Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

My Security Event Munich 2026: what does it mean for NHI governance?


(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

A few things worth adding from our research at NHI Mgmt Group.

NHI governance belongs in the same room as executive security decisions. Closed-door CISO forums are a reminder that NHI risk is not just an engineering hygiene issue. It affects incident response, auditability, and operational resilience, so governance leaders need to treat it as a board-visible control problem. The practitioner conclusion is straightforward: if NHI is absent from executive risk discussions, the organisation is already behind.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.

A question worth separating out:

Q: How can organisations reduce the blast radius of compromised service accounts and agents?

A: Organisations reduce blast radius by limiting entitlements, shortening credential lifetime, separating duties, monitoring usage, and revoking access quickly when behaviour changes. The practical goal is to make any single compromised identity useful for as little time and for as few systems as possible.

👉 Read our full editorial: NHI governance takes center stage at My Security Event Munich 2026



   
ReplyQuote
Share: