TL;DR: Agentic identities need lifecycle-level monitoring because NHIs register, expand consent, call tools, and persist beyond the authorising user, creating an audit gap that traditional human-session models miss, according to Descope. The control problem is not visibility alone, but whether identity governance can keep pace with continuously changing machine and agent privileges.
NHIMG editorial — based on content published by Descope: Monitoring and Auditing Agentic Identities With Descope Auth Thoughts
By the numbers:
- 57% of CIAM decision makers are worried about AI agents sharing sensitive data with unauthorized users.
Questions worth separating out
Q: How should security teams monitor agentic identities without relying on human session assumptions?
A: They should monitor the full lifecycle, not just login events.
Q: Why do agentic identities complicate traditional IAM governance?
A: Because they do not follow the clean start-and-stop pattern that human identity programmes assume.
Q: What breaks when consent changes are not audited for non-human identities?
A: Governance loses the ability to prove who approved scope expansion and when it happened.
Practitioner guidance
- Instrument the full agent lifecycle Record registration, consent changes, outbound connection creation, policy denials, and termination events as first-class security signals.
- Tighten consent review for scope expansion Review every change that expands scopes or connection permissions, especially where an MCP client can request new tool access after initial approval.
- Make offboarding a hard control, not a cleanup task Retire credentials and remove connection access when an agent, integration, or tenant relationship ends.
What's in the full article
Descope's full blog post covers the operational detail this post intentionally leaves for the source:
- Concrete examples of Descope audit events for registration, consent changes, connection creation, and policy denial.
- Implementation detail for MCP authentication, dynamic client registration, and outbound token exchange.
- Step-by-step examples showing how Snowflake access is mediated through scoped connection policies.
- How custom audit events can be streamed into SIEM and observability tooling for correlation and alerting.
👉 Read Descope's analysis of monitoring and auditing agentic identities →
Agentic identity monitoring: what IAM teams are missing?
Explore further
Continuous agentic access breaks the human-session model. Human IAM assumes a login, an action period, and a logout. That assumption fails when the actor is an NHI that can keep registering, requesting scopes, refreshing tokens, and calling tools while the original user context changes or disappears. The implication is that identity governance must stop treating audit as a post-event record and start treating it as the only reliable state model for agentic access.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- That same research found that only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
A question worth separating out:
Q: Who should own accountability for agentic identity access decisions?
A: The accountable owner should be the team or function that controls the identity lifecycle, not the agent itself and not a generic platform team. Each client, connection, and scope set needs an owner who can approve changes, respond to denials, and remove access when the relationship ends.
👉 Read our full editorial: Monitoring agentic identities exposes the NHI lifecycle gap