Workforce vs customer AI agents: where IAM controls diverge

TL;DR: Enterprises are deploying AI agents on both sides of the firewall, but workforce agents and customer agents create different identity risks, from internal blast radius to cross-tenant leakage, according to Aembit. The governance gap is not access alone, but the assumption that human IAM patterns can govern machine-speed delegation.

NHIMG editorial — based on content published by Aembit: Workforce and customer agents and how to secure them

By the numbers:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

Questions worth separating out

Q: What breaks when AI agent access relies on long-lived secrets?

A: Long-lived secrets let AI agents carry persistent access far beyond the task they were created for.

Q: Why do customer AI agents complicate tenant isolation?

A: Customer agents often operate on behalf of a user while sharing infrastructure across many customers.

Q: What do security teams get wrong about AI agent identity governance?

A: They often assume human IAM patterns can be reused with minor adjustments.

Practitioner guidance

• Separate internal and external agent trust zones Define workforce and customer agent policies in different trust zones, even if they share the same platform.
• Replace static secrets with runtime attestation Use workload identity attestation and short-lived tokens for agent authentication so there are no long-lived credentials to rotate or steal.
• Bind delegated access to both agent and user identity For customer-facing workflows, issue credentials that are scoped to the user session and the specific tenant, not just to the agent instance.

What's in the full article

Aembit's full guide covers the operational detail this post intentionally leaves for the source:

• Step-by-step secretless authentication patterns for internal workforce agents running in Kubernetes and cloud environments.
• High-volume identity verification patterns for customer-facing agents that cannot tolerate central IAM bottlenecks.
• Blended identity and token exchange design for delegated customer workflows.
• Operational examples for revoking agent access instantly when posture, session state, or business context changes.

👉 Read Aembit's guide to workforce and customer AI agent identity →

Workforce vs customer AI agents: where IAM controls diverge?

Explore further

View Full Forum →  |  NHI Foundation Course →