TL;DR: Identity programmes now have to govern runtime access use, not just static entitlements, across mixed actor types, as 1Password’s appointment of Dr. Manoj Apte to its board reflects a broader shift toward continuous access, delegated authority, and identity governance for humans, machine identities, and AI agents, according to 1Password.
NHIMG editorial — based on content published by 1Password: April 7, 2026 board appointment of Dr. Manoj Apte and the company’s identity security position for humans and AI agents
Questions worth separating out
Q: How should security teams govern AI agents that use delegated access?
A: Security teams should bind delegated access to a narrow task, a clear authority chain, and a short lifespan.
Q: Why do AI agents change IAM and PAM assumptions?
A: AI agents change IAM and PAM assumptions because they can act continuously, use tools directly, and execute without the human pacing that traditional review cycles expect.
Q: What breaks when access is treated as permanent in agentic workflows?
A: Permanent access breaks accountability, because you can no longer prove whether a credential was still needed, who actually used it, or whether the action stayed inside the original purpose.
Practitioner guidance
- Map delegated authority chains Inventory where humans delegate to applications, service accounts, and AI-driven workflows.
- Tighten task-scoped credential lifetimes Replace broad, reusable access with credentials that expire with the task and cannot be reused outside the approved workflow.
- Unify audit trails across humans and non-humans Correlate identity events from SSO, vaults, cloud logs, and workflow systems so you can reconstruct who acted, what credential was used, and whether the action stayed inside authority.
What's in the full analysis
1Password's full article covers the board and strategy context this post intentionally leaves for the source:
- Dr. Manoj Apte’s background and why 1Password links it to Zero Trust and agentic access.
- The company’s own framing of Unified Access across humans, machine identities, and AI workflows.
- Specific product and platform positioning around discovering, securing, and auditing credential use.
- The broader 1Password market narrative and related resource links for readers who need the vendor’s full context.
👉 Read 1Password’s board appointment note on identity security for humans and AI agents →
AI agents and identity security: what 1Password’s board move means?
Explore further
Identity security is becoming a governance problem for authority chains, not just accounts. The article reflects a broader market shift: organisations are no longer trying to secure only users or only machine identities, but the delegation chain between them. That means the control question changes from “who authenticated?” to “who authorised the action and under what scope?” Practitioners should treat identity governance as a runtime discipline rather than a provisioning-only process.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who should own governance when humans and AI agents share access paths?
A: Ownership should sit with the identity, security, and platform teams jointly, because the control problem spans human delegation, machine credentials, and runtime auditability. If each team manages only its own layer, no one can reconstruct the full action chain or revoke access cleanly when the workflow changes.
👉 Read our full editorial: 1Password’s board move signals identity security for agents