Notifications
Clear all
Topic starter
12/06/2026 9:38 pm
TL;DR: More than two-thirds of organisations suspect AI agents have already accessed data beyond intended scope, and the article argues that point-in-time IAM is not enough once agents can act continuously in production, according to Akeyless. The deeper issue is that access review assumes privilege is stable long enough to be reviewed, which autonomous behaviour can erase within a session.
NHIMG editorial — based on content published by Akeyless: a control-by-control mapping of Anthropic's Zero Trust Framework for AI Agents
Questions worth separating out
Q: How should security teams govern AI agents that can act after authentication?
A: Security teams should move beyond login-time approval and enforce controls throughout the session.
Q: Why do AI agents create more identity risk than ordinary automation?
A: AI agents can choose actions at runtime, which means their behaviour can drift beyond the assumptions baked into the original access grant.
Q: What breaks when agents are given long-lived credentials?
A: Long-lived credentials create a persistent object that can be exposed in prompts, logs, repositories, integrations, or runtime memory.
Practitioner guidance
- Identify which agent workflows still rely on login-time trust Review production AI agent paths and separate those that only authenticate from those that actually require per-action governance, then move high-risk flows to continuous enforcement.
- Remove standing secrets from agent execution paths Shift the most sensitive workflows toward brokered, secretless access so agents never possess reusable API keys, passwords, or tokens in the first place.
- Require command-level policy checks for sensitive actions Apply policy evaluation to each high-risk command, especially where agents can modify records, trigger workflows, or reach production infrastructure.
What's in the full article
Akeyless's full article covers the operational detail this post intentionally leaves for the source:
- A control-by-control mapping between Anthropic's framework tiers and the Runtime Authority architecture
- Detailed explanations of the Gateway enforcement path, including how policy, inspection, and auditing are chained together
- Examples of how dynamic secrets, zero direct connectivity, and in-session response masking operate in production workflows
- The product's own table mapping framework guidance to operational controls, which is useful if you are implementing rather than evaluating
👉 Read Akeyless's analysis of zero trust controls for AI agent runtime governance →
AI agent runtime governance: are your controls keeping up?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
12/06/2026 11:51 pm
Runtime governance is now the dividing line between access and control. AI agents do not just consume credentials, they act after authentication in ways classic IAM was never built to supervise. That changes the governance problem from identity proof to behaviour containment, which is why runtime control is becoming the relevant security primitive for autonomous systems. Practitioners should treat session enforcement as the boundary, not the login event.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who is accountable when an AI agent takes an unintended action?
A: Accountability should follow the full execution chain, not just the token or service account that executed the request. Organisations need to know who initiated the agent, what policy allowed the action, and what evidence exists for the decision. Without that chain, audit records can describe activity but not explain responsibility, which weakens both governance and incident response.
👉 Read our full editorial: AI agent runtime governance is replacing point-in-time access control
