TL;DR: Over-scoped AI agents can turn routine permissions into enterprise-wide blast radius, with one vendor example showing how “just make it work” habits create skeleton-key access across production systems. The real failure is assumption collapse: access review and least-privilege models assume human-paced, stable scopes, but autonomous agents can expand, misuse, and compound permissions at machine speed.
NHIMG editorial — based on content published by Strata Identity: Why your “just make it work” mentality is your biggest security hole
By the numbers:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: What breaks when AI agents are given broad permissions by default?
A: Broad default permissions turn an agent into a reusable compromise path.
Q: Why do AI agents complicate least privilege governance?
A: AI agents complicate least privilege because teams often widen scopes until the workflow works, then leave those permissions in place.
Q: How can security teams tell whether agent permissions are too broad?
A: The clearest signal is whether the agent can still complete its job after permissions are reduced in a sandbox.
Practitioner guidance
- Inventory every agent identity and its effective scope Build a complete register of production agents, their granted permissions, and the systems they can touch.
- Block wildcard permissions in agent production paths Remove `*:*` style grants from day-to-day use and reserve broad access only for tightly controlled break-glass cases.
- Test scope reduction in a sandbox before approving production Clone the agent, reduce permissions step by step, and document what actually breaks.
What's in the full article
Strata Identity's full blog post covers the operational detail this post intentionally leaves for the source:
- Step-by-step Agentic Sandbox workflow for reducing permissions without breaking production jobs
- Policy-as-Code examples for central enforcement using OPA, Cedar, or IDQL
- Practical scope testing scenarios for identifying which permissions are truly required
- Guidance on building monthly scope review routines for agent identities
👉 Read Strata Identity's analysis of AI agent over-scoping and identity blast radius →
AI agent over-scoping: what IAM teams need to control now?
Explore further
Over-scoped AI agents are not just misconfigured identities, they are pre-positioned compromise paths. When a machine identity is granted broad access to keep a workflow moving, the entitlement itself becomes the weakness. The problem is not whether the agent is useful, but whether its scope has already exceeded the trust boundary that governance assumed. Practitioners should treat excess privilege as active exposure, not latent inefficiency.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which helps explain why agent and machine identity over-scoping persists unnoticed.
A question worth separating out:
Q: Who should own AI agent access decisions in an IAM programme?
A: Ownership should sit with the identity or security function, not the developer who needs the workflow to ship. Developers can describe operational need, but IAM, PAM, or NHI governance should set the policy boundary and enforce it centrally. That prevents local convenience from becoming permanent over-privilege.
👉 Read our full editorial: AI agent over-scoping is the real enterprise security hole