TL;DR: As enterprises spread workloads across hybrid cloud, containers, and agentic AI, non-human identities now make up more than 98% of identities and traditional IAM cannot keep pace, according to Token Security. The governing assumption has changed: identity is no longer a stable record to review, but a fast-moving data problem that must be correlated before remediation is safe.
At a glance
What this is: Token Security argues that NHI security now needs a data-driven control model because cloud, container, and agentic AI environments have outgrown human-centric IAM.
Why it matters: This matters because IAM, PAM, and lifecycle teams have to govern service accounts, tokens, and autonomous agents with the same discipline once reserved for human identities.
By the numbers:
- Organizations that describe themselves as confident in their AI deployment actually experience a 72% security incident rate, compared to 33% for those who remain cautious.
- Only 44% of organizations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes.
👉 Read Token Security's analysis of NHI security across cloud and agentic AI
Context
Non-human identity security is the discipline of governing service accounts, workload identities, access tokens, APIs, and AI agents across systems that create and consume credentials far faster than human teams can track them. The primary keyword here is NHI governance, and the core problem is that identity sprawl now spans cloud platforms, containers, CI/CD, and agentic workflows at the same time.
Token Security's article frames that problem as a visibility and control gap rather than a tooling feature gap. Its argument is that remediation becomes risky when teams cannot answer basic questions about ownership, runtime use, secret exposure, and downstream impact before taking action.
That starting point is typical for modern cloud and AI estates, not an edge case. Once identities become ephemeral and distributed, the old model of static inventory and manual review stops being sufficient for either security or operations.
Key questions
Q: How should security teams govern non-human identities across hybrid cloud environments?
A: Start with a single inventory that ties each non-human identity to its owner, creation source, runtime use, and secret state. Then enforce consistent policy across AWS, Azure, GCP, containers, and CI/CD so teams can see blast radius before they revoke access or automate remediation.
Q: Why do service accounts and tokens create more risk in cloud-native environments?
A: They are often created faster than teams can review them, reused across systems, and left with permissions that outlive the workload they support. That combination increases the chance of orphaned access, over-permissioning, and hidden dependency chains that make safe revocation difficult.
Q: What breaks when AI agents use unmanaged credentials?
A: The governance model breaks because the same credential can be used by an actor that changes tools, actions, and timing at runtime. Without dependency mapping, teams cannot tell whether a credential is supporting a safe task or enabling unintended access across multiple systems.
Q: Who should own NHI lifecycle decisions in a large enterprise?
A: Ownership should sit with the team that can answer three questions: who created the identity, what workload or agent uses it, and what will fail if it is removed. In practice, that means platform, identity, and application teams must share responsibility for lifecycle control.
Technical breakdown
Why cross-cloud NHI governance breaks down
Hybrid and multi-cloud environments do not share one identity model. AWS IAM roles, Azure service principals, GCP service accounts, SaaS OAuth tokens, and on-prem service accounts each expose different permission structures and lifecycle rules. That fragmentation makes it hard to establish one authoritative owner, one trust boundary, or one revocation process. The result is inconsistent least privilege, duplicate credentials, and orphaned access paths that survive infrastructure changes. NHI governance therefore becomes a correlation problem before it is a policy problem.
Practical implication: build a unified inventory that links each non-human identity to its issuing system, owner, runtime use, and current exposure state.
How ephemeral infrastructure changes identity risk
Containers, serverless functions, and short-lived workloads create identities that exist only for a narrow execution window, yet they still inherit tokens, secrets, and permissions. Because these identities are provisioned and destroyed continuously, static review cycles miss the moment when access is created, used, and discarded. That creates a lifecycle gap where over-permissioned access can do real damage before any review occurs. In practice, ephemeral infrastructure requires runtime-aware governance, not just periodic certification.
Practical implication: tie approval, scope, and revocation decisions to runtime context instead of relying on scheduled access reviews alone.
How agentic AI changes the NHI control problem
Agentic AI systems do not just consume credentials, they initiate actions, chain tool calls, and access data across multiple systems. That makes them non-human identities with behavioural complexity that can exceed the assumptions baked into conventional IAM and secrets management. A static credential attached to an agent can be used in ways that are hard to predict at provisioning time, especially when the agent can decide which tools to invoke during execution. This is where NHI governance has to account for runtime behaviour, not just credential issuance.
Practical implication: map every AI agent to the credentials, data sources, and tool permissions it can touch, then continuously validate actual use against intended scope.
Threat narrative
Attacker objective: The attacker wants to turn fragmented non-human identity sprawl into durable unauthorized access across cloud and AI workflows.
- Entry occurs when exposed secrets, tokens, or service credentials are reused across cloud, CI/CD, or agentic workflows without a single ownership boundary. Credential access persists because the same NHI can be embedded in pipelines, runtime systems, and automation layers. Impact follows when those credentials allow unauthorized access, secret sprawl, or cross-environment abuse that is hard to unwind quickly.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- Shai Hulud npm malware campaign — Shai Hulud campaign: npm malware exposed secrets on GitHub.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
NHI governance has become a correlation discipline, not an inventory discipline. The article is right to center unified telemetry, because distributed identity systems fail first at linkage, not at storage. When ownership, runtime use, secret state, and infrastructure dependency live in different tools, remediation decisions are made with incomplete context. Practitioners need to treat correlation depth as a governance control in its own right.
Ephemeral infrastructure exposes a standing-assumption failure in access review processes. Access review was designed for identities that remain stable long enough to be observed and certified. That assumption fails when containers, serverless functions, and automation identities are created and destroyed continuously. The implication is that review cadence alone cannot govern identities whose useful lifetime is measured in minutes or seconds.
Agentic AI turns service-account governance into behaviour governance. An AI agent can use legitimate credentials in ways that vary by task, tool choice, and execution path, so the control problem is no longer just who owns the credential. It is what the agent can do with that credential across systems and contexts. Practitioners should read this as a shift from static entitlement thinking to runtime behaviour governance.
Safe automation depends on blast-radius knowledge before action, not after discovery. The strongest operational claim in the article is that blind revocation can break production if identity dependencies are unknown. That is a useful warning for IAM, PAM, and platform teams alike. In practice, the security boundary is not the credential itself but the dependency graph around it.
Identity as a data problem is a useful named concept for modern NHI programmes. In this model, the asset to govern is not just the credential, but the relationships between identity creation, runtime usage, vaulting, ownership, and effective permission. That framing aligns with OWASP-NHI and zero-trust principles because policy only works when the underlying identity graph is accurate. Teams should measure whether their programme can answer ownership and impact questions before it attempts remediation.
From our research:
- Only 44% of organizations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security, according to The 2026 Infrastructure Identity Survey.
- Another finding from that survey shows that 70% of organizations grant AI systems more access than they would give a human employee performing the exact same job, which is a direct warning sign for identity teams.
- For a broader control baseline, see Ultimate Guide to NHIs for lifecycle, visibility, rotation, and offboarding patterns that apply across machine identities.
What this signals
Identity graph completeness will become a board-level operational signal. When access can exist across clouds, containers, CI/CD, and AI agents at once, the programme that wins is the one that can map identities to ownership and runtime context fastest. Teams should expect greater pressure to show which identities are active, which are orphaned, and which can be safely revoked without service disruption.
NHI governance will increasingly overlap with agent governance. As agentic systems adopt credentials and invoke enterprise APIs, the line between workload identity and AI identity becomes operational rather than conceptual. That makes policy consistency across NHI, IAM, and AI oversight essential, especially when identity decisions affect both platform reliability and security posture.
With 69% of security leaders saying identity management must fundamentally shift to address agentic AI systems, the practical message is clear: existing lifecycle controls need runtime data to stay relevant. Teams should align policy automation with verified dependency data, not with assumptions about how identities are supposed to behave.
For practitioners
- Build one authoritative NHI inventory Link each service account, token, API credential, and workload identity to the system that created it, the team that owns it, and the runtime it serves. Without that linkage, revocation and remediation decisions will remain speculative.
- Correlate runtime use before automating remediation Trace how each identity is actually consumed across cloud, container, and CI/CD environments before disabling it or narrowing access. This reduces the risk of breaking production while still closing unused or over-permissioned paths.
- Separate ephemeral workloads from static access patterns Treat short-lived containers, serverless functions, and agentic workflows as a distinct governance class with tighter scope and shorter credential lifetimes. Static review cadences do not fit identities that are born and retired within the same execution window.
- Map AI agents to their credential and tool dependencies Record which AI agents can call which APIs, access which data sources, and invoke which downstream systems. That dependency map is the minimum requirement for understanding blast radius when an agent behaves unexpectedly.
- Use policy automation only after context is established Automate rotation, deprovisioning, and access narrowing only when ownership, secret state, and downstream dependency data are already in place. Automation without context just scales uncertainty.
Key takeaways
- Modern identity sprawl is no longer a peripheral NHI issue. It is the operating condition of cloud, container, and agentic AI estates.
- The real control gap is not just visibility. It is the ability to connect ownership, runtime use, and downstream dependency before action is taken.
- IAM teams should treat remediation confidence as a prerequisite for automation, not as a benefit that follows from automation.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | The article focuses on NHI visibility, ownership, and remediation risk. |
| NIST CSF 2.0 | PR.AC-4 | Least privilege and access management are central to the article's governance model. |
| NIST Zero Trust (SP 800-207) | The post emphasizes continuous verification across distributed identity contexts. |
Apply zero-trust principles to NHI access by validating context before each privileged action.
Key terms
- Non-Human Identity: A non-human identity is any machine or software identity used to authenticate and authorize access to systems, data, or services. It includes service accounts, workload identities, tokens, certificates, and AI agents. These identities need governance because they often scale faster than human oversight.
- Identity Graph: An identity graph is a correlated view of how identities are created, used, vaulted, and connected to systems and ownership. In NHI programmes, it helps teams understand blast radius before they change access, rather than relying on isolated inventory records that miss dependencies.
- Runtime Context: Runtime context is the live operational state in which an identity is being used, including where it is running, what it is accessing, and what it depends on. For NHI governance, runtime context is essential because static entitlements rarely show how a credential is actually being consumed.
- Blast Radius: Blast radius is the set of systems, data, and services that could be affected if an identity is abused, revoked, or misconfigured. In NHI governance, it is a practical measure of change risk and a key input to safe remediation and policy automation.
What's in the full article
Token Security's full blog covers the operational detail this post intentionally leaves for the source:
- A walkthrough of the NHI Risk Graph architecture and how it correlates identity creation, runtime use, and secret exposure.
- Examples of automation campaigns for zero trust cleanup, shadow AI discovery, and secret sprawl control.
- Details on remediation intelligence, including ownership mapping, infrastructure linkage, and usage-impact simulation.
- Platform integrations across AWS, Azure, GCP, Kubernetes, CI/CD, secrets managers, and SIEM tooling.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
Published by the NHIMG editorial team on 2026-05-29.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org