Agentic access and impersonation: what IAM teams are missing

TL;DR: A ServiceNow Virtual Agent integration flaw could let an unauthenticated attacker impersonate arbitrary users, including administrators, because a platform-wide trusted credential and weak email-based linking bypassed normal authentication checks, according to Aembit. The incident shows why agentic workflows need runtime identity controls, not shared trust shortcuts.

NHIMG editorial — based on content published by Aembit covering the ServiceNow impersonation flaw and agentic access risk

By the numbers:

• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
• Only 5.7% of organisations have full visibility into their service accounts.
• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.

Questions worth separating out

Q: What breaks when agentic workflows rely on shared integration credentials?

A: Shared integration credentials collapse attribution and expand blast radius because multiple tools can present the same trust signal.

Q: Why do agentic systems complicate identity governance more than traditional SaaS integrations?

A: Agentic systems complicate identity governance because they can initiate, sequence, and repeat actions across tools instead of waiting for a single user request.

Q: How do security teams know if workflow identity controls are actually working?

A: They are working if a workflow cannot impersonate another identity, cannot reuse a credential outside the intended task, and leaves an audit trail that names the actor, the context, and the action.

Practitioner guidance

• Separate every agent identity from the invoking user Assign distinct identities to integrations, service actors, and workflows so actions are not recorded under a human account.
• Remove shared credentials from multi-tool workflows Replace platform-wide secrets and reusable tokens with scoped credentials that are unique per integration and expire after the task.
• Enforce runtime policy before each privileged action Require an authorisation decision at execution time for record creation, access provisioning, and administrative changes.

What's in the full article

Aembit's full article covers the operational detail this post intentionally leaves for the source:

• The exact ServiceNow Virtual Agent trust chain and how the impersonation flaw worked in practice.
• The control patterns Aembit recommends for runtime policy enforcement and ephemeral credentials.
• The workflow monitoring and attribution details that matter when agent actions must be investigated.
• The vendor's implementation-oriented guidance for treating agents as non-human workloads.

👉 Read Aembit's analysis of the ServiceNow impersonation flaw and agentic access risk →

Agentic access and impersonation: what IAM teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →