TL;DR: AI agents act through non-human identities such as service accounts, access keys, OAuth grants, and roles, so prompt filters and model guardrails do not address the real control plane, according to Clutch Security. The identity layer, not the model layer, is where governance, accountability, and blast radius now concentrate.
NHIMG editorial — based on content published by Clutch Security: Securing the Agent Is Half the Job. The Other Half Is Its Agency
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: How should security teams govern AI agents that use non-human identities?
A: Start by governing the credential, not the model.
Q: Why do AI agents complicate non-human identity governance?
A: Because the systems they touch authorise credentials, not intent.
Q: What breaks when organisations secure the model but not the credential?
A: The organisation loses the real control point.
Practitioner guidance
- Map every agent to its underlying credential Inventory the access key, token, service account, OAuth app, or role that actually authenticates the agent, then record the human owner, task scope, and revocation path for each one.
- Eliminate copied credentials across endpoints and pipelines Treat .env files, CI configs, secrets stores, and chat exports as separate exposure points.
- Baseline identity behaviour, not prompt content Watch what each credential normally touches, from where, and at what rate, then alert on unusual API targets, new regions, or unexpected write actions from the same identity.
What's in the full article
Clutch Security's full blog post covers the operational detail this analysis intentionally leaves for the source:
- How different agent deployment patterns map to specific credential types such as access keys, service accounts, and OAuth apps.
- The practical examples of where agent credentials are usually copied, stored, and forgotten across endpoints and pipelines.
- The incident-response blind spots that appear when logs show only authorised identity activity and not the original delegation context.
- The article's recommended next-step checklist for teams that want to move from model guardrails to identity governance.
👉 Read Clutch Security's analysis of AI agent agency and credential risk →
AI agent credentials and identity lineage: what teams are missing?
Explore further
Agency is not intelligence, it is credential authority. The article is right to separate model capability from operational reach, because downstream systems do not authorise a prompt, they authorise a secret, token, or role. That means the security question is not whether the agent sounds autonomous, but whether the identity underneath it has been governed as an NHI. Practitioners should treat AI agents as fast consumers of pre-existing identity risk, not as a separate security category.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- Only 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: What is the difference between agent guardrails and identity governance?
A: Agent guardrails shape model behaviour, while identity governance constrains what the agent can actually do. They are complementary, not interchangeable. A well-behaved model with broad credentials can still cause major exposure, so access scope, federation, and revocation must be governed separately.
👉 Read our full editorial: AI agent agency depends on credentials enterprises are not governing