TL;DR: AI agents are accelerating credential sprawl by creating, using, and replicating API keys, service accounts, and other non-human identities at machine scale, while traditional IAM and PAM controls still assume human-paced access and review, according to 1Password. The governance gap is structural because access review and session-based oversight do not fit identities that duplicate, persist, and act outside centralized visibility.
NHIMG editorial — based on content published by 1Password: AI agent credential sprawl and machine identity risk
By the numbers:
- 1 in 4 employees has used AI applications that were not approved by their company.
- Repositories with Copilot active are 40% more likely to have at least one leaked secret.
Questions worth separating out
Q: How should security teams reduce credential sprawl caused by AI agents?
A: Start by discovering where non-human credentials are created, copied, and reused across code, chat tools, CI/CD logs, and agent workflows.
Q: Why do SSO and MFA not fully solve credential sprawl?
A: SSO and MFA were designed for interactive human access, so they miss credentials that authenticate programmatically or exist outside the SSO boundary.
Q: What breaks when developer secrets are hardcoded or copied into collaboration tools?
A: The break is governance, not just storage.
Practitioner guidance
- Inventory credentials where they are actually created and reused Extend discovery beyond repositories into chat platforms, ticketing tools, CI/CD logs, local files, and agent workspaces so unmanaged secrets do not hide outside review scope.
- Separate non-human identity governance from human offboarding workflows Assign distinct lifecycle controls for service accounts, API keys, and agent identities so review, revocation, and ownership do not depend on employee-centred IAM processes.
- Reduce standing privilege on machine identities Re-scope long-lived service accounts and API tokens so they only carry the minimum access needed for the current workflow, and retire any access that survives beyond task completion.
What's in the full article
1Password's full report covers the operational detail this post intentionally leaves for the source:
- Specific examples of where credentials are being stored outside central governance, including developer and collaboration workflows
- The report’s discussion of how AI agents create and replicate credentials at machine scale across enterprise environments
- Operational detail on managing unmanaged apps and shadow AI before they become credential sprawl problems
- Examples of how teams can deliver credentials to agents and automation at runtime instead of leaving long-lived secrets in place
👉 Read 1Password's analysis of AI agent credential sprawl and machine identity risk →
AI agent credential sprawl: are your IAM controls keeping up?
Explore further
Credential sprawl is now an identity governance problem, not just a secrets problem. The article makes clear that credentials are spreading across code, collaboration tools, AI agents, and unmanaged apps faster than teams can inventory them. That means the governance boundary has moved beyond vaults and into the full application and workflow stack. Practitioners should treat every unmanaged credential as an unmanaged identity relationship, not a discrete secret to be rotated later.
A few things that frame the scale:
- NHIs now outnumber human identities by 144:1 in enterprise environments, a 44% increase year-over-year driven by AI agents, CI/CD automation, and third-party integrations, according to The NHI and Secrets Risk Report.
- Our research also found that over 5.5% of AWS NHIs hold full admin privileges, which means a small slice of machine identities can carry outsized breach impact.
A question worth separating out:
Q: Who should own accountability for AI agent credentials and access?
A: Accountability should sit with the team that owns the workflow and the non-human identity, not with a human offboarding process or a generic IAM queue. AI agents can replicate access and act continuously, so the owner must be able to prove when access was issued, why it exists, and when it should end. That is the basis for clean attribution.
👉 Read our full editorial: AI agent credential sprawl is outpacing enterprise IAM controls