Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Agentic AI IAM: what changes when agents call production tools?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: AI agents are now calling production APIs, querying databases, and using MCP with more standing access than many humans, and Pomerium’s comparison of six platforms shows the market splitting between runtime enforcement and NHI discovery. Identity controls built for login events do not govern autonomous tool use unless every request is checked in line.

NHIMG editorial — based on content published by Pomerium: IAM for Agentic AI: 6 Platforms Compared

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents that call APIs instead of using a UI?

A: Security teams should govern AI agents by treating each callable action as a scoped entitlement, not as a general application login.

Q: Why do AI agents create problems for traditional IAM models?

A: Traditional IAM assumes stable identities, static roles, and access decisions that can be reviewed after the fact.

Q: What do security teams get wrong about runtime policy for agents?

A: They often assume runtime policy alone is enough.

Practitioner guidance

  • Separate enforcement from discovery in your architecture Use a runtime gateway for per-request control and a separate NHI governance tool for inventory, posture, and lifecycle management.
  • Map MCP tools to privilege tiers Inventory each tool and method exposed by MCP servers, then classify them by sensitivity so read, write, and administrative functions do not share the same access path.
  • Replace reusable secrets with short-lived assertions Where agents connect to APIs or services, prefer token exchange, cryptographically signed assertions, and ephemeral credentials over static secrets in code, configs, or agent prompts.

What's in the full article

Pomerium's full blog post covers the operational detail this post intentionally leaves for the source:

  • Platform-by-platform comparison criteria for runtime enforcement versus discovery and governance
  • Details on MCP-specific authorization, including per-tool policy evaluation and request context
  • The practical trade-offs between open-core enforcement, secret brokering, and NHI posture management
  • Guidance on when to pair a governance platform with an inline gateway in a mature programme

👉 Read Pomerium's comparison of six IAM platforms for agentic AI →

Agentic AI IAM: what changes when agents call production tools?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

Human-era IAM assumptions break the moment agents become request-time actors. IAM for people assumes a login event, a session, and a stable operator behind the identity. AI agents calling tools continuously do not fit that model, which is why per-request authorization, not dashboard-era access management, becomes the relevant control boundary. Practitioners should treat this as a structural mismatch, not a feature gap.

A few things that frame the scale:

  • 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which explains why discovery-first programmes still matter even when runtime controls are in place.

A question worth separating out:

Q: How do organisations decide between NHI discovery and inline enforcement?

A: The decision depends on the failure mode. If the problem is unknown service accounts, secrets, or agents, discovery comes first. If the problem is live requests reaching production with no check, inline enforcement comes first. Most large environments need both because one controls the estate and the other controls the next request.

👉 Read our full editorial: IAM for agentic AI exposes the limits of human-era controls



   
ReplyQuote
Share: