Agent identity and continuous authorization: are controls keeping up?

TL;DR: Agentic systems break the human assumption that authentication can establish trust for a fixed period, because they expand scope mid-task, make fresh tool choices, and require continuous authorization, attribution, and mediated credential use, according to 1Password. Static identity controls are no longer enough when an agent can change intent after login.

NHIMG editorial — based on content published by 1Password: continuous authorization, attribution, and mediated access for agents in production

By the numbers:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should security teams govern agent identity after login?

A: Security teams should govern agent identity as a runtime control problem, not a login problem.

Q: Why do agents complicate least-privilege design?

A: Agents complicate least-privilege design because their intent is not fully knowable at provisioning time.

Q: What breaks when secrets are given directly to an agent?

A: Direct secret handoff breaks the boundary between authority and execution.

Practitioner guidance

• Map where authentication assumptions end Identify every workflow where a one-time login or approval currently governs later agent actions.
• Broker secrets at the point of use Keep credentials out of the agent context window and route access through a proxy or gateway that binds each secret to a specific destination.
• Bind every agent action to a delegator Preserve execution traces that connect each action to the initiating human and the authority under which the agent acted.

What's in the full article

1Password's full analysis covers the operational detail this post intentionally leaves for the source:

• Workflow examples showing how continuous authorization changes after the first task is approved
• The control-layer pattern for mediated credential use through proxies, gateways, or injection layers
• How attribution is preserved across multiple systems when an agent crosses user, service account, and API token boundaries
• The podcast discussion of delegation chains, scope, duration, and thresholds for production agents

👉 Read 1Password's analysis of continuous authorization and agent identity →

Agent identity and continuous authorization: are controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →