Notifications
Clear all
Topic starter
14/05/2026 4:43 pm
TL;DR: Black Hat Europe 2026 will draw 10,000+ security professionals to London, with GitGuardian using the event to showcase secrets security, NHI governance, and agentic AI security capabilities, according to GitGuardian. The practical question is no longer whether these risks matter, but how fast teams can operationalise governance before exposure becomes routine.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Black Hat Europe 2026 runs from Dec 08, 2026 to Dec 10, 2026 at ExCeL London.
Questions worth separating out
Q: How should security teams govern non-human identities in practice?
A: Start with ownership, lifecycle, and least privilege.
Q: Why do AI agents complicate existing IAM controls?
A: AI agents complicate IAM because they are active identities that can request tools, chain actions, and operate across systems faster than human review cycles.
Q: What is the difference between secrets rotation and NHI governance?
A: Secrets rotation changes the credential, but NHI governance governs the full identity lifecycle behind it.
Practitioner guidance
- Inventory all machine identities Map service accounts, API keys, tokens, certificates, and agent credentials to owners, systems, and expiration dates before the next access review.
- Tie secrets to runtime policy Require every secret used by automation or AI agents to have a defined runtime scope, an explicit purpose, and a revocation path.
- Add task-scoped controls for agents Restrict agent access to the minimum tool set needed for a given workflow and revoke access automatically when the task ends.
For practitioners, the signal is to align NHI inventory, secret lifecycle controls, and agent authorization under one operating model rather than three disconnected workstreams?
👉 Read GitGuardian's Black Hat Europe 2026 event details and meeting options →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 4:45 pm
A few things worth adding from our research at NHI Mgmt Group.
NHI governance is moving from a back-office hygiene function to a board-relevant control plane. The source material places secrets security, NHI governance, and agentic AI security in the same event narrative, which reflects how practitioners now experience the problem. Identity risk is no longer confined to human login flows. Teams should expect governance discussions to move closer to operational resilience and audit readiness.
A few things that frame the scale:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: When should organisations treat agent access as a privileged access problem?
A: Whenever an agent can call production tools, access sensitive data, or act without human approval at each step. At that point, the issue is no longer just automation. It is high-risk execution authority, and controls should look like privileged access management with shorter duration, tighter scope, and stronger auditability.
👉 Read our full editorial: Black Hat Europe 2026 spotlights NHI governance and agentic AI risk
