TL;DR: Shadow AI agents are already inside organisations and securing their credential access requires a new access model built around just-in-time permissions, end-to-end encryption, and human-in-the-loop approvals, according to Bitwarden. The governance problem is no longer whether agents will need secrets, but whether IAM, PAM, and NHI controls can bound access before autonomous behaviour expands the blast radius.
NHIMG editorial — based on content published by Bitwarden: Shadow AI agents are already in your organization. Here's how to secure their credential access with Agent Access SDK
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
Questions worth separating out
Q: How should security teams govern credential access for AI agents?
A: Treat agent credential access as a distinct identity path with its own ownership, approval, and revocation rules.
Q: Why do AI agents complicate traditional NHI controls?
A: Because traditional NHI controls usually assume the access need is known when the identity is provisioned.
Q: What do teams get wrong about just-in-time access for agents?
A: They often assume that temporary access automatically means safe access.
Practitioner guidance
- Inventory agent credential paths Map every place an AI agent can obtain secrets, tokens, or delegated access, including developer tooling, shared vaults, and pipeline integrations.
- Bind access to a task scope Issue credentials only for the smallest operational unit the agent needs, and prevent reuse across unrelated tools or sessions.
- Require approval and logging together Do not treat human approval as sufficient unless the same workflow also records the request, the decision, and the resulting actions.
What's in the full article
Bitwarden's full blog covers the operational detail this post intentionally leaves for the source:
- The three credential security risks the vendor says come with AI agent adoption, with implementation context for each one.
- The Agent Access SDK workflow and how it is positioned to support least-privilege access patterns for agents.
- Practical examples of just-in-time permissions and human-in-the-loop approval flow for agent credential requests.
- The vendor’s explanation of how end-to-end encryption fits into agent credential access governance.
👉 Read Bitwarden's analysis of shadow AI agents and credential access →
Shadow AI agents and credential access: are your controls ready?
Explore further
Shadow AI agent credential access is an identity governance problem before it is an AI problem. The article’s core signal is that credentials given to agents create a governance path that existing application and human IAM models do not fully describe. When access can be requested, reused, and chained by software operating outside traditional approval rhythms, the organisation needs identity controls that follow the actor, not just the application.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
A question worth separating out:
Q: Who should be accountable when an AI agent misuses a credential?
A: Accountability should sit with the team that owns the agent workflow, the identity provider, and the approving business owner, because all three influence the access path. A good control model records who authorised the grant, who operated the identity, and who can revoke it before further damage occurs.
👉 Read our full editorial: Shadow AI agents and credential access: what changes for IAM