AI agent identity security and the access-trust gap

TL;DR: As AI tools and non-human identities expand beyond SSO and PAM coverage, 1Password argues that enterprises now face an access-trust gap created by application sprawl, device heterogeneity, and unmanaged credentials, based on its webinar and report. The core issue is that identity controls built for stable human access do not map cleanly to autonomous agents and other NHIs.

NHIMG editorial — based on content published by 1Password: Inside 1Password’s Enterprise Identity Transformation

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

Questions worth separating out

Q: How should security teams govern AI agent access in enterprise environments?

A: Security teams should govern AI agent access as a runtime identity problem.

Q: Why do SSO and PAM leave gaps for NHIs and AI agents?

A: SSO and PAM are designed around stable, mostly human access paths.

Q: What breaks when organisations treat AI agents like ordinary users?

A: What breaks is the assumption that access review, role assignment, and device confidence can be applied on a human schedule.

Practitioner guidance

• Map the unmanaged access boundary Identify which apps, devices, service accounts, and agents sit outside SSO and PAM coverage, then classify them as separate governance populations.
• Inventory AI agents and shadow AI paths Build discovery into your identity programme so agents, credentials, and delegated access paths are visible before they are allowed to scale.
• Separate human, NHI, and agent trust rules Apply different access assumptions to users, service accounts, and autonomous tools so device trust and runtime scope are evaluated correctly for each actor type.

What's in the full article

1Password's full article covers the operational detail this post intentionally leaves for the source:

• How 1Password positions Extended Access Management across password management, device trust, and SaaS governance
• The webinar discussion with Francis Odum, Abe Ankumah, and Blaine Carter on closing the access-trust gap
• The product capabilities described for discovering shadow AI and providing time-bound access to agents
• The customer perspective on managing productivity without expanding standing privilege

👉 Read 1Password's analysis of the access-trust gap and AI agent identity →

AI agent identity security and the access-trust gap?

Explore further

View Full Forum →  |  NHI Foundation Course →