Notifications
Clear all
Topic starter
06/06/2026 1:36 am
TL;DR: C1 has appointed Erik Huckle as vice president of product to steer strategy for the agentic enterprise, with the company saying the role will focus on governing AI agent identities, scaling access controls, and making identity governance the trust layer for AI adoption, according to ConductorOne. The signal is that agentic identity is moving from experimentation into operational IAM design.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- AI agent access can be attempted within an average of 17 minutes after public AWS credential exposure, and as quickly as 9 minutes in some cases.
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: How should security teams govern AI agent identities in enterprise IAM?
A: Security teams should govern AI agent identities as first-class non-human identities with explicit ownership, scoped entitlements, and runtime authorization.
Q: Why do AI agents complicate least privilege for IAM programmes?
A: AI agents complicate least privilege because their access is task-driven and may change during execution.
Q: What breaks when agent access reviews are designed like human access reviews?
A: Agent access reviews break when they assume a stable user, stable role, and stable review interval.
Practitioner guidance
- Define agent ownership and accountability Assign a named business and technical owner to each AI agent identity before it is allowed to act.
- Separate agent issuance from runtime authorization Treat initial credentialing as only the start of governance.
- Map agent entitlements to lifecycle controls Build joiner-mover-leaver logic for AI agents that includes creation, scope change, suspension, and removal.
What's in the full announcement
ConductorOne's full post covers the leadership and product-vision details this analysis intentionally leaves for the source:
- Erik Huckle's background across identity security, AI product work, and enterprise platform leadership.
- The vendor's stated product roadmap emphasis on the agentic enterprise and identity control plane.
- The specific business context around C1's leadership team and market positioning.
- The company messaging that frames agent identity access management as an enterprise requirement.
👉 Read ConductorOne's announcement on its agent identity product leadership →
Agent identity governance at C1: what changes for enterprise IAM teams?
Explore further
06/06/2026 2:49 am
Agent identity governance is becoming a core IAM discipline, not an adjacent AI concern. The appointment described by the vendor reflects a broader market shift: enterprises are starting to treat AI agents as identity subjects that require policy, entitlement, and lifecycle controls. That matters because the control problem is no longer limited to users and service accounts. Practitioners should expect agent governance to sit inside the same operating model as IAM and PAM, not outside it.
A few things that frame the scale:
- NHIs outnumber human identities by 25x to 50x in modern enterprises, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how weak identity inventory remains in machine-heavy environments.
A question worth separating out:
Q: How can organisations prevent agent privilege drift across human and workload systems?
A: Organisations should require each agent entitlement to be bounded by task scope, tool scope, and context scope. That reduces the chance that delegated permissions accumulate across systems without review. The most reliable control is to make scope changes explicit and auditable whenever the agent crosses a boundary or takes on a new task.
👉 Read our full editorial: Agent identity governance expands as C1 appoints new product leader
