By NHI Mgmt Group Editorial TeamPublished 2026-06-30Domain: Agentic AI & NHIsSource: Delinea

TL;DR: At Identiverse 2026, the dominant message was that AI agent security now hinges on ownership, discovery, and runtime authorization, with practitioners also debating how to prove after the fact what agents touched and who is accountable, according to Delinea. The broader lesson is that standing secrets and one-time trust decisions no longer fit agent behaviour, so governance must move to action-time control.


At a glance

What this is: Identiverse 2026 surfaced a converging view that AI agent security depends on named ownership, complete discovery, and per-action runtime authorization.

Why it matters: IAM teams need this framing because AI agents behave like non-human identities with human-accountability and control-plane requirements that existing access review and secret-handling patterns do not fully cover.

By the numbers:

👉 Read Delinea's analysis of how Identiverse 2026 shaped AI agent security


Context

AI agent identity is no longer a speculative idea. The issue is how to govern an actor that can select tools, touch data, and act at runtime while still needing an accountable owner, a defined scope, and a way to prove what happened after execution. For IAM programmes, that shifts the problem from authentication alone to lifecycle, discovery, and action control across the full non-human identity stack.

Identiverse 2026 made the market direction easier to see: teams are converging on ownership, discovery, and runtime authorization as the practical control pattern for AI agents. That still leaves a harder governance question for security leaders. If the agent can act faster than a human review cycle, then the programme has to treat the moment of action as the real authorization boundary, not the login event.


Key questions

Q: How should security teams govern AI agents that act at runtime?

A: Security teams should govern AI agents through named ownership, complete discovery, and per-action authorization. The control point has to sit at the moment of action, not only at enrollment or login. If the agent can hold reusable credentials, governance becomes weaker because the policy layer is no longer mediating actual use.

Q: Why do AI agents change traditional IAM and access review models?

A: AI agents change IAM because they can act faster than human review cycles and can touch tools or data without a stable operator at the keyboard. Traditional reviews assume access persists long enough to be observed and recertified. For agents, the safer model is action-time control with a clear owner and auditable connection path.

Q: What breaks when AI agents are discovered too late or not at all?

A: When agents are not discovered early, teams cannot assign ownership, set scope, or prove what systems the agent can reach. That leaves shadow AI outside IAM, IGA, and PAM oversight. The result is unmanaged identity growth, weak auditability, and limited ability to contain misuse or offboard the agent cleanly.

Q: Who should be accountable for AI agent access and misuse?

A: Accountability should sit with a named human owner who can justify the agent’s purpose, approve its scope, and respond if the agent behaves badly. Without that owner, the organisation cannot complete lifecycle governance or incident response with confidence. The owner record is the bridge between machine action and human responsibility.


Technical breakdown

Why AI agent identity becomes a control-plane problem

AI agents are not just another workload because they combine independent tool calls, data access, and execution timing that can change at runtime. That makes the credential and authorization layer the real control plane. If the agent holds a standing secret, the security team has already lost the most important boundary, because downstream systems will treat the agent as the credential holder rather than as a governed subject. The architectural issue is not whether the agent is clever. It is whether the platform can interpose a policy decision on each action, broker access, and preserve auditability without exposing reusable credentials.

Practical implication: move authorization to the point of action, not the point of enrollment.

Discovery and ownership are the first two governance dependencies

The article’s strongest operational point is that no agent can be governed if it cannot be found, and no agent can be trusted if nobody is accountable for it. Discovery creates the inventory needed for lifecycle control, while ownership creates the human locus for review, offboarding, and incident response. In practice, these are governance dependencies, not nice-to-have metadata fields. Shadow AI becomes a security issue the moment it can call tools or reach databases outside the visibility of IAM, IGA, or PAM teams.

Practical implication: tie every agent to an inventory record and a named owner before access is extended.

Runtime authorization works only if the live credential never leaves the broker

Runtime authorization is not just about approval logic. It is about whether the system can mediate the call so the agent never receives the target credential in reusable form. That distinction matters because many products stop at access granting or risk scoring, then assume the destination system will honor the token safely. A brokered pattern changes the trust model. The agent gets constrained access for the current action, while the credential stays under centralized control and the audit trail captures each decision. That is the difference between governance and mere policy decoration.

Practical implication: validate that your control sits in the connection path, not only in the policy layer.


NHI Mgmt Group analysis

Identity as the control plane is now the right framing for AI agents. The article reflects a broader market shift away from static access grants toward decision-time control, which is the only place agent behaviour can be governed reliably. For IAM and NHI teams, that means the unit of control is the action, not the account. This is the emerging operating model for AI agent governance.

Runtime authorization is only meaningful when the credential never reaches the agent. If the agent can hold a standing secret, then the security model has already collapsed into ordinary token abuse risk. The practical implication is that brokers, gateways, and connection-path controls matter more than labels such as policy enforcement or risk scoring.

Ownerless agents are not a classification problem, they are an accountability failure. The article’s lifecycle theme is important because AI agents without a named human owner cannot be reviewed, offboarded, or investigated with confidence. That breaks the same governance logic used for service accounts, but with higher speed and lower visibility. Practitioners should treat ownership as a hard prerequisite, not as documentation.

Discovery is becoming the new prerequisite for AI agent governance, not an afterthought. Teams cannot govern what they cannot inventory, and they cannot inventory what keeps appearing outside central IT. That makes shadow AI a structural governance issue across IAM, IGA, and security operations. The implication is that discovery now sits upstream of every other control decision.

AI agent security is converging on a non-human identity model, but with stricter action-time constraints. The field is moving toward a model where agents are governed like NHIs, yet their permissions must be checked on each call because behaviour is dynamic. That distinction matters for control design, audit evidence, and incident response. Practitioners should expect agent identity to pull NHI, PAM, and runtime policy into one governance stack.

From our research:

  • 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
  • For a broader governance lens, see OWASP Agentic AI Top 10 for control patterns that map directly to agent behaviour and tool misuse.

What this signals

Runtime control will become a procurement filter, not just a design preference. As AI agents move from experimentation to production, the differentiator is whether a control stack can broker each action without handing over a standing secret. Organisations that cannot show action-level evidence will struggle to defend their governance posture, especially as agent populations grow faster than review processes can absorb.

Access reviews need a new evidentiary model for agent behaviour. The useful artefacts are not just entitlements, but owner linkage, action logs, and proof that the credential stayed outside the agent. For teams building this capability, the practical bar is whether the control path can support investigation before the session is over, not after the fact.

AI agent governance is converging with NHI lifecycle management. The identity problem is becoming less about authentication and more about ownership, discovery, and offboarding of machine actors. That makes the Ultimate Guide to NHIs the right baseline reference, while the OWASP Agentic AI Top 10 helps teams map runtime misuse to concrete control failures.


For practitioners

  • Inventory every AI agent before granting access Build a discovery process that finds agents created outside IT, links each one to a business owner, and records the systems and data it can reach. No inventory means no governance, no review, and no defensible offboarding path.
  • Require named human ownership for every agent Assign a responsible person who can approve scope, handle lifecycle events, and answer for misuse. Treat ownerless agents as unmanaged identities, not as low-priority automation.
  • Broker every tool call through a runtime policy layer Place an authorization point in the connection path so access is decided for each action and the live credential stays under central control. Verify that the agent never receives a reusable secret for the target system.
  • Review whether your access reviews can see agent behaviour Check whether certification workflows, logging, and incident response can show what an agent accessed, when it acted, and who owned it. If those artefacts are missing, the governance process is not yet fit for AI agents.

Key takeaways

  • AI agent security is maturing into a governance problem, not just a tooling problem, because identity, ownership, and runtime control all have to line up.
  • The strongest evidence from the event is that discovery and action-time authorization are becoming the baseline controls for agent oversight.
  • Teams that cannot inventory agents, name owners, and broker each tool call will struggle to govern AI behaviour with confidence.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10Agent identity, runtime authorization, and tool use map directly to agentic AI risk patterns.
OWASP Non-Human Identity Top 10NHI-03Standing secrets and lifecycle ownership of agents align with NHI credential governance.
NIST CSF 2.0PR.AC-4Least-privilege access and control of non-human identities fits access management governance.

Map AI agent entitlements to access controls and verify that permissions are enforced at the point of use.


Key terms

  • AI Agent Identity: The identity assigned to a software entity that can make runtime decisions, select tools, and execute actions without a human clicking each step. In governance terms, it must be tied to an owner, a scope, and an audit trail so the organisation can control and explain its behaviour.
  • Runtime Authorization: A control model that decides whether an action is allowed at the moment it is attempted, rather than only when the identity is created or first authenticated. For AI agents, this is the boundary that matters because permissions must be evaluated per call and per task.
  • Shadow AI: AI agents or AI-enabled workflows that exist outside formal inventory, ownership, or approval processes. These identities are difficult to govern because teams cannot review their scope, verify their access, or reliably offboard them when risk changes.
  • Connection-path Broker: An intermediary control that sits between an identity and the target system, mediating each request so the caller never receives the live credential in reusable form. This pattern is critical for agent security because it preserves central control over access while still allowing action at runtime.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.

This post draws on content published by Delinea: What Identiverse 2026 made clear about securing AI agents. Read the original.

NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-06-30.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org