TL;DR: AI agent sprawl makes static IAM brittle because administrators cannot scale human approval to every call, and Andromeda Security argues that behavioral baselines at the AI Gateway can distinguish routine access from risky deviation. The core issue is that policy assumes stable intent, while agents change context across tools, resources, and time.
NHIMG editorial — based on content published by Andromeda Security: Avoiding Approval Fatigue with Behavior Baselines
By the numbers:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: How should security teams govern AI agents without creating approval fatigue?
A: Security teams should govern AI agents with behavioural baselines that learn normal activity and only escalate material deviations.
Q: Why do AI agents make static IAM policies brittle?
A: AI agents make static IAM brittle because access patterns are no longer stable enough to predict in advance.
Q: What breaks when behavioural baselines ignore the resource being accessed?
A: When baselines ignore the resource, they collapse very different risks into the same tool-level signal.
Practitioner guidance
- Define behavioural baselines per agent and per task class Track the tools used, the resources touched, the timing pattern, and the acting context for each agent before allowing standing access.
- Move governance from tool names to resource locality Map access decisions to the underlying schema, table, tenant, or system boundary, not just to the application verb.
- Route only material deviations to human review Score deviations by action type, resource sensitivity, entitlement state, and execution timing before escalating.
What's in the full article
Andromeda Security's full post covers the operational detail this post intentionally leaves for the source:
- A walkthrough of how the AI Gateway evaluates behaviour across tools, resources, and timing before making a decision.
- The article's risk-scoring logic for low-risk and high-risk deviations, including how the system separates routine calls from escalation events.
- Examples of how approvals can be auto-cleared, logged, or escalated based on context rather than fixed policy alone.
- The vendor's view of how its gateway fits into agentic security architecture across human and non-human identity.
👉 Read Andromeda Security's analysis of approval fatigue and AI agent baselines →
AI agent behavior baselines: are your IAM controls keeping up?
Explore further
Behavior baselines expose the limit of policy-only governance for AI agents. Classic IAM assumes access can be pre-authorised because the actor's intent is stable enough to predict. That assumption weakens when one person can trigger multiple ephemeral agents across multiple systems in a short task cycle. The implication is that identity governance for agents must be evaluated as runtime behaviour, not only as entitlement state.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: Who should approve risky AI agent access decisions in a mature programme?
A: The gateway should auto-handle low-risk deviations and route only high-risk exceptions to human reviewers with enough context to decide quickly. Accountability should stay with the identity and platform teams that define the policy, not with overworked approvers who cannot distinguish a harmless drift from a genuine boundary crossing.
👉 Read our full editorial: Behavior baselines for AI agent identity are challenging IAM