TL;DR: Claude Tag gives each Slack channel its own AI agent identity, with separate credentials and audit trails, but channel-based access still creates standing NHI exposure across connected tools, according to Oasis Security. The governance gap is not attribution, it is ownership, lifecycle control, and cross-platform visibility for every agent credential.
NHIMG editorial — based on content published by Oasis Security: Claude Tag, agent identity, and the NHI governance gap
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should security teams govern AI agents that have their own identity?
A: Treat each agent as a non-human identity with a named owner, a defined scope, and a lifecycle.
Q: Why do channel-shared AI agents create more risk than single-user assistants?
A: Channel-shared agents collapse individual accountability into group access.
Q: What breaks when agent identity is tracked only in logs?
A: Logs show what the agent did, but they do not show whether the right people were allowed to invoke it or whether the credential should still exist.
Practitioner guidance
- Inventory every agent principal Build a register of AI agents, the tools they can reach, the channels that can invoke them, and the human owner for each credential set.
- Map consumers to each agent credential Tie each agent identity to the exact channels, groups, or projects that can activate it so review teams can see who is effectively using the access.
- Apply lifecycle controls to agent access bundles Rotate, recertify, and decommission agent credentials when projects end, channel membership changes, or invocation rights are no longer required.
What's in the full article
Oasis Security's full blog covers the operational detail this post intentionally leaves for the source:
- The exact agent access bundle model used in Slack and how it maps to connected systems.
- The practical workflow for discovering which channels and people can reach a given agent principal.
- The lifecycle questions teams should ask when a project ends, a user leaves, or an agent capability changes.
- The source article's next-step guidance on bringing channel-shared access under governance.
👉 Read Oasis Security's analysis of Claude Tag and agent identity governance →
Agent identity in Slack: what IAM teams need to govern?
Explore further
Agent identity does not remove NHI risk, it relocates it. Once an AI agent is provisioned its own credentials, the central problem becomes governance of a new non-human principal rather than human delegation. That means discovery, ownership, consumer mapping, lifecycle control, and revocation now apply to the agent estate as directly as they do to service accounts. The practitioner conclusion is simple: if an agent can act independently in a channel, it must be governed as an identity, not as a feature.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 71% of NHIs are not rotated within recommended time frames, according to the same guide.
A question worth separating out:
Q: How do IAM teams decide when to revoke an AI agent’s access?
A: Revoke access when the project ends, the channel changes, the membership base shifts, or the task no longer requires the capability. Agent access should be reviewed on the same lifecycle triggers used for other NHIs, but with extra attention to the invoking group, because that is often where standing access survives.
👉 Read our full editorial: Claude Tag agent identity exposes the NHI governance gap