Notifications
Clear all
Topic starter
09/06/2026 11:23 pm
TL;DR: AI agents can gain new access through feature updates, tool wiring, scope expansion, and vendor changes without any review event firing, leaving lifecycle governance blind to privilege creep and unauthorised reach, according to Opnova. The control assumption that access changes are captured at the right moment collapses when agent identity changes happen inside workflows, not through HR or IGA triggers.
NHIMG editorial — based on content published by Opnova: Blog Mover for AI Agents, the promotion nobody approved
By the numbers:
- Only 12% of organizations report automated lifecycle management for machine identities.
Questions worth separating out
Q: What breaks when AI agent access changes do not generate a mover event?
A: The certification model breaks first, because there is nothing discrete for identity governance to review.
Q: Why do AI agents complicate lifecycle governance more than human movers?
A: Human movers are usually tied to HR events, manager approval, and access review cycles.
Q: How can security teams measure whether agent mover governance is working?
A: They should measure how often access changes are detected through technical events rather than after the fact, and whether the full entitlement union for each agent can be reconstructed from connected systems.
Practitioner guidance
- Define non-HR mover triggers for AI agents Build review triggers around model updates, new OAuth scopes, tool wiring, and vendor posture changes so access changes do not depend on Workday or manager action.
- Reconstruct the union of agent privilege Inventory every OAuth grant, service account, session, and API key tied to a logical agent identity, then reconcile those records into one entitlement view.
- Tie recertification to capability changes Force a recertification event whenever the upstream vendor changes model behaviour or expands the agent's feature set, even if the internal owner did not request a change.
What's in the full article
Opnova's full blog covers the operational detail this post intentionally leaves for the source:
- The full mover workflow examples for AI agents across approvals, scope expansion, and decommissioning paths.
- The specific real-world scenarios involving notetakers, vendor updates, and disconnected applications that illustrate lifecycle failure.
- The event-driven recertification logic and SoD triggers described for agent identity governance.
- The series context that connects Joiner, Mover, and Leaver into a complete AI agent lifecycle model.
👉 Read Opnova's analysis of AI agent mover workflows and lifecycle blind spots →
AI agent mover events: what IAM teams are missing today?
Explore further
10/06/2026 1:42 am
Agent mover governance fails because the review event no longer exists: The human mover model assumes a discrete transfer that can be certified after the fact. That assumption fails when an AI agent's permissions change inside a workflow, a release, or a vendor update, because no durable review artefact is created. The implication is not simply more automation. It is that lifecycle governance must be rebuilt around events the enterprise can actually observe.
A few things that frame the scale:
- Only 12% of organizations report automated lifecycle management for machine identities, according to Ultimate Guide to NHIs.
- Only 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, which leaves change detection and offboarding fragmented across systems.
A question worth separating out:
Q: Who is accountable when an AI vendor changes an agent's capabilities without notice?
A: Accountability sits with the enterprise owner of the identity graph, not just the vendor. If the vendor changes capability and the organisation has no automated recertification or freeze path, the internal governance failure is the inability to prove what was approved, what changed, and who accepted the risk.
👉 Read our full editorial: AI agent mover workflows are breaking traditional identity governance
