TL;DR: AI agents often run with hardcoded API keys, shared service accounts, or borrowed OAuth tokens, leaving no reliable attribution or task boundary, according to Aembit. Static IAM assumptions about known identities, predictable access, and reviewable privilege break down when agents act across multiple services in one session.
NHIMG editorial — based on content published by Aembit: AI agent authentication and delegated access patterns
By the numbers:
- 64% of valid secrets leaked in 2022 are still valid and exploitable today, proving that detection alone is not enough without automated revocation.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes , and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: How should security teams authenticate AI agents without using shared credentials?
A: Security teams should authenticate AI agents with a unique workload identity for each agent instance, then verify runtime context before issuing short-lived credentials.
Q: Why do AI agents complicate least-privilege access reviews?
A: AI agents can move across several services in one task, so a static access review often captures only part of the privilege they actually used.
Q: What breaks when an AI agent inherits a user's OAuth token?
A: The main failure is that the token outlives the task and carries user-level authority into downstream calls without clear task boundaries.
Practitioner guidance
- Replace shared credentials with per-agent identity Issue each agent instance a unique, verifiable identity tied to workload context so logs and access decisions can distinguish one execution from another.
- Require runtime attestation before access issuance Verify the workload, platform, and environment before brokering any secret, token, or certificate to an agent.
- Scope access to the task, not the agent type Grant only the permissions needed for the current action and expire them when the task ends, instead of carrying broad standing access.
What's in the full article
Aembit's full analysis covers the operational detail this post intentionally leaves for the source:
- The full walkthrough of workload identity, attestation, and token exchange patterns for agentic systems.
- The detailed comparison of shared accounts, borrowed user tokens, and per-agent identity models in production workflows.
- The end-to-end Blended Identity flow for preserving user context alongside agent identity.
- The MCP-specific auth patterns and privileged-operation handling that implementation teams need.
👉 Read Aembit's analysis of AI agent authentication and delegated access →
AI agent authentication and task-scoped access: what changes now?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
Shared credentials are the wrong identity model for agentic work: agent authentication fails when the credential is treated as the actor rather than the workload instance. That breaks attribution, revocation, and incident reconstruction because the same key may be reused across agents, users, and tasks. The implication is that governance must move from credential-centric control to instance-level identity control.
A few things that frame the scale:
- 64% of valid secrets leaked in 2022 are still valid and exploitable today, proving that detection alone is not enough without automated revocation, according to The State of Secrets Sprawl 2026.
- AI-related credential leaks surged 81.5% year-over-year in 2025, with the surrounding AI infrastructure leaking 5x faster than core LLM providers, according to The State of Secrets Sprawl 2026.
A question worth separating out:
Q: Who should own accountability when an AI agent acts on behalf of a user?
A: Accountability should sit with both the system that issued the agent identity and the business process that authorised the delegated action. Downstream services need to see the agent identity and the initiating user context together, otherwise the access decision is incomplete. That is especially important for audit, incident response, and privilege review.
👉 Read our full editorial: AI agent authentication breaks traditional IAM assumptions