Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent credentials and access control: are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9773
Topic starter  

TL;DR: AI agents are already in most organisations, and Bitwarden cites CSA research showing 54% have unsanctioned or shadow AI agents in use, while 53% report agents exceeding intended permissions and 47% have already had an AI-agent-related security incident. The real issue is not just access control, but the failure of existing IAM processes to govern task-driven credential requests at runtime.

NHIMG editorial — based on content published by Bitwarden: AI agents are already inside most organizations and securing their access is the challenge

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agent credential access?

A: Security teams should govern AI agent credential access as a release process, not just a storage problem.

Q: Why do AI agents create more credential risk than ordinary automation?

A: AI agents create more credential risk because they can decide at runtime what they need to finish a task.

Q: What breaks when agents can read secrets in prompts or chat history?

A: What breaks is the assumption that context is separate from control.

Practitioner guidance

  • Remove secrets from agent-visible context Strip passwords, API keys, tokens, and .env files from repositories, chat logs, prompts, and agent memory paths before agents can inspect them.
  • Scope agent access to one task at a time Issue a single credential release for a single task, then revoke it immediately after use.
  • Put approval in front of every credential release Require a human decision before each credential is injected into an agent process.

What's in the full article

Bitwarden's full article covers the operational detail this post intentionally leaves for the source:

  • How the Agent Access SDK moves a request from agent to human approval without exposing the full vault.
  • The step-by-step encrypted tunnel flow that keeps a credential out of plaintext during release and use.
  • Implementation guidance for using the SDK with common agents such as Claude, Copilot, and Cursor.
  • Bitwarden's discussion of how the open source protocol is intended to fit into broader agentic workflows.

👉 Read Bitwarden's analysis of AI agent credential security and the Agent Access SDK →

AI agent credentials and access control: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9257
 

Runtime credential governance is the real control gap, not agent visibility. The article shows that the problem is not whether teams can see AI agents, but whether they can govern every credential release those agents can trigger. Once an agent can request secrets in the middle of task execution, traditional static access models no longer describe actual exposure. Practitioners should treat runtime credential release as the governance boundary.

A few things that frame the scale:

  • 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
  • Only 44% have implemented any policies to govern AI agents, even though 92% agree governance is critical to enterprise security, according to the same report.

A question worth separating out:

Q: Who is accountable when an AI agent uses a credential outside its intended scope?

A: Accountability stays with the organisation that defined the agent's access path and release controls. If an agent can exceed scope, the issue is not just the model's behaviour, but the absence of governance around approval, scoping, and revocation. Security, IAM, and the business owner all need a clear control owner.

👉 Read our full editorial: AI agent credential security exposes the governance gap in IAM



   
ReplyQuote
Share: