Identity security must adapt as AI moves from prompts to agents

At a glance

What this is: The article argues that AI adoption is shifting from LLM knowledge work to coding agents and then digital employees, making identity the control plane for each phase.

Why it matters: IAM, NHI, and PAM teams need to rework approval, scope, and revocation models because AI systems now exercise access across corporate data, code, and business workflows.

By the numbers:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• NHIs outnumber human identities by 25x to 50x in modern enterprises.

👉 Read Opal Security's analysis of identity security across AI adoption phases

Context

AI adoption is no longer confined to prompts and summaries. As LLMs connect to corporate systems, then coding agents begin touching repositories and pipelines, and finally autonomous agents start executing business processes, the identity question becomes more important than the model question. The primary keyword here is identity security, because access is now the control surface that determines what AI can reach and change.

The governance gap is that traditional IAM assumptions were built around stable users, bounded tasks, and review cycles that outlast the action. That does not hold when an AI system can request, receive, and discard access inside a single workflow. For practitioners, the problem is not model capability alone. It is whether identity, approval, logging, and revocation can keep pace with machine-timed execution.

Key questions

Q: How should organisations govern AI agents that can touch code, cloud, and business systems?

A: They should register each agent as a governed identity, then scope permissions by task, system, and risk tier. Read, write, deploy, and transaction rights should be separated, with approvals and expiry matched to impact. If an agent can act across multiple systems, governance must follow the action path, not the tool brand.

Q: Why do AI agents create more identity risk than simple automation?

A: AI agents create more risk because they make runtime decisions about actions and system use, often across multiple domains. That breaks the assumption that access can be preplanned once and reviewed later. The governance problem becomes who or what can decide, execute, and retain access long enough to cause impact.

Q: What signals show AI access is being governed properly?

A: Look for time-bound access, explicit ownership, auditable approvals, and shrinking credential lifetime. A healthy programme should show fewer standing privileges, more context-aware grants, and complete traces from request to execution. If approvals exist but cannot explain the business purpose or the systems touched, governance is weak.

Q: Who should be accountable when an AI agent causes a security or compliance issue?

A: Accountability should rest with the human owner of the agent and the control owner of the workflow it used. The programme should record who approved the grant, what policy allowed the action, and which systems were exposed. Without that chain, responsibility becomes ambiguous after the fact.

Technical breakdown

LLM access as a privileged capability

Once a conversational model connects to email, document stores, issue trackers, or data platforms, it stops being a standalone interface and becomes an access pathway. The control surface is no longer only authentication, but authorization to specific connectors, data domains, and actions. The article’s phase-one model maps well to privilege design: scope by purpose, time-box the grant, and log the request, approval, and target systems in one trail. That is essentially just-in-time access applied to AI usage.

Practical implication: treat every enterprise LLM connector like a privileged integration and enforce purpose-bound access from day one.

Coding agents and repository blast radius

Coding agents create a different risk profile because they can read code, open pull requests, trigger CI jobs, and sometimes reach cloud resources. The danger is not just that they act, but that they act across multiple systems with a broader permission envelope than a human developer would need for a single task. If static credentials are embedded in the workflow, the exposure window becomes far larger than the task window, which turns routine automation into supply-chain risk.

Practical implication: separate read, write, deploy, and cloud permissions for coding agents instead of granting broad developer-equivalent access.

Digital employees and policy-driven execution

The third phase describes agents that execute business processes end to end, which makes identity governance a policy problem as much as an access problem. These agents need explicit ownership, purpose, risk tier, allowed systems, and expiry. The article’s model is strongest where it ties approvals, budget limits, and separation of duties to task impact. At that point, identity is not a login layer. It is the operating model for delegated action across finance, operations, and security.

Practical implication: define policy gates by task impact and system sensitivity before allowing agents to operate across business functions.

NHI Mgmt Group analysis

Identity governance is becoming the execution layer for AI adoption. The article is right to frame identity as the control plane because AI value increasingly depends on which systems it can touch, not just what it can generate. Once assistants connect to enterprise data, code, and workflows, approval, scope, and revocation become operational controls, not admin details. Practitioners should treat AI access as a governed runtime surface, not a feature checkbox.

Ephemeral credential trust debt: the longer teams allow AI systems to rely on static or loosely bounded access, the more governance debt they accumulate. The article shows this clearly in its move from LLM connectors to coding agents and digital employees. Each phase increases the number of systems in play while shortening the useful lifetime of a grant. That means the real risk is not only privilege excess, but the mismatch between human review cadence and machine execution speed. Practitioners should reassess any control that assumes access persists long enough to be reviewed.

AI agents are forcing IGA, PAM, and NHI governance to converge. The same mechanisms used for humans and service accounts, ownership, justification, expiry, audit trail, and separation of duties, now need to be expressed for agentic workflows. The article’s strongest contribution is that it treats AI as an identity problem across all three phases rather than as a standalone AI security topic. That is the right lens for programme design.

Approval without context will fail under high-velocity AI workflows. The article’s phase-based model makes clear that low-risk actions can be auto-approved, but only when the surrounding policy is explicit about scope, budget, and system boundaries. Where organisations still use generic approval gates, they will create the illusion of control while missing the actual decision point. Practitioners should move from blanket approval processes to context-aware governance tied to task risk.

The market is shifting from AI enablement to AI containment. The article signals that the next competitive question is not whether an organisation can connect AI to systems, but whether it can prove who or what was allowed to act, under what policy, and for how long. That shifts buying criteria toward governance, auditability, and lifecycle control rather than raw integration breadth. Practitioners should expect identity platforms to be evaluated on enforcement depth, not just connectivity breadth.

From our research:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs.
• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
• That gap makes Ultimate Guide to NHIs a useful companion for teams that need to turn AI access governance into revocation discipline.

What this signals

Ephemeral credential trust debt: as AI systems move from read-only assistants to action-capable agents, the hidden risk is not only access breadth but access lifetime. Organisations that still rely on static secrets or slow review cycles will find that machine-speed execution outruns human-paced governance, which is why identity controls need to be designed around task boundaries rather than user sessions.

In practice, the next programme milestone is not more AI integration. It is proving that every agentic workflow has a named owner, a defined purpose, a bounded scope, and a revocation point that actually fires. That is where NHI governance, IAM, and PAM start to converge into one control model.

With 97% of NHIs carrying excessive privileges, the transition to AI-driven execution will amplify whatever privilege hygiene already exists. Teams that do not reduce standing access now will inherit the same problem in a more dynamic form when agents begin acting across systems.

For practitioners

• Inventory AI identities across all phases Map every LLM connector, coding agent, and business-process agent to an owner, purpose, allowed systems, and expiry. Include the approval path and the systems each actor can touch so access is visible before you redesign controls.
• Replace standing AI access with task-bound grants Issue access only for the duration of a specific task and revoke it automatically when the task closes or the agent finishes its run. Apply this to model connectors, repository access, CI jobs, and any cloud action that the agent can trigger.
• Split permissions by action type and impact Separate read, write, deploy, and transactional privileges so an agent cannot inherit human-like breadth by default. Use dual control for high-risk actions and apply budget or threshold caps where business processes can be bounded.
• Centralise audit trails across request, approval, and execution Preserve one chain of custody that links who requested the grant, who approved it, what scope was issued, which systems were touched, and when the grant expired. Without that record, incident response becomes reconstruction instead of governance.

Key takeaways

• AI adoption is turning identity into the primary control plane, because access now determines what models, agents, and workflows can actually do.
• The core risk is not only model capability but access lifetime, since machine-timed action can outpace review cycles built for human operators.
• Security teams should move toward task-bound grants, explicit ownership, and auditable revocation if they want AI execution to remain governable.

Key terms

• Agentic workflow: A workflow in which an AI system can choose actions, invoke tools, and continue execution based on runtime conditions. In identity terms, it behaves like a governed actor rather than a passive application, which means ownership, scope, and expiry must be explicit.
• Ephemeral credential: A credential that exists only for a short, task-specific period and is revoked after use. For AI and machine identities, ephemeral credentials reduce blast radius by limiting how long an agent can act if policy, code, or behaviour goes wrong.
• Identity control plane: The governance layer that decides who or what may access a system, under what conditions, and for how long. In AI environments, it spans humans, service accounts, and agents, making access policy the mechanism that keeps automation within bounds.
• Standing privilege: Persistent access that remains available without a fresh task request or approval. In AI and NHI programmes, standing privilege is risky because it expands the window for misuse, leaks, and unintended action across code, cloud, and business systems.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Opal Security: Identity Security and the AI Adoption Maturity Curve. Read the original.