Notifications
Clear all
Topic starter
24/06/2026 6:57 pm
TL;DR: Most organisations still cannot tell how many service accounts they have, what those accounts do, or when one has been compromised, and the article argues that AI agents are now entering the environment as non-human identities with privileges and autonomous action, according to Netwrix. The security problem is no longer just hidden machine accounts, but a broader identity blind spot that spans legacy service accounts and agentic identities.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: How should security teams govern service accounts and AI agents together?
A: Security teams should govern them under one NHI programme but not one generic control set.
Q: Why do service accounts create so much hidden risk in identity programmes?
A: Service accounts create hidden risk because they often accumulate outside normal joiner-mover-leaver discipline, yet still carry production privileges.
Practitioner guidance
- Build a complete service account inventory Tie every service account to an owner, system, purpose, and expected runtime pattern.
- Separate agent identities from ordinary workload identities Classify AI agents as distinct non-human identities with their own ownership, access review, and monitoring requirements.
- Measure permission debt as a programme metric Track standing privilege, stale entitlements, and orphaned credentials across both service accounts and AI agents.
What to expect at the briefing
Netwrix's full on-demand webinar covers the operational detail this post intentionally leaves for the source:
- Walkthrough guidance for mapping service account inventories to ownership and operational purpose.
- Practical examples of how AI agents are being treated as first-class non-human identities in directory design.
- Discussion of how identity threat detection and response changes when runtime behaviour matters as much as static entitlements.
- Related resource links on permission debt and directory intelligence for teams that want to go deeper.
👉 Watch Netwrix's on-demand webinar on service account security and agentic identities →
Service account security in the age of AI: what changes now?
Explore further
25/06/2026 4:01 am
Service account security is now an inventory problem and an identity governance problem. Most organisations still cannot answer basic questions about how many machine identities exist, who owns them, or what they should do at runtime. That gap is not cosmetic. It creates hidden access paths that survive long after the original use case has changed, and it leaves PAM and IGA teams certifying records that no longer reflect operational reality. Practitioners should treat incomplete service account inventory as a governance failure, not a reporting inconvenience.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to SailPoint research.
A question worth separating out:
Q: Who should be accountable for non-human identity sprawl?
A: Accountability should sit with the business system owner, the identity team, and the platform operator together. NHI sprawl crosses application, cloud, and directory boundaries, so no single team sees the full picture. Clear ownership is the only way to make access review, secret rotation, and removal decisions enforceable.
👉 Read our full editorial: Service account security and agentic identities are redefining NHI risk
