Notifications
Clear all
Topic starter
08/06/2026 5:07 pm
TL;DR: AI agents need broad, persistent, delegated access across multiple tools, but traditional machine-to-machine authentication, RBAC, and human-centric login patterns do not match their unpredictable runtime behaviour, according to WorkOS. The core problem is assumption collapse: identity models built for stable, reviewable access cannot govern actors that act, escalate, and chain delegation in-flight.
NHIMG editorial — based on content published by WorkOS: Identity for AI: Who Are Your Agents and What Can They Do?
Questions worth separating out
Q: How should security teams govern AI agents that need access across multiple business tools?
A: Treat each agent as a distinct identity with its own scoped permissions, then bind those permissions to a human delegator and a specific task.
Q: Why do traditional RBAC models struggle with AI agent access?
A: RBAC struggles because agents do not behave like stable human roles.
Q: How can organisations keep AI agent actions auditable?
A: Log the full delegation chain, from the delegating user through each agent hop to the final system touched.
Practitioner guidance
- Separate agent identity from human identity Issue each agent its own credential set and bind it to the delegating user so logs, revocation, and policy decisions stay attributable.
- Adopt task-scoped capability tokens Replace broad standing access with short-lived rights that encode a single purpose, a narrow target system, and a clear expiry.
- Instrument delegation-chain logging end to end Record every hop from user to agent to sub-agent to external service so investigators can reconstruct who authorised what, where, and when.
What's in the full article
WorkOS's full analysis covers the operational detail this post intentionally leaves for the source:
- Implementation examples for persona shadowing across identity providers and application layers
- How delegation chains can be encoded with JWTs, UMA, OIDC-A, and verifiable credentials
- The practical trade-offs between persistent sessions, capability tokens, and human-in-the-loop escalation
- Where current tools such as AuthKit, FGA, and workload identity patterns fit in real agent deployments
👉 Read WorkOS's analysis of AI agent identity, delegation, and capability tokens →
AI agent identity and access: where traditional IAM breaks?
Explore further
08/06/2026 7:08 pm
AI agent identity is exposing an assumption collapse in IAM, not just a new control gap. Traditional identity design assumes an actor’s access can be named, bounded, and reviewed before the session unfolds. That assumption fails when the actor can choose tools, chain delegation, and continue acting across multiple systems with non-deterministic intent. The implication is that agent governance cannot be an extension of human access review cadence alone.
A few things that frame the scale:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means most teams cannot reliably account for non-human credential exposure during investigations.
A question worth separating out:
Q: What should teams do when an AI agent needs to escalate access dynamically?
A: Require explicit policy for escalation, then constrain it to narrowly defined contexts and time windows. Dynamic privilege should never become open-ended standing access just because the agent is useful. Teams should define which actions can self-authorise, which need human approval, and how the extra access is revoked after the task finishes.
👉 Read our full editorial: AI agent identity breaks traditional IAM assumptions
