Notifications
Clear all
Topic starter
14/05/2026 4:43 pm
TL;DR: GitGuardian’s Les Assises 2026 page says the Monaco event will run October 7 to 10 with four days of pre-scheduled meetings, keynotes, case studies, and networking for senior security leaders. The governance signal is clear: NHI and secrets management are now part of the enterprise buying and strategy conversation, not a side topic.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- The event runs for 4 days, from Oct 07, 2026 to Oct 10, 2026, in Monaco, France.
- The format centers on more than 25 years of proven high-level strategy and networking.
Questions worth separating out
Q: How should security teams govern non-human identities alongside human accounts?
A: Treat non-human identities as a separate control class with their own ownership, lifecycle, and review process.
Q: Why do AI agents complicate existing IAM controls?
A: AI agents complicate IAM because they can request tools, access data, and execute actions dynamically rather than through fixed, human-like workflows.
Q: What is the difference between secrets management and NHI governance?
A: Secrets management protects the credentials themselves, while NHI governance covers the full identity lifecycle behind those credentials.
Practitioner guidance
- Define NHI ownership across teams Assign a named owner for each class of service account, API key, token, and certificate, then tie that ownership to renewal, revocation, and exception handling.
- Inventory secrets by purpose and expiry Build a single inventory that maps each secret to its application, business purpose, privilege scope, and expiry date.
- Separate human and non-human access reviews Create distinct review paths for human accounts and machine identities so that periodic access certification does not miss long-lived automation credentials.
Practitioners should build containment into their identity architecture, not bolt it on after deployment?
👉 Read GitGuardian's Les Assises 2026 event details and registration information →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 4:45 pm
A few things worth adding from our research at NHI Mgmt Group.
NHI governance has moved from technical hygiene to board-level risk language. Events that put secrets, code security, and non-human identities in front of senior leaders signal a category shift. Teams are no longer defending one control domain at a time; they are defending identity sprawl across applications, automation, and AI agents. Practitioners should expect governance questions to move upstream into budget and programme ownership decisions.
A few things that frame the scale:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Should organisations treat AI agents as privileged identities?
A: Yes, if those agents can call tools, move data, or trigger actions without direct human approval each time. The right model is to grant them bounded privileges, monitor their behaviour, and revoke access when the task ends. That keeps agent autonomy inside a controllable identity framework.
👉 Read our full editorial: Les Assises 2026 puts NHI governance on the CISO agenda
