Notifications
Clear all
Topic starter
14/05/2026 4:43 pm
TL;DR: GitGuardian’s Innovate Scottsdale event page frames AI agent governance, secrets security, and developer workflow integration as core topics for CISO-level discussion at the October 5 to 7, 2026 summit in Scottsdale, Arizona. The governance challenge is moving from theory to operational decision-making as agentic systems expand access across cloud-native and hybrid environments.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- The Innovate Cybersecurity Summit runs from Oct 05, 2026 to Oct 07, 2026 in Scottsdale, AZ, USA.
Questions worth separating out
Q: How should security teams govern AI agents that can access enterprise systems
A: Start by treating every AI agent as a non-human identity with a defined owner, scope, and expiry.
Q: What is the difference between secrets management and NHI governance
A: Secrets management focuses on protecting and rotating credentials such as tokens, keys, and certificates.
Q: When do AI agent guardrails become necessary instead of optional
A: They become necessary when an agent can read data, call tools, or make changes without direct human oversight.
Practitioner guidance
- Map agent access paths end to end Identify every secret, token, certificate, and service account that could authorize AI or automation workflows, including those embedded in CI/CD and developer tooling.
- Unify lifecycle controls across build and runtime Require ownership, expiry, and review for non-human identities used in development, testing, and production so that the same credential is not governed differently by environment.
- Set runtime approval rules for sensitive actions Define which agent actions need step-up approval, especially data export, privilege changes, and production writes, and log those actions in a form that supports investigation.
Teams should prepare for governance models that combine runtime policy, secret lifecycle, and action-level logging rather than treating them as separate workstreams?
👉 Register for GitGuardian's Innovate Scottsdale 2026 event page →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 4:46 pm
A few things worth adding from our research at NHI Mgmt Group.
AI agent governance is becoming an identity problem before it becomes an AI problem. Once an autonomous system can use secrets, tokens, or service accounts, it inherits the same trust assumptions that govern NHI sprawl. That shifts the centre of gravity from model oversight alone to entitlement design, lifecycle management, and review discipline. Practitioners should treat agent permissions as a governance object, not a feature toggle.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Should organisations prioritise secret rotation or access review first
A: They should do both, but access review should come first when unknown or over-privileged identities already exist. Rotation reduces exposure window, but review reduces entitlement sprawl and clarifies ownership. If a team rotates secrets without fixing who can use them, it preserves the same risk pattern with a fresher credential.
👉 Read our full editorial: AI agent governance belongs on the CISO agenda at Innovate Scottsdale
