TL;DR: As agentic AI systems begin to trigger workflows, call APIs, move data, and create other agents, Token Security argues that identity and authorisation must shift from human-centric admin patterns to continuous, lifecycle-based controls. That matters because autonomous behaviour makes provenance, accountability, and policy enforcement harder to preserve across multi-agent environments.
NHIMG editorial — based on content published by Token Security: Forging Trust in Agentic AI Ecosystems Through Identity and Authorization
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
- Only 5.7% of organisations have full visibility into their service accounts.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should security teams govern AI agents that can act on their own?
A: Security teams should govern AI agents as runtime actors with unique identities, bounded permissions, and continuous verification at each action boundary.
Q: Why do autonomous agents create more risk than ordinary automation?
A: Autonomous agents create more risk because they can choose actions, select tools, and change behaviour during execution without a human approval gate.
Q: What breaks when AI agents use shared credentials or opaque API calls?
A: Shared credentials and opaque API calls break attribution, auditability, and containment.
Practitioner guidance
- Assign unique identities to every agent Eliminate anonymous, shared, or unregistered agent access paths.
- Bind credentials to the requesting agent Use sender-constrained tokens and short-lived keys so access cannot be replayed by another agent.
- Move authorisation to the action boundary Re-evaluate permissions at every API call or workflow step, especially where agents can invoke tools, access sensitive data, or delegate to other agents.
What's in the full article
Token Security's full blog post covers the operational detail this post intentionally leaves for the source:
- A more granular explanation of OAuth 2.1 patterns for agent authentication and token binding.
- A practical comparison of RBAC, ABAC, and policy-based access control for autonomous workflows.
- The article's own trust framework comparison table, including the governance strengths of Zero Trust and AI RMF.
- The author’s framing of human-in-the-loop checks for high-risk agent actions and delegation.
👉 Read Token Security's analysis of identity and authorisation for agentic AI ecosystems →
Agentic AI identity and authorisation: what IAM teams must fix?
Explore further
Agentic AI is not a human IAM variant, and treating it that way creates false confidence. The article is right to move beyond login-centric thinking because an agent can initiate actions, chain tools, and re-enter policy paths without a human operator in the loop. That makes identity a runtime governance problem rather than a user authentication problem. Practitioners should read this as a shift from identity as access to identity as execution context.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 44% of organisations have implemented policies to govern AI agents, even though 92% agree governance is critical to enterprise security.
A question worth separating out:
Q: Who should approve high-risk actions taken by AI agents?
A: High-risk actions should require human approval from the accountable business or security owner before the action completes. Financial transactions, sensitive data access, and delegation to other agents are the clearest candidates. Approval should be tied to the specific action and context, not to a blanket role.
👉 Read our full editorial: Agentic AI identity and authorisation need stronger trust controls