Non-human identity governance foundations for AI agents

At a glance

What this is: This is an identity governance analysis of why non-human identities need continuous inventory, ownership, lifecycle control, certification, and risk signals to be governed at all.

Why it matters: For IAM and NHI teams, it shows why people-first governance models miss the control points that determine whether service accounts and AI agents stay auditable and contained.

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.

👉 Read Omada Identity's analysis of non-human identity governance foundations

Context

Non-human identity governance starts with a simple problem: enterprises create service accounts, API keys, OAuth tokens, and AI agents faster than they can account for them. When identity programs were designed around people, the result is predictable. Ownership is unclear, credential age is unmanaged, and review cycles do not capture what these identities actually do in production.

This blog frames the right baseline for NHI governance. Continuous inventory, accountable ownership, lifecycle governance, certification, and risk signals are not optional add-ons. They are the minimum conditions for proving control over automation, and the same foundation becomes even more important as AI agents begin to make decisions and take actions independently.

Key questions

Q: How should security teams implement NHI governance before AI agents scale further?

A: Start with continuous discovery, then add ownership, lifecycle triggers, certification, and escalation. Security teams should not treat those as separate projects. They form one control loop that tells you what exists, who is responsible, when access should change, and when the identity should be removed.

Q: Why do non-human identities complicate standard IAM reviews?

A: Because their value does not map cleanly to a human job role. An NHI may outlive the project that created it, keep active credentials for years, and still show up as valid in systems of record. Reviewers need purpose, usage, and ownership context to make a sound decision.

Q: What breaks when service accounts and API keys are not governed as identities?

A: The organisation loses accountability and lets access drift into routine operations. Credentials stay active after projects end, unused identities retain privilege, and no one can prove why access still exists. That creates audit gaps and expands the blast radius if a secret is exposed.

Q: Who is accountable when an AI agent acts outside its intended scope?

A: The organisation is accountable, but operational responsibility should sit with a named owner and a governance process that can explain the agent’s purpose, access, and recorded actions. Without that, autonomous behaviour becomes unassignable risk rather than managed automation.

Technical breakdown

Why continuous NHI inventory is the first control boundary

A non-human identity inventory is more than a list of accounts. It is a normalized view of what each identity is, where it exists, what it can access, how old its credentials are, and who owns it. That context matters because service accounts, cloud roles, CI/CD credentials, and AI agent credentials are created outside the cadence of human onboarding. A static snapshot fails quickly because automation is ephemeral and distributed across platforms. The governance problem is not discovery alone. It is maintaining enough metadata to make every identity reviewable, rotatable, and removable when needed.

Practical implication: build continuous discovery with ownership and access context attached to every NHI record.

How ownership and lifecycle governance keep credentials from drifting

Ownership gives an NHI a decision-maker. Lifecycle governance gives it a defined start, change, and end. Without both, credentials persist after projects close, engineers leave, or integrations are retired. That is especially risky for API keys and tokens because they often have no natural expiry or human reminder to force review. Lifecycle governance therefore needs explicit triggers for provisioning, scope change, rotation, and deprovisioning. The control goal is not perfection in the first pass. It is to ensure that every identity can be justified, changed, and retired under a documented process instead of surviving by default.

Practical implication: require a declared owner, business justification, and retirement trigger for every NHI.

What certification and risk signals should look for in NHI governance

Certification for NHIs works differently from human access review because reviewers need to assess purpose, usage, privilege scope, and the current need for access. A non-human identity can remain technically valid long after its purpose has ended, so review must focus on evidence of actual use rather than title or job role. Risk signals should also move beyond login anomalies. Missing ownership, inactive identities with active privilege, credentials outside rotation thresholds, and access that exceeds observed usage are stronger indicators of drift. This is where governance becomes operational rather than symbolic.

Practical implication: tune access reviews to actual NHI purpose, usage, and credential age instead of copying human-review templates.

Threat narrative

Attacker objective: The attacker wants durable access to non-human identities that can be reused to query systems, move laterally, or expose sensitive data and model assets.

1. Entry via a publicly exposed API key in a source repository or integration path.
2. Escalation through broad, unscoped access that reaches multiple models, environments, or production systems.
3. Impact through prolonged credential validity that keeps sensitive automation reachable until revocation.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Dropbox Sign breach — compromised Dropbox Sign service account exposed API keys and OAuth tokens.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Non-human identity governance is now a lifecycle discipline, not a visibility project. Discovery matters, but discovery without ownership, certification, and retirement logic leaves the control plane incomplete. Enterprises that stop at inventory create a list of risky identities without changing the risk. Practitioners should treat lifecycle governance as the real boundary between unmanaged automation and auditable identity control.

Service accounts and AI agents expose the same governance weakness for different reasons. Service accounts drift because they are forgotten. AI agents drift because they can act autonomously and accumulate permission through delegation. The control model has to cover both patterns, but the audit question is no longer only who created the identity. It is whether the organisation can explain why it still exists and what it is allowed to do.

Certification campaigns for NHIs need operational evidence, not administrative approval. A review that confirms an account exists is not a meaningful review. Governance teams need purpose, usage, privilege scope, credential age, and owner accountability in the same record. Without that evidence, certification becomes a checkbox exercise that will not survive scrutiny from auditors or regulators.

NHI risk signals should be treated as escalation triggers, not dashboard noise. Missing owners, stale credentials, and over-scoped access are not metrics to watch passively. They are conditions that require a defined response path, because waiting until the next review cycle extends the exposure window. Practitioners should design response ownership before they design more reporting.

AI agent governance inherits NHI governance, but it also exceeds it. Agents still depend on credentials, access scopes, and ownership, so the NHI foundation remains mandatory. The difference is that autonomous decision-making creates a new evidence requirement: organisations must show not just that access existed, but that the resulting actions stayed within declared purpose. That moves governance from static entitlement review to behavioural accountability.

From our research:

• Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
• 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
• That is why Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs is the next resource for teams building rotation and offboarding discipline.

What this signals

Identity governance teams should expect NHI controls to converge with AI agent oversight. The same ownership and lifecycle disciplines that help with service accounts now need to extend to autonomous systems that can execute tools and persist access. With 70% of organisations already granting AI systems more access than human employees, the control question is no longer whether NHIs belong in IAM. It is whether IAM can express bounded authority for non-human actors at all.

Governance programmes will be judged by whether they can produce evidence, not just policy. Regulators and auditors will care less about stated intent than about whether an organisation can show who owns each identity, how often it is reviewed, and what happened when risk signals appeared. That shifts the operating model toward continuous evidence capture and away from periodic document checks.

For practitioners

• Build a continuous NHI inventory Include service accounts, API keys, OAuth tokens, cloud roles, CI/CD credentials, bot identities, and AI agents. Attach purpose, location, access scope, credential age, and named owner so the inventory is usable for review and remediation.
• Assign accountable ownership to every identity Require a named individual who can justify why the identity exists, what it does, and whether it still needs access. Escalate unattributed identities quickly and default to deprovisioning when ownership cannot be established.
• Add lifecycle triggers for rotation and retirement Tie provisioning, scope changes, rotation, and deprovisioning to documented events such as project closure, application retirement, or access expansion. Use defined thresholds for credential age so long-lived secrets do not persist unnoticed.
• Tune certification to NHI purpose and actual usage Ask reviewers to compare declared purpose, observed use, and privilege scope. Treat unused identities with active privileges as exceptions that need an outcome, not as records to be acknowledged.
• Route risk signals into an escalation path Alerting only matters when it reaches someone with authority to act. Missing owners, outdated credentials, and access beyond usage should open tickets, approvals, or revocation workflows rather than waiting for the next review cycle.

Key takeaways

• Non-human identities fail governance first through missing ownership and lifecycle control, then through exposure.
• The scale problem is already visible in the data, with very few organisations able to see service accounts end to end.
• Teams should treat NHI governance as the foundation for AI agent oversight, not as a separate programme.

Key terms

• Non-Human Identity: A non-human identity is any machine or software identity used to authenticate and access systems. This includes service accounts, API keys, tokens, certificates, bots, workloads, and AI agents. The governance challenge is that these identities often outnumber people and can persist with access long after their original purpose ends.
• Lifecycle Governance: Lifecycle governance is the set of controls that define how an identity is created, changed, reviewed, rotated, and removed. For non-human identities, the process must be explicit because there is no HR event to trigger it. Without lifecycle governance, credentials tend to survive by default instead of by design.
• Certification Campaign: A certification campaign is a structured access review in which owners confirm whether an identity still needs its permissions. For NHIs, the review must include purpose, actual usage, privilege scope, and ownership because role-based human review logic does not map cleanly to automation.
• Risk Signal: A risk signal is an operational indicator that an identity may be misused, over-privileged, or unmanaged. In NHI governance, signals such as missing owners, stale credentials, unused accounts with active access, and privileges beyond observed behaviour should trigger action, not just reporting.

Deepen your knowledge

Non-human identity governance and lifecycle control are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building a governance programme from a service-account-heavy starting point, it is worth exploring.

This post draws on content published by Omada Identity: Non-Human Identities Don't Govern Themselves: Building the Governance Foundation for NHI and AI Agents. Read the original.