By NHI Mgmt Group Editorial TeamPublished 2026-07-08Domain: Governance & RiskSource: Unosecur

TL;DR: Enterprises are accumulating non-human identities far faster than they govern them, with service accounts, API keys, OAuth tokens, and AI agent credentials expanding attack surface across cloud, SaaS, and AI workflows, according to Unosecur. The governance model is now out of date: discovery, lifecycle control, and runtime visibility have to catch up before access sprawl becomes incident sprawl.


At a glance

What this is: This is an analysis of why non-human identity governance is lagging behind enterprise cloud, SaaS, and AI adoption, and where the lifecycle breaks most often.

Why it matters: It matters because IAM, IGA, PAM, and cloud security teams are increasingly responsible for credentials and service identities that outnumber humans and behave outside traditional review cycles.

By the numbers:

👉 Read Unosecur's analysis of non-human identity governance and AI agent risk


Context

Non-human identity governance is the problem of controlling the credentials, tokens, keys, certificates, and service accounts that machines and automated processes use to act in enterprise systems. The article argues that these identities now outnumber human identities at a scale that makes human-centric IAM controls too slow and too narrow for the job.

The governance gap is widening because cloud sprawl, SaaS integrations, and AI agent deployment all create new identities faster than organisations can inventory, scope, rotate, and retire them. For teams responsible for identity security, the issue is no longer whether NHIs matter, but whether existing lifecycle and monitoring models can still be trusted to contain them.


Key questions

Q: What breaks when non-human identities are created without ownership and expiry controls?

A: When NHIs are created without ownership and expiry, they become orphaned credentials that outlive the business reason for their existence. That creates hidden access paths, weak accountability, and a growing pool of stale identities that attackers can abuse later. The practical failure is not just sprawl. It is persistence without responsibility, which makes cleanup unreliable and incident response slower.

Q: Why do service accounts and API keys increase risk in cloud and SaaS environments?

A: Service accounts and API keys increase risk because they often carry standing access that is broader than the task they support. In cloud and SaaS environments, that broad access can be reused, copied, or forgotten across systems, which expands lateral movement options and makes revocation harder when the original use case ends.

Q: What do security teams get wrong about AI agent governance?

A: Teams often treat AI agents like ordinary workloads and govern only the credential, not the runtime behaviour. That misses the core risk. Agents can chain tool calls, make independent decisions, and operate across multiple systems, so governance has to include execution context, tool logging, and offboarding, not just identity issuance.

Q: Who is accountable when a non-human identity is left active after a project ends?

A: Accountability should sit with the business owner who approved the identity, the technical owner who provisioned it, and the security function that set the policy. If no one owns offboarding, the credential becomes permanent by accident. That is exactly why lifecycle governance must be explicit for machine identities, not assumed.


Technical breakdown

Why NHI sprawl becomes an identity governance problem

NHI sprawl occurs when every cloud workload, integration, and automation path adds another credential-bearing identity faster than security teams can inventory it. Unlike human accounts, NHIs are often created by scripts, copied from templates, or embedded in deployment flows, which means ownership and purpose drift immediately after provisioning. The result is a larger identity estate with weaker accountability, broader permissions, and less reliable offboarding. In practice, the risk is not just volume. It is the accumulation of stale, duplicated, and over-scoped identities that survive long after the business reason for them has disappeared.

Practical implication: treat discovery and ownership mapping as a standing control, not a one-time clean-up exercise.

How AI agent credentials change the access model

AI agents are not just another workload. They make runtime decisions, chain tool calls, and execute actions under identities that often inherit broad permissions from the systems they touch. That changes the access model because the credential no longer represents a fixed application path. It represents an actor that can choose among multiple actions at runtime. In identity terms, the control problem shifts from static entitlement management to governing what an agent can do, when it can do it, and how its tool use is observed. Without session context and tool-level logging, the SOC sees a valid credential but not the agent’s behaviour.

Practical implication: log agent tool calls, parameters, and context so authorisation can be evaluated at execution time.

Why lifecycle controls fail when credentials outlive the work

The lifecycle problem is simple but severe. NHIs are frequently created for migrations, pilots, vendor integrations, or short-lived projects, then forgotten when the work ends. If rotation, deprovisioning, and inactivity review are not automated, the credential remains valid long after the original purpose has expired. That creates persistent access paths that are difficult to detect because nothing appears broken from the system’s point of view. The identity still works, which is exactly the problem. Lifecycle governance has to assume that machine identities will be abandoned unless a system removes them deliberately.

Practical implication: tie NHI offboarding to inactivity, project closure, and vendor relationship changes, not human memory.


Threat narrative

Attacker objective: The attacker objective is to turn legitimate machine access into durable reach across systems, data stores, and cloud services without needing to break authentication.

  1. Entry begins when exposed, copied, or long-lived NHI credentials are used to authenticate as a legitimate service, API client, or AI agent identity.
  2. Escalation occurs when those credentials carry broad permissions, allowing discovery, cross-bucket access, or privileged tool use without triggering human review.
  3. Impact follows when the attacker or abused workflow uses valid identity paths to reach production data, infrastructure, or connected SaaS systems at scale.
  • Sisense breach — unauthorized GitLab access led to exfiltration of access tokens, API keys and certificates.
  • Salesloft OAuth token breach — hackers stole OAuth tokens to access Salesforce data via Salesloft.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

Non-human identity governance is now a lifecycle discipline, not an inventory project. The article is right to frame the problem as creation, use, rotation, and offboarding rather than as a single control failure. That lifecycle view matches how NHIs actually fail in enterprise environments: they are born over-scoped, remain opaque in use, and survive after the business process has ended. The implication is that identity programmes must be judged by whether they can continuously govern machine identities from birth to retirement.

The 144:1 identity ratio is a governance warning, not just a scale metric. When non-human identities outnumber human identities by that margin, human-centric review models stop being operationally credible. Access recertification, manual approvals, and periodic clean-ups cannot keep pace with cloud, SaaS, and AI-driven identity creation. Practitioners should read this as evidence that NHI governance must be automated, policy-led, and tied to runtime visibility, or it will always trail the environment it is meant to control.

Over-privileged NHIs create identity blast radius that IAM tools alone do not contain. The article’s examples show that the problem is not only credential existence but permission scope. A copied role, a stale OAuth token, or a long-lived API key turns a single identity into a multipliers for lateral movement and data exposure. That is why NHI governance must be integrated with PAM, cloud posture, and secrets management rather than treated as a separate hygiene workstream.

Agentic AI makes standing privilege a structural failure mode. AI agents do not just use credentials, they can choose actions, chain tools, and execute across systems at runtime. The old assumption that access can be fully understood at provisioning time was designed for stable service accounts, not agents that decide their next move mid-session. The implication is that identity governance for agents has to be rethought around execution context, not merely entitlement records.

Identity governance for autonomous systems now has to account for both machine scale and machine behaviour. The article signals a market shift toward controls that unify discovery, least privilege, logging, and lifecycle enforcement across cloud, SaaS, and AI workloads. That direction is consistent with OWASP-NHI and NIST-CSF thinking: the control surface is the credential, but the governance problem is the behaviour behind it.

From our research:

What this signals

Identity programmes will need to move from periodic review to continuous machine governance. The article points to a future where discovery, rotation, and offboarding are not separate projects but linked controls in the same lifecycle. With 67% of organisations still relying heavily on static credentials despite the risks they pose to agentic AI deployments, according to the 2026 Infrastructure Identity Survey, the operational gap is already visible.

Credential inventory will become a board-level assurance topic. If NHIs continue to multiply across cloud, SaaS, and AI estates, the question will shift from how many identities exist to how many are governed, observed, and revocable at runtime. That is the difference between an identity programme and an identity ledger.

Access for AI systems will increasingly be judged by runtime behaviour, not provisioning intent. Organisations that cannot explain what an agent can do, when it can do it, and how its actions are logged will struggle to defend least-privilege claims. The control model is moving toward execution-aware governance, and the teams that prepare now will be able to scale AI without inheriting invisible privilege.


For practitioners

  • Build a full NHI inventory first Scan cloud accounts, SaaS integrations, CI/CD systems, and AI workloads to enumerate service accounts, API keys, OAuth tokens, certificates, and workload identities. Assign an owner, purpose, and expiry to every credential so nothing remains anonymous.
  • Right-size permissions at provisioning time Scope minimum required access before a credential or role is used in production, especially for copied templates and agent workloads. Remove inherited permissions that exist only because they made the initial deployment easier.
  • Automate rotation and revocation triggers Trigger rotation on age, inactivity, project closure, and vendor offboarding rather than relying on manual reminders. Confirm that the new credential is live and the old one is invalidated, especially for hardcoded secrets and dormant tokens.
  • Instrument runtime behaviour for every NHI Centralise logs across providers and alert on baseline drift such as unusual bucket enumeration, cross-system calls, or agent tool use outside its expected task. Add session context so investigations can distinguish normal automation from abuse.
  • Govern AI agents before production scale-out Require named ownership, explicit business purpose, least privilege, and an offboarding trigger before an AI agent is deployed. Treat agent credentials as production identities with a lifecycle, not as temporary implementation details.

Key takeaways

  • Non-human identity sprawl is now a governance problem because credentials, not applications, are becoming the durable control point in modern enterprises.
  • The scale of the issue is already measurable, with most organisations lacking full visibility into service accounts and many exposing NHIs to third parties.
  • The practical response is to tie NHI governance to lifecycle ownership, least privilege, rotation, and runtime observation before AI adoption widens the gap further.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and MITRE ATT&CK address the attack and risk surface, while NIST CSF 2.0, NIST Zero Trust (SP 800-207) and NIST SP 800-53 Rev 5 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-01The article centres on discovery, ownership, and lifecycle gaps in non-human identities.
NIST CSF 2.0PR.AC-1Identity and access management controls are central to the article's governance model.
NIST Zero Trust (SP 800-207)The post repeatedly ties NHI risk to zero-trust style verification and least privilege.
NIST SP 800-53 Rev 5IA-5Credential lifecycle control is a core theme for API keys, tokens, and secrets.
MITRE ATT&CKTA0006 , Credential Access; TA0008 , Lateral MovementThe article links exposed machine credentials to access abuse and spread across systems.

Map NHI exposure to credential access and lateral movement tactics when prioritising detections.


Key terms

  • Non-Human Identity: A non-human identity is any machine credential used by a service, workload, application, or AI agent to authenticate and act. In practice, this includes service accounts, API keys, tokens, certificates, and workload identities that must be owned, scoped, monitored, rotated, and retired like any other identity asset.
  • Identity Blast Radius: Identity blast radius is the amount of access and downstream reach a compromised credential can unlock. The wider the permissions and the weaker the lifecycle controls, the more systems, data, and automation paths an attacker can touch after one identity is abused.
  • Lifecycle Governance: Lifecycle governance is the discipline of managing an identity from creation through use, rotation, review, and offboarding. For NHIs, it matters because machine credentials do not leave the company on their own, and they often remain valid long after the business purpose has expired.
  • Agent Tool Call: An agent tool call is a runtime action where an AI agent selects and uses an external system, API, or service to complete a task. The security issue is not the call alone, but whether the call is authorised, logged, and constrained by the agent's actual task context.

What's in the full article

Unosecur's full blog covers the operational detail this post intentionally leaves for the source:

  • The lifecycle-stage breakdown for creation, active use, rotation, and offboarding across service accounts, API keys, OAuth tokens, and AI agents.
  • The runtime monitoring approach for spotting abnormal NHI behaviour, including the detection patterns used for cloud and SaaS activity.
  • The MCP Gateway explanation for AI agent tool calls and how protocol-layer controls change visibility and authorisation.
  • The implementation examples for inventory, least-privilege scoping, and deprovisioning in mixed cloud and AI environments.

👉 The full Unosecur post covers the NHI lifecycle breakdown, AI agent governance model, and runtime control examples.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM or identity governance programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-07-08.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org