioners

• Map every non-human identity to an owner and lifecycle state. Build an inventory that links service accounts, API keys, OAuth tokens, IAM roles, secrets, and agents to a named business or technical owner, then flag anything orphaned or unreviewed.
• Tighten standing access before extending inline control. Review whether tokens, roles, and secrets already carry broad access that makes policy enforcement secondary. Reduce scope, rotate credentials, and remove unused identities before relying on the broker path.
• Treat agent access as governed runtime behaviour. Define which tools an agent may call, who approves its scope, and what event triggers revocation. Do not rely on generic automation controls when the actor can generate its own sequence of actions.
• Join enforcement telemetry to identity lifecycle controls. Correlate broker decisions with ownership, credential expiry, and entitlement reviews so security teams can see when a connection is allowed but the identity behind it is already out of policy.

Key takeaways

• Zero trust cannot secure non-human identities if the identities themselves remain invisible or unmanaged.
• The scale of the problem is already material, with OAuth-connected third parties and other NHIs creating a governance gap that policy enforcement alone cannot close.
• Practitioners need a combined model of identity ownership, lifecycle control, and inline enforcement to make zero trust operational for machine and agentic access.

Key terms

• Non-Human Identity: A non-human identity is any machine or software credential used to authenticate and authorize a workload, service, token, secret, or automated process. In practice, it needs the same governance discipline as human access, including ownership, scope, lifecycle management, and revocation.
• Agentic Identity: An agentic identity is the credential or identity wrapper used by an AI agent to access tools, data, and other systems at runtime. Unlike a static workload identity, it may act dynamically and therefore needs explicit ownership, narrow scope, and clear revocation conditions.
• Zero Trust Architecture: Zero Trust Architecture is a security model that requires continuous verification of every access request rather than assuming trust based on network location. For NHIs and agents, it only works when the identity behind the request is visible, governed, and tied to lifecycle controls.
• Standing Privilege: Standing privilege is access that remains continuously available instead of being granted only when needed. In NHI environments, it is especially risky because persistent credentials and broad entitlements can outlive the use case, creating hidden exposure and difficult-to-detect misuse.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Oasis Security: Extending Zero Trust to Non-Human and Agentic Identities. Read the original.