AI agent identity across protocols: what IAM teams are missing

TL;DR: AI agents increasingly authenticate across LLM providers, SaaS APIs, cloud services, and MCP tools in a single task, creating multi-protocol identity gaps that secrets managers, OAuth, and managed identities only partially cover, according to Aembit. The governing problem is not credential use itself, but protocol fragmentation that leaves trust boundaries and delegation chains exposed.

NHIMG editorial — based on content published by Aembit: AI agent identity gaps across APIs, cloud, and LLMs

By the numbers:

• Growing at a CAGR of roughly 46% and increasingly deployed across production environments, AI agents create authentication gaps that no single-protocol security solution can close.
• AI-related credential leaks surged 81.5% year-over-year in 2025, with the surrounding AI infrastructure leaking 5x faster than core LLM providers.

Questions worth separating out

Q: How should security teams govern AI agents that use multiple credential types?

A: Security teams should govern the agent as one workload while still treating each credential type as a separate issuance and revocation domain.

Q: Why do AI agents complicate traditional workload identity controls?

A: AI agents complicate workload identity because they can hold several credentials across several trust boundaries in one task.

Q: What breaks when secrets rotation is the only control for AI agents?

A: Rotation alone breaks because it protects stored secrets but does not govern runtime use, memory residency, or cross-protocol transitions.

Practitioner guidance

• Map every credential type an agent can hold Inventory API keys, OAuth tokens, managed identities, MCP tokens, and any service-specific session material used in one agent workflow.
• Replace persistent initialization secrets with per-task issuance Move away from SDK configurations that keep long-lived credentials resident for the whole process.
• Correlate delegation across providers Preserve a shared identifier across LLM calls, SaaS access, cloud access, and tool-server interactions so investigators can reconstruct the full path instead of stitching together partial logs after an incident.

What's in the full article

Aembit's full article covers the operational detail this post intentionally leaves for the source:

• SDK-specific credential handling patterns for OpenAI, Anthropic, and Google Generative AI integrations
• A deeper walkthrough of how environment-based attestation brokers access across multiple trust domains
• Practical examples of just-in-time credential injection for API keys, OAuth tokens, and cloud session tokens
• Unified audit visibility patterns for reconstructing delegation chains across providers

👉 Read Aembit's analysis of AI agent identity across multiple authentication protocols →

AI agent identity across protocols: what IAM teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →