Notifications
Clear all
Topic starter
14/05/2026 4:44 pm
TL;DR: Black Hat USA 2026 will bring 20,000+ security professionals to Las Vegas from Aug. 1 to Aug. 6, with GitGuardian positioning secrets security, NHI governance, and agentic AI security as linked enterprise concerns, according to GitGuardian. The practical issue is not booth visibility; it is that autonomous systems expand the credential surface faster than most governance models can track.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Black Hat USA 2026 runs for six days from Aug 01, 2026 to Aug 06, 2026 at Mandalay Bay in Las Vegas.
Questions worth separating out
Q: How should security teams govern AI agents that use existing NHI credentials?
A: Treat every AI agent as a non-human identity with its own owner, scope, and expiry.
Q: What is the difference between secrets management and NHI governance?
A: Secrets management protects the credentials themselves, while NHI governance controls which machine identities may use those credentials, for what purpose, and under what limits.
Q: When does agentic AI create more risk than it reduces?
A: Agentic AI creates more risk when the organization cannot inventory the agent, define its scope, or revoke its access quickly.
Practitioner guidance
- Inventory agent identities and attached secrets Create a complete list of AI agents, service accounts, API keys, tokens, and certificates used in production and pilot environments.
- Reduce credential scope before agent rollout Replace broad, persistent access with narrowly scoped permissions and short-lived credentials for every automated workflow.
- Instrument agent activity for auditability Log which resources an agent touched, what actions it attempted, and whether each action stayed within approved policy.
That is where lifecycle discipline, revocation speed, and telemetry converge?
👉 Read GitGuardian's Black Hat USA 2026 event details on secrets and NHI governance →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 4:46 pm
A few things worth adding from our research at NHI Mgmt Group.
Black Hat is becoming a governance barometer for NHI and agentic AI security. When a major security event centers booth traffic and practitioner attention on secrets, non-human identities, and autonomous systems, the market is signalling that these topics have moved into mainstream security planning. That does not make every vendor claim equally mature, but it does mean CISOs should expect NHI governance to appear in more budget discussions, more architecture reviews, and more board-level questions. The practical conclusion is that the category is entering procurement and policy normalization.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can organisations reduce the blast radius of NHI credentials?
A: Use least privilege, task-scoped access, continuous review, and fast revocation to keep each credential tied to a narrow function. Separate identities by environment and workload, avoid credential reuse, and monitor for actions outside the approved scope. The goal is to limit what a single compromised secret can reach.
👉 Read our full editorial: Black Hat USA 2026 spotlights secrets and NHI governance
