Notifications
Clear all
Topic starter
14/05/2026 5:03 pm
TL;DR: GitGuardian SecDays Paris 2026 centers on the credential attack surface, supply chain exposure, AI agent identity, and machine identity governance, with a half-day program built for 100 security practitioners and CISOs in Paris on June 11, 2026. The event signals that agentic AI and secrets sprawl now need joint control models, not separate security conversations.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- GitGuardian SecDays Paris 2026 is a free, invite-only conference bringing together 100 security professionals and CISOs for a half day of panel sessions.
- GitGuardian SecDays Paris 2026 is a one-day practitioner conference designed for the security professionals at the front lines of software development security.
- Attendance is free and limited to 100 participants.
Questions worth separating out
Q: How should security teams govern AI agents and non-human identities together?
A: Security teams should govern AI agents and non-human identities in one model because the same credentials often power both runtime access and autonomous actions.
Q: What is the difference between secrets management and machine identity governance?
A: Secrets management protects the credentials themselves, while machine identity governance controls who or what can use those credentials, for how long, and under what policy.
Q: When does AI agent access become an IAM risk rather than an automation benefit?
A: AI agent access becomes an IAM risk when the agent can act beyond a narrowly defined task, especially if it can call tools, access data, or chain actions without continuous review.
Practitioner guidance
- Inventory non-human identities by execution path Classify service accounts, API keys, certificates, tokens, workloads, and AI agents by what they can do, not just where they are stored.
- Bind every agent integration to a named identity Require each MCP or tool integration to use a distinct identity with least privilege, explicit approval boundaries, and logging that ties every action back to a specific subject.
- Shorten secret exposure windows Move toward continuous rotation, fast revocation, and scoped issuance for credentials that support pipelines, workloads, and autonomous agents.
Teams that still separate AppSec from IAM will miss the combined exposure surface?
👉 Register for GitGuardian SecDays Paris 2026 on AI agent identity and secrets risk →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 5:04 pm
A few things worth adding from our research at NHI Mgmt Group.
The conference agenda reflects a real shift: secrets management and agentic AI can no longer be governed separately. The session mix links breach dissection, AI agent identity, and machine identity because those controls now fail together in the same environment. When an agent can access tools through a credentialed workflow, exposure in one layer can cascade into the others. Practitioners should plan for shared control ownership across IAM, AppSec, and platform security.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Why do MCP integrations complicate enterprise access control?
A: MCP integrations complicate access control because they create many new tool connections that each need a clear identity, scope, and audit trail. Without those bindings, an agent can inherit broad access through a single connector. That turns a protocol convenience into a governance issue and increases the chance of privilege drift.
👉 Read our full editorial: Agentic AI identity and secrets risk set the agenda for SecDays Paris
