TL;DR: Onyx Security’s $40 million round and Guardian Agent pitch spotlight a larger issue: behavioral monitoring can flag suspicious AI activity, but it cannot prove whether an agent was authorised to touch a system, according to EnforceAuth. The practical problem is the authorization gap between authentication and deterministic enforcement, especially across AI agents, service accounts, and delegated access chains.
NHIMG editorial — based on content published by EnforceAuth: Authorization gap versus control plane in AI agent governance
By the numbers:
- Non-human identities outnumber human users roughly 50 to 1 in the average enterprise.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: How should security teams govern AI agent access without relying only on behavioral monitoring?
A: Security teams should treat behavioral monitoring as a detection layer and authorization as the control that governs what an AI agent may actually do.
Q: Why do AI agents create an authorization problem for IAM and PAM programmes?
A: AI agents create an authorization problem because they can inherit permissions from service accounts, tokens, and delegated human access while acting at machine speed.
Q: What breaks when access review does not cover non-human identities used by AI agents?
A: When access review ignores the NHIs behind AI agents, organisations lose visibility into stale privileges, inherited rights, and abandoned credentials that still allow action.
Practitioner guidance
- Separate monitoring from authorization Define behavioral detection as a control for suspicious activity and policy enforcement as the gate for permitted action.
- Inventory delegated access chains Document human to agent to service account to API token relationships, including who granted each hop and when it expires.
- Enforce policy at execution time Use policy-as-code to make allow or deny decisions before actions execute, rather than relying on retrospective anomaly review.
What's in the full article
EnforceAuth's full article covers the operational detail this post intentionally leaves for the source:
- Policy design examples for separating behavioral monitoring from deterministic authorization
- The control-plane and enforcement-layer architecture described for AI agent governance
- Questions auditors and regulators are likely to ask about delegated authority and decision logs
- How EnforceAuth frames coverage across AI agents, human identities, service accounts, and OAuth tokens
👉 Read EnforceAuth’s analysis of the AI agent authorization gap →
AI agent control planes: what happens when authorization is missing?
Explore further
Behavioral oversight does not close the authorization gap. A runtime control plane can flag odd agent behaviour, but it cannot prove whether the identity was allowed to act in the first place. That distinction is the difference between detecting deviation and enforcing entitlement. For identity governance, this means monitoring cannot be treated as a substitute for decision authority or evidence.
A few things that frame the scale:
- Non-human identities outnumber human users roughly 50 to 1 in the average enterprise, according to the Ultimate Guide to NHIs , Why NHI Security Matters Now.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: What should organisations do when AI agent behaviour and policy decisions conflict?
A: Organisations should let policy decide what is permitted and let behavioral systems alert on suspicious execution. If the two conflict, the policy record must be the source of truth for authorization, while the anomaly signal becomes an investigation trigger. This keeps accountability deterministic and prevents model judgment from replacing access governance.
👉 Read our full editorial: Authorization gaps in AI agent governance are now the real risk