Notifications
Clear all
Topic starter
14/05/2026 4:44 pm
TL;DR: GitGuardian says NHI Identity Summit 2026 will focus on machine credentials, secrets governance, and agentic AI risk across cloud and CI/CD environments at a virtual event running June 24 to June 26, 2026. The signal is that NHI governance has moved from niche concern to a core operating problem for identity teams.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams govern machine credentials across cloud and CI/CD environments?
A: Security teams should treat machine credentials as production identities with owners, scopes, and lifecycles.
Q: Why do AI agents create new NHI governance risk?
A: AI agents create risk because they combine authentication, tool access, and autonomous execution in one entity.
Q: What is the difference between secrets management and NHI governance?
A: Secrets management focuses on storing, rotating, and protecting credentials.
Practitioner guidance
- Map all machine credentials to an owner Create an inventory that links each service account, token, and certificate to a business owner, technical owner, and revocation path.
- Separate agent permissions from human roles Define explicit scopes for AI agents and keep them distinct from the human roles that created them.
- Embed rotation into offboarding workflows Require automated rotation or revocation when a workload, pipeline, or agent is retired.
For many teams, the next step is to align these controls with the Ultimate Guide to NHIs and the NIST AI Risk Management Framework?
👉 Register for GitGuardian's NHI Identity Summit 2026 on machine credentials and agentic AI →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 4:46 pm
A few things worth adding from our research at NHI Mgmt Group.
Machine credentials are now a first-class governance domain. The summit’s topic mix shows that teams can no longer treat service accounts, API keys, and certificates as operational leftovers. They function as production identities with material access, and the control failure is usually ownership, not authentication alone. Practitioners should manage them with the same discipline used for privileged human access.
A few things that frame the scale:
- NHIs outnumber human identities by 25x to 50x in modern enterprises, according to Ultimate Guide to NHIs.
- Only 20% of organisations have formal processes for offboarding and revoking API keys, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: When does machine identity risk become a zero trust problem?
A: It becomes a zero trust problem when credentials are persistent, widely reusable, or hard to verify at runtime. Zero Trust depends on continuous validation, but NHIs often operate through automation that assumes trust after initial authentication. Teams should therefore enforce short-lived access and continuous review.
👉 Read our full editorial: NHI Identity Summit 2026 centers machine credentials and agentic AI
