OWASP agentic security governance in 2026 raises identity gaps

At a glance

What this is: This is an AMA webinar on OWASP's 2026 state of agentic AI security and governance, highlighting real incidents, revised agent taxonomy, and new agent identity and supply chain sections.

Why it matters: It matters because IAM, NHI, and governance teams need a shared model for where human-centric controls stop working and how autonomous or agentic access changes trust boundaries.

👉 Register for Zenity's live AMA on OWASP agentic security and governance

Context

Agentic AI security is moving from theory to operational governance, and the central problem is that controls designed around human operators do not fully map to software that can choose tools, act in session, and delegate work. That makes identity the control plane for the conversation, not an adjacent concern.

Zenity's webinar frames the 2026 OWASP State of Agentic AI Security and Governance report as a response to evidence collected from real incidents and use cases. For IAM and security leaders, the immediate question is whether current programmes distinguish between agent identity, non-human identity, and the human accountability chain behind them.

Key questions

Q: How should security teams govern agent identities differently from service accounts?

A: Security teams should treat agent identities as a separate governance class when the software can choose tools, initiate actions, or continue work without a human approval gate. Service accounts usually follow predefined access paths, while agents need runtime constraints, delegated authority limits, and stronger accountability for each action path.

Q: Why do human access review processes fail for agentic systems?

A: Human access review processes fail because they assume access persists long enough for a reviewer to observe, certify, and revoke it. Agentic systems can obtain, use, and release privileges inside a short runtime window, so the review cycle arrives after the relevant decision has already been made.

Q: What do security teams get wrong about agent identity and NHI?

A: The common mistake is assuming every machine credential is governed the same way. Agent identity introduces decision-making, delegated action, and tool use, which means the governance question is no longer just who has access but what the actor is allowed to do at runtime.

Q: How can organisations prepare for governance of AI agents in production?

A: Organisations should start with ownership, provenance, and runtime scope. That means naming the accountable team, inventorying the tools and dependencies the agent can touch, and setting boundaries that reflect actual execution paths rather than static entitlement lists.

Background and context

Agent identity versus non-human identity

Agent identity is the governance label for a software actor that can initiate actions, select tools, and carry out work in a runtime context. Non-human identity is the broader identity class that covers service accounts, API keys, tokens, certificates, and other machine credentials. The distinction matters because a traditional NHI model often assumes static ownership, stable scope, and predictable use, while an agent may need controlled delegation, dynamic tool access, and tighter runtime policy. OWASP's revised taxonomy signals that teams must stop treating all machine credentials as equivalent.

Practical implication: map which identities are pure NHI and which are agent identities, then govern them under different lifecycle and authorisation rules.

Why human-operator controls become the attack surface

Human operator controls assume a person requests access, uses it deliberately, and can be reviewed after the fact. Agentic systems can compress those assumptions by chaining actions, invoking tools, and passing decisions across multiple runtime steps. That means approval workflows, review cadences, and static entitlement checks may be too slow or too coarse for the actual decision loop. The resulting risk is not just broader access, but a mismatch between how access is granted and how access is consumed.

Practical implication: evaluate whether approval gates, recertification, and session controls are still meaningful when the actor can complete work faster than the governance loop.

Supply chain provenance and AI sbom for agent governance

The report's added attention to AI SBOM and supply chain provenance points to a widening trust boundary around models, tools, prompts, and dependencies. For agentic systems, security is not only about the agent's identity but also about which components it can call, inherit trust from, or use to reach other environments. Provenance becomes part of identity governance because the runtime path determines whether an action is legitimate, attributable, and auditable. That is especially important when agents interact with enterprise assistants or coding systems that can touch privileged data and repositories.

Practical implication: build inventory and provenance checks into agent onboarding so that identity governance includes the tools and model chain, not just the account.

NHI Mgmt Group analysis

Agent identity is becoming a distinct governance category, not a branding variation of NHI. The article's taxonomy update matters because a coding agent or enterprise assistant can have runtime behaviour that is materially different from a service account holding the same underlying credentials. If teams collapse both into one machine-identity bucket, they miss the need to govern delegated action, tool selection, and execution timing as separate controls. The implication is that IAM and GRC teams need a differentiated control model for agent identities.

Human-centric controls create a false sense of coverage when applied to agentic systems. Review-based governance assumes a stable operator, a visible access request, and enough time for certification before the next action. Agentic systems can bypass that rhythm by acting within the same session they were authorised in, which makes the inherited human control pattern misaligned to the actual risk. The implication is that governance must stop assuming operator-paced access consumption as the default.

AI SBOM and provenance are now identity questions because trust follows the runtime path. Once an agent can call tools, models, and downstream services, the chain of trust is no longer just about who signed in. It is about what components were assembled, what dependencies were permitted, and whether the resulting action can be traced to an accountable policy. The implication is that identity governance for agents must extend into software and supply chain lineage.

Agentic security is forcing convergence between NHI governance, application security, and AI oversight. The report's framing shows that the field is moving toward one operational question: who or what is allowed to act, with which tools, under which constraints, and with which evidence trail. That convergence is where the most useful control design will emerge, because siloed ownership leaves gaps between access, execution, and assurance. The implication is that practitioners should organise around the action path, not the team boundary.

From our research:

• Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks, according to The 2024 ESG Report: Managing Non-Human Identities.
• Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, according to The 2024 ESG Report: Managing Non-Human Identities.
• For the broader breach pattern behind this risk, see 52 NHI Breaches Analysis for recurring causes and response lessons.

What this signals

Agent identity governance is likely to become a standard control discussion alongside NHI lifecycle management. As enterprises move from assistants to systems that can actually act, the control question shifts from access presence to action authority. That means teams should expect policy, audit, and ownership requirements to converge around one runtime decision path.

The useful near-term signal is not whether an agent is present, but whether the organisation can explain every tool, model, and permission the agent can inherit. Where that explanation is missing, the security programme already has a provenance problem that will surface during review or incident response.

With more than one-quarter of organisations in our research having encountered multiple NHI attacks, the governance burden is already cumulative, and agentic systems will add to that load rather than replace it. The practical response is to organise trust boundaries by actor type and action path, not by team structure.

For practitioners

• Separate agent identities from generic machine accounts Inventory which software actors can select tools or initiate actions at runtime, then assign them a governance path that is distinct from ordinary service accounts. Use the agent label only when the behaviour includes decision authority, not just automation.
• Reassess approval and review cadences for runtime actions Test whether access reviews, recertification, and manual approval gates can actually intervene before an agent completes a task. If they cannot, the control is compensating for a human-paced workflow that no longer exists.
• Add provenance to identity onboarding for agents Track the models, tools, plugins, and upstream dependencies an agent can use before it is allowed into production. This creates an auditable boundary for the action path and helps explain which components inherited trust.
• Define accountable owners for delegated agent actions Assign a named owner for the policy, tool scope, and business outcome of each agentic workflow. Without that ownership, incident response and governance both stall because nobody can certify what the agent was authorised to do.
• Use the report to reset governance language Adopt terminology that separates human identity, NHI, and agent identity so teams do not overgeneralise controls across all three. That shared vocabulary is often the first step toward clearer operating boundaries.

Key takeaways

• Agentic systems change the identity problem because they can act, delegate, and consume access in ways human-centric controls were not built to govern.
• The report's focus on real incidents, taxonomy, and provenance shows that AI security is now an identity governance issue, not a separate technical niche.
• Practitioners should distinguish agent identity from generic NHI, then rebuild ownership, review, and provenance controls around runtime action paths.

Key terms

• Agent Identity: Agent identity is the governance construct for a software actor that can make runtime decisions, select tools, and carry out actions with limited or no human intervention. It sits alongside NHI but needs its own policy, ownership, and audit model because behaviour is dynamic, not just credentialed.
• Non-Human Identity: Non-human identity is any digital identity used by a machine, workload, service, or automated process rather than a person. It includes service accounts, tokens, API keys, certificates, bots, and AI agents, and it must be governed for ownership, scope, lifecycle, and evidence of use.
• Agentic Governance: Agentic governance is the control layer that defines what an AI agent may do, which tools it may use, and who is accountable when it acts. It extends identity governance into runtime behaviour, provenance, and delegated authority, because static entitlement checks alone do not capture agent decisions.
• AI SBOM: An AI SBOM is an inventory of the models, tools, dependencies, and components that make up an AI system. For agentic systems, it helps security teams understand what the actor can inherit trust from, where the runtime path reaches, and which dependencies must be audited.

Deepen your knowledge

Agent identity governance and runtime authorisation are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are adapting IAM controls for agentic systems, it is worth exploring.

This post draws on content published by Zenity: AMA Webinar on the OWASP State of Agentic Security & Governance in 2026. Read the original.