Notifications
Clear all
Topic starter
06/06/2026 2:07 am
TL;DR: AI agents are moving from experimentation to execution layers, taking actions through APIs, SSH, file systems, and databases, which shifts the security problem from static access to runtime decision-making, according to SSH Communications Security. Traditional PAM controls still matter, but they now need ephemeral identity, fine-grained authorization, and full session visibility because the agent decides how to use its access.
NHIMG editorial — based on content published by SSH Communications Security: AI agents, PAM, and privileged access controls
Questions worth separating out
Q: How should security teams govern AI agents that need privileged access?
A: Treat AI agents as non-human identities with their own lifecycle, access scope, and audit trail.
Q: Why do AI agents complicate traditional PAM models?
A: Traditional PAM assumes access is relatively stable and can be mediated around known operators or fixed service identities.
Q: What breaks when agents are given a human user's permissions?
A: Privilege cloning inflates access because human workflows and machine workflows are not the same.
Practitioner guidance
- Classify AI agents as non-human identities with lifecycle controls Create an explicit inventory of agent runtimes, associated systems, and access pathways so AI agents are governed as non-human identities rather than ad hoc automations.
- Broker access through PAM instead of exposing reusable secrets Use PAM-mediated access for target systems and reserve vaulted credentials for only the cases where direct issuance is unavoidable; keep issuance short-lived and task-scoped.
- Apply endpoint-level authorization to agent actions Define policies at the API endpoint, HTTP method, SSH command, and context level so the agent cannot exceed its task simply because it has a valid session.
What's in the full article
SSH Communications Security's full article covers the operational detail this post intentionally leaves for the source:
- How its PAM-mediated access model brokers sessions for AI agents without exposing reusable target credentials
- The practical split between vaulted credentials and short-lived certificates for agent access
- Where session recording and SIEM streaming fit into agent observability at implementation time
- How granular authorization can be applied to SSH commands, API endpoints, and methods
👉 Read SSH Communications Security's analysis of AI agent access and PAM controls →
AI agent identities in PAM environments: what changes now?
Explore further
06/06/2026 3:36 am
AI agent identity is now an execution problem, not a model problem. The article’s strongest signal is that agents are no longer merely producing recommendations, they are acting across HTTP, SSH, file systems, and databases. That moves the control discussion from AI output governance into identity and privilege governance. In NHI terms, the identity is no longer passive infrastructure; it is an execution layer that can initiate tool use. Practitioners should treat this as a governance boundary shift, not a product feature shift.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Another finding from the same research shows that 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can organisations tell whether AI agent governance is actually working?
A: Look for evidence that agent access is ephemeral, traceable, and constrained at the action level. If the organisation cannot show which runtime acted, what it touched, and which endpoint or command it used, then governance is still too coarse. Effective control produces auditable decisions, not just authentication events.
👉 Read our full editorial: AI agent identity and PAM controls need a new operating model
