By NHI Mgmt Group Editorial TeamPublished 2026-06-16Domain: Breaches & IncidentsSource: Linx Security

TL;DR: Identity governance has moved from compliance workflow to enterprise security control, with Linx Security arguing the shift as it raised $50 million in Series B funding, citing millions of governed identities, 80-to-1 identity ratios, and nearly 90% of security incidents tied to identity failures. The funding underscores how rapidly IAM, NHI, and agent governance are converging into one operating problem.


At a glance

What this is: Linx Security’s Series B frames identity governance as a core security control for environments now dominated by human, machine, and AI identities.

Why it matters: IAM teams need to treat NHI sprawl and emerging agent governance as part of the same control plane, because visibility, lifecycle, and remediation failures now affect every identity type.

By the numbers:

👉 Read Linx Security's announcement on its $50 million Series B funding


Context

Identity governance is no longer a back-office review process. In cloud-heavy, automation-rich environments, the control problem is visibility and lifecycle enforcement across employees, service accounts, tokens, and AI agents operating under different rules but sharing the same business impact.

Linx Security’s funding round matters because it reflects a broader shift in practitioner priorities. Security teams are being pushed to govern identities continuously, not periodically, as NHI sprawl and agent activity make manual certification cycles too slow for the pace of change.


Key questions

Q: How should security teams govern human, NHI, and AI agent identities in one programme?

A: Treat them as one governance domain with actor-specific controls. Humans need authentication and access review, NHIs need secret rotation and offboarding, and AI agents need runtime boundaries and accountability for tool use. The programme should share inventory, ownership, and reporting, but not collapse the distinct lifecycle rules that each actor type requires.

Q: Why do periodic access reviews fail for high-churn machine identities?

A: Because review cycles assume identity state stays stable long enough to be observed and certified. High-churn machine identities can be created, reused, or over-privileged between review windows, which leaves governance blind spots. Continuous detection and exception-based review are more effective when entitlement changes happen faster than audit cadence.

Q: How do organisations decide which identity changes can be automated safely?

A: Start by classifying identity actions by blast radius, reversibility, and confidence in the detection signal. Routine low-risk changes can be auto-remediated, but privilege expansion, cross-system access changes, and ambiguous ownership should route to human approval. The key is to automate bounded actions, not governance itself.

Q: What should IAM leaders measure to know if identity governance is improving?

A: Measure entitlement duration, time to revoke access, orphaned identity count, and the percentage of identities under active ownership. Those signals show whether governance is keeping pace with creation and change across users, workloads, and agents. If access persists without review or owner clarity, the programme is still reactive.


Technical breakdown

Why continuous identity governance is replacing periodic reviews

Traditional identity governance was built around scheduled certification, static entitlements, and human-paced approval loops. That model weakens when identities are created programmatically, change frequently, or exist only for a task. Continuous governance uses event-driven discovery, activity correlation, and policy enforcement to keep entitlement state aligned with live usage. The technical shift is not just faster reporting. It is a move from snapshot-based oversight to always-on control of identity drift, especially where service accounts and AI-driven workloads change faster than audit cycles.

Practical implication: map where your current reviews still depend on snapshots, then move high-churn identities to continuous monitoring and exception-based governance.

How autonomous remediation changes identity control architecture

Autonomous remediation means the control plane can act on identity risk without waiting for a human to approve every change. In practice, that requires tight policy boundaries, high-confidence detection logic, and clear escalation rules so automation does not become uncontrolled privilege movement. For machine and agent identities, this is especially relevant because access can be provisioned and consumed in short windows. The architecture needs to separate discovery, decisioning, and enforcement so each action is attributable, reversible, and bounded by governance policy.

Practical implication: define which identity changes can be auto-remediated and which must route to human approval before any enforcement action is taken.

Why identity governance now spans human, NHI, and agent identities

Identity systems increasingly manage actors with different lifecycles but shared governance requirements. Human identities still need authentication and access review, NHIs need secret rotation and offboarding, and autonomous agents need runtime constraints plus accountability for tool use. The architecture challenge is that all three can touch the same data, infrastructure, and privileges, but each fails differently when governance is built for only one class of identity. The result is a fragmented control surface unless the organisation treats identity as one programme with multiple actor types.

Practical implication: build one governance model with actor-specific controls rather than separate, disconnected programmes for users, machines, and agents.


NHI Mgmt Group analysis

Identity governance is becoming the control plane for every actor type, not just people. The funding round reflects a structural shift in how enterprises think about access, lifecycle, and accountability. Human IAM, NHI governance, and agent oversight are no longer separate workstreams once machines and AI systems outnumber employees and create more security events than users do. The practical conclusion is that identity programmes now have to govern behaviour across multiple actor types with one operating model.

Manual certification is no longer a sufficient operating model for high-churn identities. Review cycles assume entitlement state remains stable long enough to be observed, validated, and revoked. That assumption breaks when service accounts, tokens, and autonomous workflows change faster than the review cadence. The implication is that governance teams need to rethink control timing, not just add more checkpoints.

Autonomous remediation is best understood as a control boundary problem, not just an efficiency feature. Once the control plane can act on identity risk in real time, the important question becomes where machine action ends and human accountability begins. This shifts identity governance toward policy bounded enforcement, auditability, and exception handling across NHI and agent workflows. The practical conclusion is that organisations must define the action scope before they automate the response.

Standing privilege remains the core failure mode linking NHI sprawl and agent governance. As identities multiply, the default failure is persistent access that outlives need. That issue is visible in service accounts, API tokens, and agent permissions alike, which means privilege lifecycle and review discipline are now shared concerns across the full identity stack. The practical conclusion is to treat entitlement duration as a governance variable, not a technical afterthought.

Identity blast radius is becoming a useful concept for board-level risk discussions. When millions of identities are governed in one environment, a single weak lifecycle process can affect a much larger operational footprint than in human-only IAM. The category is moving toward continuous governance because the cost of slow detection is measured in multiplied downstream access, not isolated account exposure. The practical conclusion is that identity risk should be reported in terms of control reach and blast radius.

From our research:

  • 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
  • Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
  • For the lifecycle angle, see Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs for the governance detail this post leaves out.

What this signals

The next phase of identity programmes is less about consolidating directories and more about deciding which identities are allowed to act without waiting for humans. As machine and agent counts rise, governance models built for periodic review will keep underperforming unless they shift toward event-driven ownership, exception handling, and continuous entitlement validation.

Identity blast radius: this is the practical measure that will matter more than identity count alone. When a single service account, token, or agent permission can touch multiple systems, the programme risk is determined by how far one control failure propagates, not by the total number of identities on the books.


For practitioners

  • Inventory identity actor types separately Classify human identities, NHIs, and AI agents in distinct inventories so lifecycle rules, ownership, and review cadence can be applied by actor type instead of by system alone.
  • Replace snapshot reviews with continuous monitoring Use event-driven signals to detect entitlement drift, secret exposure, and unusual identity behaviour between formal access reviews, especially for high-churn machine identities.
  • Set explicit auto-remediation boundaries Document which identity changes can be remediated automatically and which must be escalated, with reversible actions and clear ownership for every exception path.
  • Measure entitlement duration as a risk indicator Track how long privileges remain active after use begins, because short-lived access with no review signal creates the same governance blind spot as standing access in slower systems.

Key takeaways

  • Linx Security's funding round signals that identity governance is now being treated as a core security control across human, machine, and agent identities.
  • The central problem is control timing: periodic review models cannot keep pace with high-churn identities, so visibility and remediation have to become continuous.
  • Practitioners should rework ownership, entitlement duration, and auto-remediation boundaries now, before identity sprawl turns governance gaps into broader operational risk.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-03Identity lifecycle and secret handling are central to the article's governance problem.
NIST CSF 2.0PR.AC-1Continuous identity visibility and entitlement control align with access governance outcomes.
NIST Zero Trust (SP 800-207)AC-6Least-privilege enforcement is the core control issue as identities multiply across environments.

Map identities to authoritative owners and verify access continuously, not only at periodic review.


Key terms

  • Identity Governance: Identity governance is the set of policies, processes, and controls used to decide who or what should have access, for how long, and under what conditions. In modern environments it must cover humans, service accounts, tokens, and AI agents, with lifecycle controls that match each actor type.
  • Non-Human Identity: A non-human identity is any machine-issued or machine-used identity such as a service account, API key, token, certificate, workload identity, or bot. These identities often act at scale, change quickly, and are easy to over-privilege if ownership, rotation, and offboarding are not tightly controlled.
  • Identity Blast Radius: Identity blast radius is the amount of downstream access, data, and infrastructure a single identity failure can affect. The concept matters because one over-privileged or orphaned identity can expose many systems, making duration, scope, and ownership more important than raw identity count.

What's in the full analysis

Linx Security's full post covers the operational detail this post intentionally leaves for the source:

  • Funding context and go-to-market signals behind the $50 million Series B round
  • The company's own framing of Autopilot and how it approaches identity governance automation
  • Enterprise customer and contract context that explains where the market demand is coming from
  • The business expansion priorities the company says the funding will support

👉 The full Linx Security post covers the funding context, customer traction, and Autopilot overview.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-06-16.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org