Notifications
Clear all
Topic starter
03/06/2026 11:52 am
TL;DR: AI agents are ephemeral, autonomous, and non-deterministic, so the IdP-centric model that assumes persistent identities and issuance-time authorization is already breaking down, according to Akeyless. Runtime evaluation, workload-issued identity, and secretless access are becoming the practical boundary for AI agent governance.
NHIMG editorial — based on content published by Akeyless: You Can’t Inventory an AI Agent: Why the IdP-Centric Model for AI Agent Identity Is Already Failing
By the numbers:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.
Questions worth separating out
Q: How should security teams govern AI agents that act faster than directory enrollment?
A: Govern AI agents at runtime, not by waiting for a persistent directory record to exist.
Q: Why do AI agents break traditional identity and access management models?
A: AI agents break traditional IAM because the model assumes a stable subject, predictable action paths, and authorization decisions made before execution.
Q: What do organisations get wrong about AI agent inventory and visibility?
A: They confuse visibility with control.
Practitioner guidance
- Separate discovery from enforcement Use inventory tools to understand where agents run, but do not treat registration as the control that grants safety.
- Bind trust to workload attestation Prefer runtime-issued identity from cloud IAM, Kubernetes service accounts, OIDC federation, or SPIFFE and SPIRE where the agent proves itself inside the workload environment.
- Add intent checks at execution time Layer runtime enforcement over RBAC and ABAC so an authorised token can still be blocked when the attempted action conflicts with declared purpose, prompt context, or target sensitivity.
What's in the full article
Akeyless's full analysis covers the operational detail this post intentionally leaves for the source:
- Implementation detail for SPIFFE, SPIRE, OIDC, and cloud IAM trust binding across AI workloads
- Gateway enforcement flow examples showing where runtime intent checks intercept agent actions
- Secretless access and just-in-time credential brokering patterns for ephemeral agents
- FAQ coverage of prompt injection handling and workload-issued identity support
👉 Read Akeyless's analysis of AI agent identity governance and runtime enforcement →
AI agent identity governance: are static directories already failing?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
03/06/2026 11:54 am
Inventory fallacy: identity discovery was designed for stable subjects, not transient actors. The assumption that every identity can be discovered, registered, and governed before use works for employees and many service accounts, but it fails when the actor can exist for less than a second. AI agent identity cannot depend on a persistent directory object because the subject may already be gone by the time enrollment completes. The implication is that governance has to move away from inventory as the primary control premise.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What is the difference between workload identity and directory-managed agent identity?
A: Workload identity is issued by the runtime environment that proves the workload exists and belongs in a trust domain. Directory-managed identity assumes the subject is first enrolled and then governed through a persistent record. For AI agents, workload identity maps better to ephemeral execution, while directory-first models create delay and blind spots.
👉 Read our full editorial: AI agent identity governance is shifting to runtime enforcement
