TL;DR: Agentic systems break the human assumption that authentication can establish trust for a fixed period, because they expand scope mid-task, make fresh tool choices, and require continuous authorization, attribution, and mediated credential use, according to 1Password. Static identity controls are no longer enough when an agent can change intent after login.
NHIMG editorial — based on content published by 1Password: continuous authorization, attribution, and mediated access for agents in production
By the numbers:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: How should security teams govern agent identity after login?
A: Security teams should govern agent identity as a runtime control problem, not a login problem.
Q: Why do agents complicate least-privilege design?
A: Agents complicate least-privilege design because their intent is not fully knowable at provisioning time.
Q: What breaks when secrets are given directly to an agent?
A: Direct secret handoff breaks the boundary between authority and execution.
Practitioner guidance
- Map where authentication assumptions end Identify every workflow where a one-time login or approval currently governs later agent actions.
- Broker secrets at the point of use Keep credentials out of the agent context window and route access through a proxy or gateway that binds each secret to a specific destination.
- Bind every agent action to a delegator Preserve execution traces that connect each action to the initiating human and the authority under which the agent acted.
What's in the full article
1Password's full analysis covers the operational detail this post intentionally leaves for the source:
- Workflow examples showing how continuous authorization changes after the first task is approved
- The control-layer pattern for mediated credential use through proxies, gateways, or injection layers
- How attribution is preserved across multiple systems when an agent crosses user, service account, and API token boundaries
- The podcast discussion of delegation chains, scope, duration, and thresholds for production agents
👉 Read 1Password's analysis of continuous authorization and agent identity →
Agent identity and continuous authorization: are controls keeping up?
Explore further
Authentication built for human stability breaks when the actor can change intent mid-session. The core premise of login-based trust is that identity and intent remain stable long enough for a session grant to be meaningful. That assumption fails when an agent can start with one task and decide it needs another tool or another dataset without a fresh human decision. The implication is not just weaker authentication, but a broken governance premise for agent identity itself.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means most identity programmes still cannot see the full non-human estate clearly.
A question worth separating out:
Q: Who is accountable when an autonomous agent exceeds its intended scope?
A: Accountability should remain with the delegating organisation and the human or process that granted the authority, but only if the system preserves attribution across tools and sessions. Without durable execution traces, teams cannot reconstruct who authorised the action, which system executed it, or where the chain of authority broke down.
👉 Read our full editorial: Agent identity needs continuous authorization, not static login trust