Notifications
Clear all
Topic starter
11/06/2026 11:30 pm
TL;DR: Securing non-human identities and AI agents requires inventory, least privilege, externalized authorization, data-layer filtering, prompt validation, monitoring, and development-time controls, according to Cerbos. The central lesson is that identity security fails when credentials, policy, and runtime behaviour are treated as separate problems, while examples include the 2025 Supabase MCP prompt-injection incident and Cloudflare’s token compromise.
NHIMG editorial — based on content published by Cerbos: principles for securing non-human identities and AI agents
By the numbers:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: How should security teams implement least privilege for non-human identities?
A: Start with no access, then grant only the permissions required for the specific task, environment, and duration.
Q: Why do service accounts and API keys create so much risk when they are over-scoped?
A: Because a single compromised machine credential can expose many systems if the identity is shared, long-lived, or broadly trusted.
Q: What breaks when authorization is embedded inside application code for AI agents?
A: Application-embedded authorization becomes inconsistent across services, hard to update, and vulnerable to agent behaviour that bypasses intended guardrails.
Practitioner guidance
- Build a complete NHI inventory Map every service account, API key, token, certificate, and AI agent to an owner, purpose, environment, TTL, and rotation policy.
- Move NHI authorisation into a central policy layer Remove permission logic from application code and enforce access through a distributed policy decision point that checks identity, action, and context on each request.
- Use short-lived credentials by default Issue ephemeral credentials through secure vaults or workload identity patterns so leaked keys have less value.
What's in the full article
Cerbos's full guide covers the operational detail this post intentionally leaves for the source:
- Step-by-step implementation guidance for vaulting, rotating, and retiring non-human credentials
- Practical patterns for policy-based authorization and attribute-based access control in machine workflows
- Detailed examples of securing AI agent prompts, retrieval paths, and output filtering
- Discussion of operational trade-offs when embedding identity controls into development and deployment pipelines
👉 Read Cerbos's guide to securing non-human identities and AI agents →
NHI security principles: what changes for AI agents and machine access?
Explore further
12/06/2026 8:11 am
Identity inventory is the control plane for NHI security, not an administrative afterthought. If organisations cannot enumerate every service account, token, certificate, and agent, they cannot govern rotation, ownership, or retirement with confidence. That is why shadow identities and orphaned credentials remain a structural weakness rather than a hygiene issue. The practitioner conclusion is simple: the inventory is the control surface.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: Who is accountable when an AI agent exposes sensitive data through a prompt injection path?
A: Accountability sits with the team that allowed the agent to access sensitive data without sufficient containment, not with the prompt alone. The key issues are identity scope, retrieval boundaries, and logging. Organisations should map responsibility across IAM, platform, security engineering, and the product owner so incident response and control ownership are clear.
👉 Read our full editorial: Non-human identity security principles for controlling AI agent risk
