Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent identity and delegated access: are your controls ready?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: AI agents share core identity needs with people, but their ephemeral lifecycles, 80-to-1 scale, and multi-hop delegation chains break static IAM models, according to Strata Identity. Access review processes assume identities persist long enough to be reviewed; agents can appear and disappear within a task.

NHIMG editorial — based on content published by Strata Identity: AI agents are people too

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents that act on behalf of users?

A: Security teams should treat each agent as a distinct identity with explicit delegation metadata, scoped authority, and an auditable chain back to the originating user or system.

Q: Why do AI agents complicate zero trust and least privilege programmes?

A: AI agents complicate those programmes because their permissions are often task-specific, short-lived, and context-dependent, while traditional controls assume stable identities and predictable access patterns.

Q: What breaks when AI agents are managed like service accounts?

A: What breaks is the assumption that a durable account model can represent a transient actor.

Practitioner guidance

  • Assign each agent a first-class identity Create a named identity for every agent and attach delegation metadata that records who or what it acts on behalf of, what task it may perform, and when authority expires.
  • Move agent access to just-in-time issuance Replace pre-provisioned agent accounts with task-scoped credentials that are issued only when needed and retired immediately after completion.
  • Trace every delegation hop Log the full delegation chain across human, system, and agent actors so that each action can be tied back to a verifiable authority path during incident response.

What's in the full article

Strata Identity's full article covers the operational detail this post intentionally leaves for the source:

  • A practical breakdown of how Maverics Agentic Identity creates and retires agent identities per task.
  • Details on OAuth orchestration patterns such as OBO, token exchange, DPoP, PKCE, and CAEP.
  • Examples of how cross-domain federation and delegated access are enforced in real workflows.
  • The vendor's hands-on lab and sandbox flow for testing agent authentication and authorization decisions.

👉 Read Strata Identity's analysis of AI agent identity and delegated access →

AI agent identity and delegated access: are your controls ready?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

AI agent identity is not a stronger version of service-account governance. It is a different identity problem. Service accounts assume stable purpose and predictable scope, while agents may select tools, change paths, and complete tasks in seconds. That means the governance unit is no longer the account alone but the action chain, delegation chain, and runtime context. Practitioners should treat agent identity as its own control plane, not a renamed workload identity.

A few things that frame the scale:

  • Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, according to The 2024 Non-Human Identity Security Report.
  • 23.7% of organisations share secrets through insecure methods such as email or messaging applications.

A question worth separating out:

Q: How can organisations make AI agent actions auditable?

A: Organisations need logs that connect each action to a specific agent identity, the delegator, the purpose, the tokens used, and the downstream systems touched. Auditability should cover the entire delegation chain, not just the final API call. If the record stops at the application layer, it will not support compliance, incident response, or accountability.

👉 Read our full editorial: AI agent identity needs first-class IAM, not static service accounts



   
ReplyQuote
Share: