TL;DR: Most IT teams cannot see which AI agents are running, who owns them, or what they can access, according to Josys, which adds centralized discovery, policy enforcement, credential monitoring, and role-scoped admin controls to close those gaps. The deeper issue is that identity governance now has to cover software actors that move faster than manual review cycles.
At a glance
What this is: Josys positions AI agent governance, credential monitoring, and role-scoped admin controls as one identity governance problem.
Why it matters: It matters because IAM teams now have to govern AI agents, privileged access, and audit evidence in the same operating model, not as separate controls.
By the numbers:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
👉 Read Josys' June 2026 newsletter on AI agent governance and access controls
Context
AI agent governance is the discipline of identifying software actors, understanding what they can access, and proving that access is still justified. Josys is responding to a common enterprise blind spot: teams can deploy or inherit AI agents faster than they can attribute ownership, scope access, or keep audit evidence current.
The broader identity issue is not just discovery. Once AI agents, employee accounts, and delegated admin roles all live in the same operating environment, governance has to track who or what owns access, who can approve it, and which privileges are permanent versus ephemeral. That makes agent governance a core IAM and NHI control problem, not a standalone AI feature set.
Key questions
Q: How should security teams govern AI agents that access business data?
A: They should govern AI agents like any other non-human identity: assign ownership, define the approved data scope, enforce policy before access is granted, and keep a verifiable record of each decision. If the agent cannot be tied to an owner and a purpose, it should be treated as ungoverned software, not an approved identity.
Q: Why do AI agents create new identity governance risks?
A: AI agents create risk because they can be deployed faster than review cycles can validate ownership, access scope, and business justification. That produces shadow identity sprawl, where software actors hold active privileges without a clear approver, lifecycle state, or audit trail. The result is governance drift, not just operational complexity.
Q: What breaks when delegated admin access is not scope-limited?
A: Delegated administration turns into hidden privilege creep when business admins can manage resources outside their intended boundary. Without backend enforcement, role names become advisory rather than binding, and access reviews lose meaning because the real control is no longer the role but the underlying attribute restrictions.
Q: Who is accountable when an AI agent exceeds its approved access?
A: Accountability should sit with the named owner of the agent and the team that approved its access scope. If no owner can be identified, that itself is the governance failure. Organisations should require evidence showing who approved the agent, what it was allowed to access, and which policy condition triggered any remediation.
How it works in practice
AI agent discovery and ownership mapping
Discovery is the first control layer because unknown agents cannot be governed. Josys describes a centralized dashboard that classifies AI agents, ties them to owners, and maps access scope across the environment. In identity terms, that shifts agents from shadow assets to governed entities with an accountable owner and a visible entitlement profile. The real technical value is not the dashboard itself but the ability to attach an approval chain, a data scope, and a review path to software actors that otherwise appear only in logs or API traffic.
Practical implication: build an inventory that records every agent, its owner, and its data scope before allowing production access.
Policy-based governance and automated remediation
Policy-based governance turns static rules into continuously evaluated controls. Josys says its policies can detect violations, alert, and trigger remediation automatically, with an audit trail for each action. That matters because manual approval workflows do not scale when agent behaviour or access changes faster than review cadences. The important architectural distinction is that policy enforcement happens against governed states, not just user requests, so the control can react when privilege drift, shadow deployment, or access expansion appears.
Practical implication: define machine-readable policy conditions for ownership, access scope, and approval status, then route violations into documented remediation.
Role-based admin scope with backend ABAC enforcement
Josys combines role-based access control with backend attribute-based enforcement so App Admins and Department Owners only see the resources they are meant to govern. That is a practical answer to delegated administration in multi-subsidiary environments, where broad admin rights often leak across business boundaries. RBAC gives the operating role, while ABAC enforces context such as assigned application, department, or organisational boundary. Used well, this prevents governance delegation from becoming a hidden privilege escalation path.
Practical implication: separate delegated administration rights from resource ownership rules so reviews and approvals remain bounded by business context.
NHI Mgmt Group analysis
AI agent governance should be treated as identity governance, not feature management. The moment an organisation asks who owns an agent, what it can access, and whether it is approved, it is already doing IAM. The field mistake is to treat agent oversight as a product-specific console problem instead of an access governance problem that spans discovery, ownership, entitlement scope, and review evidence. Practitioners should stop drawing a line between AI operations and identity operations.
Shadow AI is an access problem before it becomes a security problem. Unowned agents, like unowned service accounts, create entitlement drift because no one is responsible for lifecycle controls. That is why visibility and classification matter more than the label attached to the tool. The practitioner conclusion is simple: if you cannot name the owner and the approval path, you do not have governance.
Role-scoped delegation only works when the backend boundary is enforced, not just documented. Josys' emphasis on ABAC behind RBAC reflects a real governance weakness across many IAM programmes. Delegated access often expands in practice because business admins inherit broad rights that outlive the control intent. The practitioner conclusion is that delegated administration must be constrained by resource attributes, not by policy statements alone.
Audit readiness for AI agents depends on preserving the access decision trail, not just logging activity. Security teams often log what happened after the fact but fail to preserve why a software actor had authority in the first place. That distinction becomes critical when agent access is dynamic and operationally distributed across platforms. The practitioner conclusion is that evidence should prove ownership, scope, and policy state at the time of access, not merely record an event.
Credential monitoring and AI agent governance are converging into one control plane. Exposed credentials, session cookies, and over-privileged software actors all widen the same blast radius. The category is moving toward unified identity governance for humans, NHIs, and agentic systems because the attack surface is now shared. Practitioners should expect tooling, review processes, and audit demands to converge around access provenance and active privilege rather than identity type alone.
From our research:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
- For a wider control baseline, review NHI Lifecycle Management Guide for provisioning, rotation, and offboarding patterns.
What this signals
Identity governance teams will need one review model for humans, NHIs, and AI agents. The control problem is moving from isolated identity classes to shared accountability for software and human actors that both carry access. Josys' approach shows why the next programme maturity step is not another dashboard, but a single operating view of ownership, privilege, and evidence across the access estate.
Shadow AI will increasingly show up as secrets and access sprawl, not just as unsanctioned software. When an agent is invisible, its permissions are also invisible, which means credential monitoring, app discovery, and entitlement review have to operate together. That is why organisations should align agent governance with NIST Cybersecurity Framework 2.0 functions for identify, protect, detect, and respond.
Ephemeral software actors still leave governance debt. Even when access is policy-driven and automatic, organisations still need proof of who approved the agent, why the privilege existed, and when it should be removed. The programme signal is clear: identity teams that cannot connect approval, entitlement, and audit evidence will struggle to govern autonomous software at scale.
For practitioners
- Inventory every AI agent before granting production access Create a governed registry that captures agent owner, intended purpose, data scope, and approval status. Treat any agent that cannot be assigned these fields as unapproved software identity, and block access until the record is complete.
- Bind delegated admin rights to resource attributes Use backend ABAC conditions to restrict admin actions to assigned applications, departments, or business units. Do not rely on role names alone, because delegated privileges tend to expand beyond the original governance intent.
- Require policy-backed remediation for every agent violation Route policy breaches into a documented workflow that records the detected condition, the action taken, and the accountable owner. Keep that evidence tied to the access decision so audit teams can reconstruct why the control fired.
- Unify review of AI agents and exposed credentials Fold agent oversight, secret exposure monitoring, and account suspension into one operational process so teams can respond to both shadow software identities and compromised credentials without switching systems.
Key takeaways
- Josys is framing AI agent oversight as an identity governance problem, where ownership, access scope, and approval evidence matter as much as the agent itself.
- Delegated admin rights need backend enforcement or they turn into privilege creep across departments, applications, and business units.
- Practitioners should converge agent inventory, credential monitoring, and remediation into one control plane so governance does not fragment across tools.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | AI agent discovery and ownership mapping address unmanaged non-human identities. |
| NIST CSF 2.0 | PR.AC-4 | Delegated admin scope and privilege limitation map directly to access control governance. |
| NIST Zero Trust (SP 800-207) | AC-4 | Continuous verification fits policy-driven agent governance and access restriction. |
Apply zero trust policy checks so every agent request is evaluated against current context.
Key terms
- AI Agent Governance: The set of controls used to identify, approve, monitor, and revoke access for software actors that make independent operational decisions. It extends identity governance into ownership, entitlement scope, and audit evidence for agents that can act across tools and data sources.
- Shadow AI: Unmanaged or undiscovered AI agents operating inside an environment without clear ownership, approval, or lifecycle control. In practice, shadow AI becomes an identity problem because hidden software actors can hold access, interact with data, and create audit gaps before security teams notice them.
- Delegated Administration: A governance model where non-central administrators can manage a defined set of identities, applications, or resources. It only remains safe when the delegation boundary is enforced technically, not just described in policy, because broad admin rights can quietly become privilege creep.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance maturity, it is worth exploring.
This post draws on content published by Josys: June 2026 Newsletter, a new chapter in security and governance. Read the original.
Published by the NHIMG editorial team on 2026-06-29.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org