Notifications
Clear all
Topic starter
08/06/2026 4:48 pm
TL;DR: Enterprises are moving from roughly 45 non-human identities per human in 2023 to an 82:1 ratio in 2025, while early adopters report 300% to 500% annual NHI growth as AI agents combine multiple credentials across systems, according to Clutch Security. The identity problem is no longer scale alone; autonomous tool use breaks static provisioning assumptions and makes traditional IAM visibility insufficient.
NHIMG editorial — based on content published by Clutch Security: The Enterprise Agentic AI Security Crisis No One Is Ready For
By the numbers:
- In 2023, enterprises typically managed about 45 NHIs per human identity.
- In 2025, a ratio of 82:1 is the new reality.
- Early adopters are now seeing 300% to 500% annual NHI growth.
Questions worth separating out
Q: How should security teams govern AI agents that use multiple credentials across systems?
A: Security teams should treat each agent as a governed identity with its own inventory entry, owner, scope, and expiry condition.
Q: Why do autonomous agents create more risk than ordinary automation?
A: Autonomous agents can choose tools, combine credentials, and change execution paths at runtime, so their access pattern is not fully knowable at provisioning time.
Q: What breaks when an AI agent has write access to enterprise systems?
A: Write access turns a credential from a visibility issue into an operational impact issue.
Practitioner guidance
- Inventory every agent identity separately Create a distinct register for AI-driven NHIs, including API keys, tokens, service accounts, and delegated OAuth credentials.
- Segment read and write privilege for agents Treat write access as a separate approval and review path.
- Tie every agent credential to lifecycle ownership Assign a named business or technical owner to each agent and make offboarding a mandatory control, not a cleanup task.
What's in the full article
Clutch Security's full technical paper covers the operational detail this post intentionally leaves for the source:
- Per-tier breakdown of shadow, platform-integrated, and cloud-native agent deployments.
- Technical guidance on dynamic credential provisioning for AI-driven NHIs.
- Examples of write-enabled agent failure modes across interconnected enterprise systems.
- Traceability and behavioural analytics patterns for detecting unmanaged agents.
👉 Read Clutch Security's technical paper on agentic AI security stack and NHI crisis →
Agentic AI and NHI growth: what IAM teams need to rethink?
Explore further
08/06/2026 6:38 pm
Agentic AI turns NHI growth from a scaling problem into an identity design problem. The article’s core numbers show that enterprises are moving from manageable ratios to explosive credential growth, but the deeper issue is structural. Traditional IAM assumes identities can be provisioned and reviewed around stable roles or service patterns. Once agents dynamically combine tools and credentials, that assumption weakens. Practitioners should read this as a sign that machine identity programmes now need an explicit agent model, not just more inventory.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to the 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months.
A question worth separating out:
Q: How can organisations spot shadow AI agents before they become a governance problem?
A: They should reconcile approved AI tools with observed API activity, credential issuance, and cross-system access patterns. If a credential is active but no owner, purpose, or retirement path exists, the agent is outside governance even if the authentication is valid. One practical anchor is the approved inventory of AI-driven NHIs.
👉 Read our full editorial: Enterprise agentic AI is driving NHI growth beyond IAM control
