Notifications
Clear all
Topic starter
14/05/2026 2:34 pm
TL;DR: SailPoint's return of IdentityTV and Developer Days for May 19-21, 2026 centers on the agentic economy, where AI and non-human identities are becoming the dominant identity-security concern, with sessions covering adaptive identity, machine identity, APIs, and real-time event-driven security. The practical takeaway is that governance, lifecycle control, and privilege design now matter more than perimeter assumptions.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams govern AI agents as identities rather than tools?
A: Treat each AI agent as a non-human identity with an owner, a purpose, a scope of authority, and an expiry condition.
Q: What is the difference between machine identity security and human IAM?
A: Human IAM is built around interactive authentication, user review, and role assignment.
Q: Why do AI agents create new privilege risk for enterprises?
A: AI agents can chain actions across tools, inherit delegated access, and execute at machine speed without a person confirming each step.
Practitioner guidance
- Define non-human identity ownership Assign a named business and technical owner to every AI agent, service account, token, and certificate so accountability exists before access is granted.
- Inventory AI and machine credentials Build a continuously refreshed inventory of keys, tokens, certificates, and service accounts used by AI workflows, then reconcile it against approved applications and pipelines.
- Shorten privilege lifetime Use just-in-time access and explicit expiry for high-risk machine privileges so credentials are available only for the task and window they are needed.
Teams that already struggle with secrets hygiene should expect the same friction to appear in AI agent governance, especially when credentials outlive the task that created them?
👉 Read SailPoint's event details for IdentityTV and Developer Days on AI and NHI security →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 2:36 pm
A few things worth adding from our research at NHI Mgmt Group.
The agentic economy creates an identity governance problem, not just an AI adoption problem. As more software behaves like an actor, IAM programs need to govern purpose, scope, and expiry for identities that are neither human nor fully static. That changes how teams think about lifecycle control, access certification, and audit evidence. The discipline now is to classify autonomous software as governed identities, not simply as background automation.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, showing that process gaps persist even where tooling is in place.
A question worth separating out:
Q: How can organisations reduce standing privilege for non-human identities?
A: Use just-in-time access, short-lived credentials, and task-scoped approvals so non-human identities do not keep persistent privilege. Pair that with continuous review of service accounts, API keys, and certificates to remove stale access. The goal is to make access temporary by default and measurable when it is used.
👉 Read our full editorial: IdentityTV and Developer Days highlight the agentic economy's IAM gap
