Notifications
Clear all
Topic starter
25/06/2026 3:23 pm
TL;DR: Agentic AI systems that independently act across APIs, databases, and SaaS tools are exposing the limits of static secrets, because predictable provisioning and human-paced access reviews no longer match runtime behaviour, according to Aembit. The governance shift is toward dynamic, context-bound credentials and identity-first access decisions, not broader vault usage.
NHIMG editorial — based on content published by Aembit: Agentic AI breaks static secrets management assumptions
Questions worth separating out
Q: How should security teams govern agentic AI that uses both delegated and native identity?
A: Security teams should separate the user-authorised step from the agent-native step and govern each differently.
Q: Why do static secrets create risk for agentic AI workflows?
A: Static secrets create risk because they assume the access context is stable, predictable, and reviewable later.
Q: What should teams replace secret reuse with in AI agent environments?
A: Teams should replace secret reuse with short-lived, context-bound credentials issued at request time.
Practitioner guidance
- Map where static secrets still exist Inventory repositories, containers, CI/CD workflows, and shared services where long-lived credentials are still injected or reused.
- Shift agent access to task-scoped issuance Issue credentials at request time and bind them to the agent identity, intended task, and target system.
- Separate delegated and agent-native identity paths Document where the agent operates under delegated user authority and where it must authenticate as itself.
What's in the full article
Aembit's full article covers the operational detail this post intentionally leaves for the source:
- Practical examples of dynamic credential issuance for multi-cloud agent workflows.
- Discussion of how identity-aware access brokers fit between agents and target systems.
- Examples of delegated OAuth scope versus non-human identity use in hybrid agent flows.
- Vendor framing on where vaults remain useful as a compatibility layer for legacy systems.
👉 Read Aembit's analysis of why agentic AI is forcing a shift from static secrets to dynamic access →
Agentic AI and static secrets management: what is breaking first?
Explore further
25/06/2026 4:53 pm
Static secrets management is built on assumptions that fail when the actor is autonomous enough to choose its own execution path. The model assumes secrets can be created once, reused for a stable context, and reviewed later without losing control of the identity’s behaviour. Agentic systems collapse that premise because the relevant access decision may not exist until runtime. The implication is that identity governance has to stop treating access as a predeclared state when the actor can change its own task path.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How do organisations decide when a vault is still necessary for AI systems?
A: A vault is still necessary when legacy applications, third-party integrations, or human-operated systems cannot yet support dynamic identity-based access. In those cases, the vault should be treated as a compatibility layer, not the primary control for agentic workflows. The long-term target remains identity-first access.
👉 Read our full editorial: Agentic AI breaks static secrets management assumptions
