By NHI Mgmt Group Editorial TeamPublished 2026-06-05Domain: Agentic AI & NHIsSource: eMudhra

TL;DR: AI agents can only be governed if enterprises stop treating them like enhanced scripts and instead apply machine identity, PKI and signed models to establish who they are, what they may do and whether their code is trustworthy, according to eMudhra. Access review cadences, shared secrets and borrowed service accounts do not scale to autonomous actors whose actions must be attributable at runtime.


At a glance

What this is: This is an analysis of how machine identity, PKI and signed models create a trust model for AI agents, with the core finding that shared secrets and borrowed credentials fail to provide agent accountability.

Why it matters: It matters because IAM, PAM and NHI programmes need controls that can attribute agent actions, bound access by task and revoke trust without breaking production workflows.

By the numbers:

👉 Read eMudhra's analysis of machine identity, PKI and signed models for AI agents


Context

AI agent identity is the trust problem that appears once software can decide, act and call tools at runtime without a human approval gate. Existing IAM patterns struggle here because they were built for stable principals, predictable authorisation flows and credentials that last long enough to be reviewed.

The article argues that the practical answer is not a new security category, but the disciplined application of machine identity, PKI and signed models. That framing is relevant for NHI programmes because the governance question is no longer only who can authenticate, but which non-human actor can act, with what scope, and under which artefact provenance.


Key questions

Q: How should security teams govern AI agents that use shared service accounts today?

A: Treat shared service accounts as a transitional risk, not an acceptable steady state. They obscure attribution, make revocation coarse, and create excessive blast radius when multiple agents or workflows reuse the same credential. The better model is per-agent identity with certificate-based authentication, so every action can be tied to a specific principal and revoked without breaking unrelated automation.

Q: Why do AI agents need machine identity instead of only API keys?

A: API keys identify access, not a specific acting entity, and they are hard to attribute when several agents or workflows share them. Machine identity gives each agent a verifiable principal, which supports audit, policy enforcement and revocation at the agent level. That is the control boundary enterprises need when autonomous systems can act without a human in the loop.

Q: What do security teams get wrong about signed models and agent trust?

A: They often assume that authenticating the agent is enough. In reality, identity assurance and artefact assurance are separate problems: a legitimate agent can still run a poisoned or substituted model. Signed models close that gap by proving the execution artefact matches a trusted provenance chain before the agent is allowed to use it.

Q: How do certificate-based controls change NHI governance for AI agents?

A: They make identity lifecycle management operational instead of theoretical. Certificates can be issued at creation, rotated on schedule and revoked immediately when an agent is retired or compromised. That creates a governance model that is much closer to how autonomous systems actually behave than long-lived secrets and manual approvals do.


Technical breakdown

Machine identity for AI agents

Machine identity gives an AI agent a unique cryptographic identity instead of a borrowed login or shared service account. That matters because attribution, revocation and policy enforcement all depend on a stable principal. In practice, the identity is issued to the agent itself, not to the host or network location, which allows downstream services to make authorisation decisions against a named actor. This is the difference between tracing a task to a specific agent and seeing only anonymous infrastructure traffic.

Practical implication: replace shared agent credentials with per-agent identities that can be revoked and audited independently.

PKI as the trust fabric for agent authentication

Public key infrastructure binds the agent's identity to a key pair and provides the issuance, renewal and revocation machinery needed at scale. For AI agents, certificates are more governable than static secrets because they can be tied to short lifetimes, mutual TLS and policy-enforced trust chains. PKI also supports request signing and certificate validation, which lets downstream services verify origin and integrity before accepting an action. Without that trust fabric, agent authentication becomes little more than secret distribution.

Practical implication: anchor agent authentication in certificate-based trust and automate renewal and revocation.

Signed models and provenance controls

Signed models address a different trust layer: whether the code or weights an agent executes are the ones the platform intended to run. Model signing binds artefacts to provenance so the runtime can reject swapped, poisoned or tampered models before inference begins. This is especially important when agent behaviour is shaped by multiple components, because identity alone does not prove the execution artefact is safe. The control pattern is familiar from code signing, but the operational pressure is higher because model updates can change behaviour instantly.

Practical implication: require signature verification and provenance checks before agent models are deployed or invoked.


NHI Mgmt Group analysis

AI agent governance fails when organisations treat runtime autonomy like a normal service account problem. Shared secrets, borrowed logins and manual approval flows were designed for predictable, human-paced access patterns. That assumption breaks when an agent can initiate actions, select tools and operate at machine speed. The implication is that access governance must be redesigned around the actor, not just the workload.

Machine identity is the named concept that separates accountable agents from opaque automation. A verifiable identity bound to a specific agent, task and principal restores traceability that shared credentials erase. For NHI governance, that makes the identity itself the enforcement point for audit, revocation and scope control. Practitioners should treat agent identity as the minimum condition for any credible control plane.

Signed models show that identity assurance and execution assurance are not the same control. An agent can be correctly identified and still run tampered or untrusted code. That distinction matters because model provenance, certificate chains and runtime verification sit on different assurance layers. Security teams need to govern both the actor and the artefact if they want trustworthy autonomous behaviour.

PKI becomes the operational backbone once AI agents move from experimentation to production. The article's real signal is that certificate-based trust scales better than static secrets for short-lived, high-churn non-human actors. That aligns with broader NHI practice: automation is only governable when issuance, renewal and revocation are already industrialised. Practitioners should align agent identity strategy with lifecycle automation, not ad hoc secret handling.

From our research:

  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data and revealing access credentials.
  • That pattern strengthens the case for OWASP NHI Top 10 and for policy models that govern agent identity, provenance and tool access together.

What this signals

Agent identity is becoming an infrastructure problem, not an experiment problem: once AI agents reach production scale, the governance challenge shifts from whether they can authenticate to whether their lifecycle can be issued, rotated and revoked without manual intervention. That is the same industrialisation pressure NHI programmes already face, and it makes the Ultimate Guide to NHIs relevant to AI agent rollouts as well.

With 96% of technology professionals identifying AI agents as a growing security threat, the programme signal is clear: security teams will be asked to prove control, not intent. The practical question becomes whether identity, provenance and policy checks can be enforced at machine speed before agents expand their access footprint.


For practitioners

  • Eliminate shared agent secrets Assign each AI agent a distinct cryptographic identity so actions can be attributed, scoped and revoked without affecting unrelated services.
  • Automate certificate lifecycle operations Use short-lived certificates, renewal automation and revocation workflows so agent trust does not depend on manually managed API keys or environment variables.
  • Verify model provenance before execution Gate deployment and inference on signature validation so the platform can reject tampered or substituted model artefacts.
  • Bind authorisation to the agent, not the host Write policies around the named agent identity and task scope rather than IP address, machine name or shared infrastructure account.

Key takeaways

  • AI agents need verifiable machine identity because shared secrets cannot provide reliable attribution, revocation or scope control.
  • PKI and signed models solve different halves of the trust problem, and both are required for production-grade agent governance.
  • Enterprises that build lifecycle automation now will be better positioned to control autonomous systems as deployment volumes rise.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST AI RMF, NIST Zero Trust (SP 800-207) and NIST SP 800-53 Rev 5 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-01Shared secrets and weak attribution are the core risk in the article.
NIST CSF 2.0PR.AC-1The article centers on identity and access enforcement for non-human actors.
NIST AI RMFGOVERNAutonomous behaviour requires clear governance, ownership and accountability.
NIST Zero Trust (SP 800-207)Mutual trust and continuous verification align with zero-trust agent access.
NIST SP 800-53 Rev 5IA-5Credential and authenticator management is central to certificate-based agent trust.

Replace shared agent credentials with per-identity controls and automate lifecycle revocation.


Key terms

  • Machine Identity: A machine identity is a cryptographically verifiable principal assigned to a non-human actor such as an agent, workload or service account. It lets security teams bind access, audit and revocation to a specific actor instead of to shared infrastructure or a generic login.
  • Signed Model: A signed model is an AI model or weights package whose integrity and provenance are protected with cryptographic signatures. In autonomous systems, signing proves the runtime artefact has not been altered or replaced before the agent executes it.
  • Certificate Lifecycle Automation: Certificate lifecycle automation is the process of issuing, renewing, discovering and revoking certificates without manual intervention. For AI agents and other NHIs, it is what prevents trust from collapsing under high churn and short-lived credentials.
  • Agentic AI Identity: Agentic AI identity is the governance model for software entities that can choose actions and call tools at runtime. It combines identity, access and provenance controls so the actor, its permissions and its execution artefacts can all be verified independently.

What's in the full article

eMudhra's full article covers the operational detail this post intentionally leaves for the source:

  • How the certificate lifecycle is automated for thousands of short-lived agent identities.
  • How emCA, CertiNext and SecurePass are positioned in the trust architecture described by the source.
  • How signed model verification is applied before deployment or inference in practice.
  • How the article ties machine identity to auditability, provenance and revocation workflows.

👉 eMudhra's full article covers the trust architecture, lifecycle automation and model-signing detail behind AI agent security.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-06-05.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org