Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent drift and runtime authorization: are your controls ready?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Enterprises are moving AI agents into load-bearing workflows where a binary kill switch can create a second incident by breaking regulated processes, according to Cerbos. The real governance problem is runtime authorization and scoped revocation, because agent drift can happen inside the same operational window that legacy IAM review cycles assume.

NHIMG editorial — based on content published by Cerbos: AI agent governance needs a dimmer switch, not a kill switch

By the numbers:

Questions worth separating out

Q: What breaks when organisations use a kill switch for AI agent governance?

A: A kill switch can stop the agent, but it also stops the workflow, drops context, and can create a new operational or compliance incident.

Q: Why do AI agents complicate existing IAM and NHI controls?

A: AI agents complicate identity controls because their risky behaviour often happens during execution, after provisioning-time approvals have already been granted.

Q: How do security teams know whether AI agent governance is actually working?

A: A working programme can show what policy was in effect at the time of each decision, how access changed during an incident, and whether the workflow stayed within approved boundaries.

Practitioner guidance

  • Define graded restriction states for AI agents Pre-build policy states that move an agent from full access to read-only, then to tightly scoped tool use, and finally to no write capability.
  • Put policy enforcement in the request path Use externalised authorization so each agent action is checked against current policy at execution time.
  • Separate drift handling from compromise handling Write incident procedures that distinguish an agent drifting outside its authorised plan from an agent being actively compromised.

What's in the full article

Cerbos's full guide covers the operational detail this post intentionally leaves for the source:

  • Policy enforcement architecture for AI agent request paths and externalised authorization
  • Practical examples of scoped access reduction from full access to read-only and then to zero
  • How to preserve audit trails for incident response, SOC 2, ISO 27001, HIPAA, and PCI DSS
  • Shared vocabulary teams can use when explaining drift, containment, and policy changes to executives

👉 Read Cerbos's guide to runtime authorization for AI agent governance →

AI agent drift and runtime authorization: are your controls ready?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Binary AI shutdown is the wrong governance primitive for load-bearing agents. The kill switch model assumes an agent can be stopped without creating a second operational failure, but that assumption does not hold once agents are embedded in regulated workflows. In practice, shutdown can break continuity, remove context, and create an audit problem of its own. The implication is that agent governance must be designed around containment without process collapse, not around a single emergency off switch.

A few things that frame the scale:

  • 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
  • Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.

A question worth separating out:

Q: Who is accountable when an AI agent must be slowed down instead of shut off?

A: Accountability sits with the team that owns the policy, the workflow, and the incident response playbook, not with the agent itself. Regulators and auditors will expect a documented rationale for why access was reduced, who approved it, and what evidence supports the decision. Shared ownership without clear control authority usually becomes no ownership at all.

👉 Read our full editorial: AI agent governance needs a dimmer switch, not a kill switch



   
ReplyQuote
Share: