Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent authorization: are your controls keeping up inside sessions?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: AI agents inherit credentials, act autonomously inside sessions and can exceed intended access without human review, while a 2026 Cloud Security Alliance study found 74% of organisations say agents often receive more access than necessary. The real gap is not provisioning at the door, but runtime authorization and proof of every privileged action.

NHIMG editorial — based on content published by Delinea: AI agent authorization: Why access at the door is not enough

By the numbers:

Questions worth separating out

Q: How should security teams authorize AI agents that inherit user or service-account access?

A: Security teams should authorize AI agents at the session and action level, not just at login.

Q: Why do AI agents complicate traditional IAM and PAM controls?

A: AI agents complicate traditional IAM and PAM controls because they act inside live sessions at machine speed and may take different paths in different contexts.

Q: How do you know if AI agent authorization is actually working?

A: AI agent authorization is working when every privileged action is checked against policy in real time and the system can prove what happened afterward.

Practitioner guidance

  • Define the session as the control boundary Treat AI agent login as the start of governance, not the end of it.
  • Re-cut inherited privileges for agent use Review the permissions attached to any identity that can be reused by an agent, then remove access that was justified for human work but not for agent execution.
  • Record every privileged agent action Enable immutable session recording so each sensitive action can be tied back to the governing policy and the identity that approved it.

What's in the full article

Delinea's full blog covers the operational detail this post intentionally leaves for the source:

  • A runtime authorization model for AI agents that explains how policies are evaluated at the moment of each action.
  • A session recording approach for proving privileged agent activity during audits and investigations.
  • A practical distinction between authentication and authorization in inherited-access environments.
  • The control implications of non-deterministic agent behaviour for IAM, PAM and NHI governance.

👉 Read Delinea's analysis of AI agent authorization and runtime controls →

AI agent authorization: are your controls keeping up inside sessions?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

AI agent authorization is a runtime governance problem, not a provisioning problem. The article is right to separate access at the door from control inside the session, because the real risk appears after login when the agent starts selecting actions at machine speed. This shifts the identity question from entitlements to enforced behaviour. Practitioners should treat AI agent sessions as continuously governed execution paths, not static approvals.

A few things that frame the scale:

  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which explains why inherited access often outlives the review process.

A question worth separating out:

Q: Who is accountable when an AI agent performs an unauthorized privileged action?

A: Accountability sits with the organisation that defined the policy, approved the identity and chose the control model. If session recording, runtime authorization and review ownership are missing, then the failure is governance, not just technology. Boards and auditors will expect a traceable decision chain.

👉 Read our full editorial: AI agent authorization needs runtime controls, not just access checks



   
ReplyQuote
Share: