Notifications
Clear all
Topic starter
14/05/2026 11:21 am
TL;DR: A live briefing on the 2026 State of AI Agent Identity Security report will walk through findings from 400 global security and IT leaders, including where AI agent identity risks are rising and why existing IAM controls are falling short, according to Akeyless and MRA Research. Identity governance is no longer keeping pace with autonomous access patterns.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- The briefing is based on insights from 400 global security and IT leaders.
Questions worth separating out
Q: How should organisations govern AI agent identities before they spread across the enterprise?
A: Start by treating each AI agent as a non-human identity with an owner, a purpose, and a review cycle.
Q: What is the difference between governing an AI agent and governing a service account?
A: A service account usually supports a stable workload, while an AI agent can change behaviour, choose actions, and invoke tools dynamically.
Q: Why do AI agents create more identity risk than conventional automation?
A: AI agents can combine autonomy, broad tool access, and rapid execution in ways that expand blast radius faster than humans can intervene.
Practitioner guidance
- Define agent identity ownership Assign a named business and security owner for every AI agent that can authenticate, call tools, or write data.
- Scope agent access by task Map each agent to a narrow task boundary and grant only the minimum tool and data access needed to complete that task.
- Add lifecycle controls to agent accounts Treat agent accounts like any other non-human identity by enforcing onboarding, review, rotation, and offboarding steps.
Teams should measure how far an agent can move when one entitlement fails?
👉 Register for Akeyless and MRA Research's live briefing on AI agent identity risk →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 11:21 am
A few things worth adding from our research at NHI Mgmt Group.
AI agent identity risk is becoming an identity governance problem, not a niche AI problem. Once agents can act across tools and systems, the security question shifts from model behaviour to access boundaries, reviewability, and revocation. That moves the issue squarely into IAM, PAM, and workload identity governance. Practitioners should treat agents as identities with operational consequences, not as software features.
A few things that frame the scale:
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security, according to The 2026 Infrastructure Identity Survey.
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to The 2026 Infrastructure Identity Survey.
A question worth separating out:
Q: Should security teams require just-in-time access for AI agents?
A: Yes, when the agent's task is time-bound and the environment can enforce short-lived entitlements. JIT access reduces standing privilege, but it only works if the organisation can define the task clearly, monitor usage in real time, and revoke access automatically when the job ends. Otherwise, the process becomes theater.
👉 Read our full editorial: Live insights briefing on AI agent identity risk, June 4
This post was modified 4 weeks ago 3 times by Mr NHI
