TL;DR: Most enterprise identities are now non-human, and recent studies cited by Identra show machine identities outnumber human ones by tens to more than 100 per person; the article argues that inventory, vaulting, and posture scanning do not answer who acted, with what authority, and on whose behalf. The governance gap is structural, because machine authority can outlive ownership, context, and runtime visibility.
At a glance
What this is: This is an argument that non-human identities now dominate enterprise identity estates and that current IAM hygiene does not provide accountability, lifecycle control, or runtime governance.
Why it matters: It matters because IAM, PAM, IGA, and NHI programmes have to govern machine authority as a first-class identity problem, not as a secrets-management side effect.
By the numbers:
- Recent industry studies report tens to more than 100 machine identities per human, depending on what is counted and the environment measured.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
👉 Read Identra.ai's analysis of the non-human majority and identity accountability
Context
Non-human identity has become the dominant identity problem because the majority of enterprise authority now sits with workloads, service accounts, tokens, and agents rather than people. The core failure is not that these identities exist, but that they are often governed as isolated secrets instead of accountable principals with defined scope, runtime, and owner.
The article frames this as an accountability gap: authority has expanded faster than the organisation's ability to identify, attribute, observe, and stop it. That gap is familiar to IAM, PAM, IGA, and workload identity teams, but the article pushes it further into agentic AI territory by treating autonomy as an attribute that changes how access must be governed. The starting position is broadly typical for modern enterprises.
For practitioners, the practical question is whether current identity programmes can still answer the four basic questions of identity security: what is it, what authority does it have, what is it doing now, and who can stop it. If the answer breaks down for machine and agent identities, the governance model is already behind the environment.
Key questions
Q: How should security teams govern machine identities in industrial environments?
A: Security teams should govern machine identities the same way they govern privileged access: assign an owner, define a specific purpose, limit scope, and review it continuously. In practice, that means tracking service accounts, certificates, APIs, and connectors as non-human identities with their own lifecycle, not as background infrastructure. A machine identity should never have broader access than its workflow requires.
Q: What problem does ownership attribution solve for service accounts and API keys?
A: It closes the gap between exposure detection and accountable remediation. Many organisations can find the secret, but not the human who introduced it, maintains it, or can safely replace it. Ownership attribution gives security teams a practical way to assign action without relying on informal knowledge that disappears during staff changes.
Q: What breaks when organisations cannot see all of their non-human identities?
A: What breaks is governance itself. Without a complete inventory, teams cannot confirm who owns a credential, whether it still has a valid purpose, or whether it should be rotated or removed. Discovery gaps also hide over-privilege and stale secrets, which means incident response and access review both start from incomplete data.
Q: What should teams do when machine identities can act at runtime without human review?
A: Teams should shift from static approval models to closed-loop runtime governance. The control objective is to detect and stop actions while the identity is still executing, because machine-speed decisions can outrun human review and leave no useful remediation window after the fact.
Technical breakdown
Why machine identities break human IAM assumptions
Human IAM assumes a stable subject, a bounded session, and a clear offboarding moment. Machine identities do not inherit that rhythm. A service account, token, or API key can be created quickly, reused across systems, and left in place long after the workload or integration that needed it has changed. That makes lifecycle, ownership, and purpose inseparable from the identity itself. Once those links are lost, the organisation has a credential, but no longer has a governable principal. In practice, that is why secrets tooling alone cannot answer attribution or blast radius questions.
Practical implication: model every machine identity as a principal plus relationships, not as a standalone secret.
How reachability defines blast radius for NHI governance
The article's reachability model is more useful than raw inventory because inventory counts objects while reachability shows what they can actually touch. A credential's effective risk depends on its grant, runtime, and downstream paths, not just its presence in a list. This is the difference between knowing that a service account exists and knowing which APIs, datasets, and workflows it can influence under current conditions. For NHI governance, that is the operational unit that matters because compromise only becomes material when authority can move through a path.
Practical implication: map effective reach across runtime and resource relationships before deciding where to reduce privilege.
Why agentic AI turns authorization into a live decision
The article treats an agent as a principal that can decide at runtime which tool to call and which authority to use. That changes authorization from a static configuration into a sequence of live decisions. In an autonomous setting, the governance question is no longer only whether access was issued correctly at provisioning time, but whether the observed action still matches the delegated purpose at the moment of execution. That is why runtime policy, closed-loop enforcement, and evidence capture become central once the actor can choose its own path through tools and resources.
Practical implication: design runtime controls that evaluate observed agent behaviour, not just issued entitlements.
Threat narrative
Attacker objective: The attacker seeks to turn an unmanaged machine identity into durable, unobserved authority that can be used to reach sensitive systems and data.
- Entry begins when a machine credential, such as a token or API key, escapes its intended boundary and is reused beyond the workload or service that created it.
- Escalation occurs when the credential carries broader grant scope than the immediate task requires, allowing access to adjacent systems or data paths without new approval.
- Impact follows when no runtime control watches the principal, so the authority persists silently until an attacker uses it to read, move, or exfiltrate data.
Breaches seen in the wild
- Meta AI Instagram Account Takeover — 20,225 Instagram accounts hijacked via compromised Meta AI support chatbot with overprivileged access.
- CoPhish OAuth Token Theft via Copilot Studio — CoPhish campaign exploits Microsoft Copilot Studio agents to steal OAuth tokens via AI-assisted phishing.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
The non-human majority is now the primary identity governance problem. When most authority sits with workloads, service accounts, tokens, and agents, human-centric IAM controls stop being the main line of defense. The programme has to govern machine identity as a first-class discipline, not as a collection of secrets to be stored and rotated. Practitioners should treat NHI governance as core identity architecture, not a tooling side task.
The accountability gap is the real risk, not the count of credentials. The article is strongest when it shows that inventory alone cannot tell you who acted, with what authority, and on whose behalf. That means the relevant unit of control is the relationship between principal, credential, grant, runtime, resource, and owner. Practitioners should use that graph to decide where governance is broken, because count without context produces false confidence.
Identity blast radius is the named concept that best captures this shift. Blast radius is not a row in a spreadsheet, it is the reachable subgraph created by current grants and runtime conditions. Once the question becomes reachability, least privilege, segmentation, and runtime monitoring have to be judged by what can actually be touched, not by what has been provisioned. Practitioners should reframe NHI risk around reachable impact, not asset inventory.
Machine speed makes static review cadences structurally late. The article's argument is that resolve, reason, decide, enforce, and prove must happen in a closed loop because machine authority moves faster than human review cycles. That is true for service accounts and even more true when agents choose tools at runtime. Practitioners should expect governance failure whenever review, approval, and evidence gathering are separated from execution.
Autonomy changes the meaning of permission because intent becomes runtime-specific. A principal that can decide which tool to call can also decide which authority to invoke, which means provision-time authorisation no longer captures the full risk. That does not eliminate identity governance, but it does collapse the assumption that intent is known before execution begins. Practitioners should evaluate which policies still assume a predictable actor and which ones must move to live behavioural control.
From our research:
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
- For a deeper control perspective, see OWASP Agentic AI Top 10 for the runtime risks that emerge when identity, tools, and autonomy collide.
What this signals
Identity blast radius is becoming the practical metric that matters. As machine authority spreads across services, SaaS, and agent runtimes, the programme risk is no longer how many identities exist but how far any one of them can reach. If your team cannot trace effective reach from principal to resource, you do not yet have a governable identity estate.
The governance implication is immediate for IAM, PAM, and NHI teams: lifecycle ownership and runtime visibility now have to be designed together. The same identity model that explains service accounts also has to withstand agentic behaviour, because a delegated tool call can create the same downstream exposure as a mis-scoped credential.
The metric that should change internal reporting is not inventory growth, but how much of the estate is attributable, scoped, and observable. When 80% of organisations say AI agents have already acted beyond intended scope, the control question is whether your policies can actually see and stop the same pattern in your environment.
For practitioners
- Separate principal, credential, grant, runtime, resource, and owner Stop treating a secret as the identity itself. Build your governance model so each machine identity is represented as an accountable principal with distinct authority, execution context, and business ownership.
- Map reachable blast radius, not just inventory counts Model effective paths from each machine identity to sensitive APIs, datasets, and automation targets. Use that reachability view to prioritise the identities whose current grants create the largest downstream exposure.
- Bind lifecycle controls to every non-human principal Require explicit creation, ownership, renewal, and retirement for service accounts, tokens, and agent identities. If an identity cannot be offboarded on purpose, it will eventually become orphaned by default.
- Move governance into the runtime decision loop Instrument the identities that can act at machine speed so policy can evaluate observed behaviour before the action completes. That means closed-loop detection, decision, enforcement, and evidence capture for high-risk paths.
- Assign one accountable owner per machine identity Make a named team or sponsor responsible for each principal, including review of scope, renewal, and revocation. Accountability must survive handoffs between engineering, platform, and security teams.
Key takeaways
- Non-human identities now carry most of the enterprise's practical authority, which makes identity governance a machine problem as much as a human one.
- The critical failure is accountability collapse, because inventory alone cannot show who acted, what authority they used, or how far that authority can reach.
- The control shift is from static ownership and review to lifecycle binding, reachability analysis, and runtime enforcement for every non-human principal.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST Zero Trust (SP 800-207), NIST SP 800-53 Rev 5 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | The article centres on unmanaged NHI principals and lifecycle gaps. |
| NIST CSF 2.0 | PR.AC-1 | Accountable access and identity governance sit at the core of the article. |
| NIST Zero Trust (SP 800-207) | The article's reachability model aligns with zero trust path reduction. | |
| NIST SP 800-53 Rev 5 | AC-6 | Least privilege is central to reducing machine identity blast radius. |
| NIST AI RMF | MANAGE | Runtime governance of agent behaviour aligns with AI risk treatment. |
Treat machine identities as continuously verified subjects and constrain their reachable paths to the minimum necessary.
Key terms
- Non-Human Identity (NHI): A digital identity assigned to a non-human entity such as a software application, service account, API key, bot, machine, or AI agent that enables it to authenticate and interact with systems without direct human involvement. NHIs now outnumber human identities in most enterprises by 25 to 50 times.
- Accountability Gap: The accountability gap is the distance between the authority a machine identity can exercise and an organisation's ability to identify, govern, observe, and stop that authority. It appears when ownership, scope, and runtime evidence are not connected well enough to answer who acted and why.
- Blast Radius: The potential scope of damage if a specific credential or identity is compromised. Identities with broad permissions have a larger blast radius and represent a higher priority for least-privilege enforcement and security controls.
- Agentic Identity: An agentic identity is a non-human identity used by an autonomous system that can act, call tools, and access data with execution authority. It needs the same governance discipline as other privileged identities, plus runtime context, ownership mapping, and revocation paths.
What's in the full article
Identra.ai's full article covers the operational detail this post intentionally leaves for the source:
- The article's six-object identity model and the practical distinction between principal, credential, grant, runtime, resource, and accountability context.
- The full argument for why machine identities break human IAM assumptions across lifecycle, context, and runtime speed.
- The complete conceptual model for reachability and blast radius, including the relationship between potential, effective, and observed access.
- The closing operational framework for resolving every identity fragment back to one accountable control plane.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an identity programme, it is worth exploring.
Published by the NHIMG editorial team on July 14, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org