Identity security in 2025 moved from access to governed action

At a glance

What this is: This is an editorial analysis of how 2025 shifted identity security from access management to governed action, with AI agents and NHIs breaking human-centric assumptions.

Why it matters: It matters because IAM, NHI, and PAM programmes now have to govern machine-speed decisions, not just human logins, or they will miss the identities creating the largest risk surface.

By the numbers:

• NHIs outnumber human identities by 25x to 50x in modern enterprises.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

👉 Read Oasis Security's analysis of how identity security changed in 2025

Context

Identity security was built around a human model: a person logs in, receives access, and later has that access reviewed or revoked. That model works when the subject is stable, accountable, and visible through normal IAM processes, but it breaks when the identity is a machine or an AI agent that can act at runtime without a person in the loop.

2025 made that break obvious across NHI and agentic AI programmes. Organisations were forced to govern service accounts, API keys, and autonomous agents in the same operational environment, which exposed a gap between access assignment and actual control over action. The primary keyword here is identity security, but the issue is really governance drift across human, non-human, and autonomous identities.

Key questions

Q: How should security teams govern AI agents that act autonomously?

A: Security teams should govern autonomous agents with runtime policy, not just static entitlements. The key is to define allowed actions, allowed tools, and allowed context before execution begins, then enforce those boundaries continuously. Human-style access review alone is insufficient because the agent may act, chain decisions, and complete work before any review cycle can catch it.

Q: Why do NHIs create more IAM risk than human accounts?

A: NHIs create more IAM risk because they are numerous, often overprivileged, and frequently unmanaged across creation, monitoring, and offboarding. Unlike human accounts, they can persist quietly in cloud and SaaS environments, making them ideal for privilege accumulation and lateral movement. Their scale turns small governance gaps into broad attack surface.

Q: What breaks when identity governance is built only for human users?

A: Access review, joiner-mover-leaver processes, and periodic certification break down when the identity is a service account or autonomous agent. Those controls assume a visible human lifecycle and a stable review window. Machine identities and agents can outlive those assumptions, leaving access active after the programme believes it has been governed.

Q: How can teams separate NHI governance from autonomous AI governance?

A: Teams should separate them by the behaviour being controlled. NHI governance focuses on lifecycle, secrets, privilege, and revocation for non-autonomous machine identities. Autonomous AI governance adds runtime decision-making, tool selection, and execution timing, so policy must also control action sequences and approval boundaries.

Technical breakdown

Why human-centric identity security stopped working

Human IAM assumes a stable subject, a visible login event, and a reviewable access state. That is enough for a person because the identity, the intent, and the approval path are separable. With NHIs and AI agents, those assumptions collapse. A service account may act continuously, and an agent may choose actions at runtime without a human pause point. The result is that access no longer describes behaviour. Identity security must therefore shift from static entitlement thinking to runtime governance of what an identity is allowed to do, when it can do it, and under what contextual policy.

Practical implication: Map every control that depends on login, user presence, or periodic review and identify where it fails for non-human execution.

Agentic access management and intent-aware policy

Agentic access management is a governance pattern for AI agents that treats intent and action as first-class identity signals. Instead of assuming the identity is only requesting access, it assumes the identity may initiate work, select tools, and chain actions on its own. That requires policy enforcement at the point of decision, not only at provisioning. In practice, this is closer to continuous authorisation than classic role assignment. For IAM teams, the key change is that the policy must describe the action boundary, not just the account boundary, or the control will be too coarse to matter.

Practical implication: Define policy around allowed actions and tool use, then enforce it continuously rather than only at account creation.

NHI provisioning and the lifecycle gap

NHI provisioning matters because most machine identities are created faster than governance teams can review them. When service accounts, API keys, and secrets are minted without consistent lifecycle controls, they become persistent access paths rather than managed identities. The governance gap is not simply missing rotation. It is the absence of a complete lifecycle model that covers creation, scope, monitoring, and revocation. Once NHIs are treated as default infrastructure rather than governed identities, they accumulate privilege and disappear from oversight, especially in cloud and SaaS environments where distribution is easy and accountability is thin.

Practical implication: Require lifecycle ownership for every machine identity and tie creation to revocation, review, and monitoring from day one.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Human-centric identity security assumed that access would be reviewable because behaviour would remain tied to a person. That assumption was designed for people who log in, request access, and leave an artefact for certification. It fails when AI agents and NHIs act at machine speed, because the identity can consume, combine, and discard access outside the review window. The implication is that IAM programmes must stop treating review cadence as a universal control boundary.

Non-human identity sprawl is now an identity governance problem, not a tooling footnote. Once NHIs outnumber human identities by 25x to 50x, the programme’s unit of control changes. Visibility, ownership, and offboarding become the real control plane, because privilege accumulates where no one expects a leaver process to exist. Practitioners should treat machine identity inventory as an operating discipline, not a one-time project.

Intent-aware access is a named concept worth adopting because it captures the shift from who has access to what the identity is trying to do. That matters when the subject is an autonomous agent, because access grants alone cannot express runtime behaviour. The better governance model is not more static roles but clearer behavioural boundaries, with policy tied to action and context. Practitioners should use this concept to separate agent governance from human IAM.

Agentic AI collapses the assumption that authorisation is externally initiated. That assumption was designed for request-response systems where a human or workflow asks for permission before acting. It fails when the actor can decide to act, choose tools, and sequence work independently. The implication is that identity governance must be rebuilt around autonomous execution paths, not just delegated permissions.

The 2025 lesson is that identity security now spans three governance modes, not one. Human identity still needs authentication and lifecycle discipline, NHI needs lifecycle and privilege control, and autonomous systems need runtime behaviour governance. The discipline is converging, but the controls are not interchangeable. Practitioners should separate these operating models before they merge them in the same policy stack.

From our research:

• NHIs outnumber human identities by 25x to 50x in modern enterprises, according to Ultimate Guide to NHIs.
• Only 5.7% of organisations have full visibility into their service accounts, which explains why inventory and ownership remain weak control points.
• That visibility gap is why the Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs is the right next reference for lifecycle design.

What this signals

Intent-aware access is becoming the practical dividing line between traditional IAM and agent governance. As AI systems begin to initiate work rather than merely request it, security teams need policy that can constrain action, tool use, and context in real time, not only at provisioning or review.

The programme signal for 2026 is straightforward: inventory is no longer enough unless it is paired with ownership, revocation, and behavioural boundaries. With 71% of NHIs not rotated within recommended time frames, the operational risk is already showing up in routine identity hygiene, not only in headline incidents.

The next control conversation should focus on where a human review cycle still makes sense and where it has already become too slow. That distinction will separate organisations that can govern machine identities from those still treating them as extended user accounts.

For practitioners

• Inventory machine identities by owner and lifecycle state Build a complete inventory of service accounts, API keys, certificates, and AI agent identities, then assign a named owner, purpose, and revocation path for each one. Unknown ownership should be treated as a governance defect, not an administrative gap.
• Replace role-only thinking with action-bound policy Define what each non-human identity may do, which tools it may use, and under what conditions those actions are allowed. Use policy language that limits behaviour, not just entitlements, so runtime execution can be constrained before damage occurs.
• Separate human, NHI, and autonomous governance controls Do not force one access review, one offboarding process, or one certification cadence across all identity types. Align each control to the behaviour of the actor being governed, especially where autonomous systems can act without a predictable human review window.
• Track privilege accumulation as a lifecycle signal Monitor where non-human identities gain scope over time, especially in cloud and SaaS environments where access is easy to expand but hard to unwind. Rising privilege without a matching ownership change should trigger review.

Key takeaways

• Identity security in 2025 shifted from managing access to governing action across human, NHI, and autonomous identities.
• Non-human identities now create scale and privilege problems that human-centric IAM models cannot absorb on their own.
• Programmes that separate lifecycle control from runtime policy will be better positioned to govern agentic AI and machine identities.

Key terms

• Agentic Access Management: A governance approach for AI agents that treats decisions, actions, and context as part of identity control. It goes beyond provisioning by enforcing what the agent may do at runtime, which tools it may use, and under what policy conditions those actions remain acceptable.
• Non-Human Identity: A non-human identity is any digital identity used by software, workloads, or automation, including service accounts, API keys, tokens, certificates, and AI agents. These identities need ownership, lifecycle control, and revocation because they can persist and operate without human presence.
• Identity Security: Identity security is the discipline of controlling who or what can access systems, data, and tools, and what they are allowed to do once access exists. In modern environments, it spans human users, machine identities, and autonomous systems, with governance extending from login to runtime behaviour.
• Intent-Aware Access: Intent-aware access is a policy model that evaluates the purpose and expected action of an identity before allowing it to proceed. For autonomous and machine identities, it helps narrow the gap between possession of access and permission to act, especially when decisions happen at runtime.

Deepen your knowledge

Identity security for AI agents and NHIs is a core topic in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are reshaping IAM around machine-speed behaviour, it is worth exploring.

This post draws on content published by Oasis Security: How 2025 Changed the Way We Think About Identity Security. Read the original.