TL;DR: Moltbot, an open-source local AI agent, can keep acting under a human’s identity even when that person is offline, blending cloud reasoning with local execution and exposing a governance gap in how organisations distinguish users from autonomous extensions, according to Silverfort. The real issue is not bot behaviour alone but the collapse of identity assumptions built for human-paced access and review.
NHIMG editorial — based on content published by Silverfort: Moltbot and the rise of hybrid identities
Questions worth separating out
Q: How should organisations govern AI agents that act under a human identity?
A: Treat the human account and the agent executor as separate governance subjects.
Q: Why do local AI agents complicate identity and access management?
A: They can retain legitimate permissions while changing timing, prioritisation, and action sequence outside human presence.
Q: What breaks when collaboration apps become agent command channels?
A: Visibility breaks first, because approved messaging tools can look like normal work while carrying execution instructions.
Practitioner guidance
- Separate human intent from agent execution Map where a person initiates work and where an AI agent continues it under the same identity.
- Inspect approved messaging channels as control paths Review Slack, Telegram, WhatsApp, and similar tools as potential agent command channels, then restrict what instructions or tokens can move through them.
- Limit persistent local context and token reuse Reduce the amount of memory, credentials, and workflow state an agent can retain on an endpoint.
What's in the full article
Silverfort's full analysis covers the operational detail this post intentionally leaves for the source:
- Step-by-step examples of how Moltbot behaves across local execution, cloud reasoning, and human delegation.
- More detail on the endpoint and messaging-path attack surface that makes agent control hard to observe.
- The article's specific recommendations for behaviour-based guardrails and identity-layer monitoring.
- The full discussion of why hybrid identities challenge the distinction between a user account and an executing system.
👉 Read Silverfort's analysis of Moltbot and hybrid identity risk →
Local AI agents and hybrid identity risk: are controls keeping up?
Explore further
Human identity and autonomous execution are now colliding in the same control plane. Moltbot is not just another automation layer. It demonstrates that a human account can become the wrapper for machine-paced execution while the organisation still sees a normal user. That breaks the way many identity programmes separate user presence from action, and it forces IAM teams to treat execution context as an identity problem, not only an application problem. The practitioner conclusion is that attribution and authorisation can no longer be assumed to move together.
A few things that frame the scale:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities.
A question worth separating out:
Q: Who is accountable when an AI agent acts after the user is offline?
A: Accountability should follow the governance model for delegated execution, not just the named human owner. If the organisation allows an agent to continue acting on a person’s behalf, it must define who approves the delegation, who can revoke it, and who reviews the resulting actions.
👉 Read our full editorial: Hybrid identity governance is breaking under local AI agents