Notifications
Clear all
Topic starter
12/06/2026 9:45 pm
TL;DR: The governance gap is not capability, but the assumption that human identity patterns can safely be stretched across agentic runtime behaviour, according to Descope, whose updated Agentic Identity Hub adds scoped access, step-up approval, and MCP authentication for autonomous agents, while citing 28.65 million hardcoded secrets added to public GitHub repositories in 2025 and only 22% of teams treating agents as independent identities.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- 28.65 million new hardcoded secrets were added to public GitHub repositories in 2025, a 34% YoY increase.
- 22% of teams treat agents as independent identities, ities, with most relying on shared API keys.
Questions worth separating out
Q: How should security teams govern AI agents that use shared API keys today?
A: Security teams should stop treating shared API keys as an acceptable bridge into agent workflows.
Q: When do agent credentials create more risk than they reduce?
A: Agent credentials become net risk when they are long-lived, reusable across systems, or shared between humans and machines.
Q: What do security teams get wrong about MCP server access?
A: Teams often treat MCP servers as simple integration endpoints, but they are also identity enforcement points.
Practitioner guidance
- Define agents as governed identities Assign every production agent a unique identity, ownership record, and lifecycle state so access reviews can distinguish one agent from another and revoke access without affecting unrelated workloads.
- Replace shared keys with scoped delegation Eliminate shared API keys and human credential reuse for agent workflows, then move access to short-lived delegated tokens with resource-level constraints and auditable consent.
- Introduce approval gates for high-impact actions Require out-of-band approval before agent actions that change authentication state, move data, or alter production configurations, and keep the approval step separate from routine autonomous tasks.
What's in the full announcement
Descope's full article covers the operational detail this post intentionally leaves for the source:
- Capability specifics for managing headless agent identities across existing identity systems
- Implementation detail on scope-based access policies for backend APIs and MCP servers
- How CIBA-based step-up approval is used for sensitive agent actions
- MCP server authentication and consent flows that preserve existing user authentication systems
👉 Read Descope's update on Agentic Identity Hub 2.5 and agent access controls →
Agentic identity hub updates: are human IAM patterns still enough?
Explore further
13/06/2026 12:03 am
Human IAM patterns do not scale cleanly into agent identity governance. The article shows the core failure mode clearly: human credentials, shared API keys, and static secrets were designed for predictable user sessions, not for agents that request, combine, and execute access dynamically. That is why agentic identity cannot be treated as a cosmetic extension of SSO or MFA. Practitioners should read this as a governance boundary, not a feature gap.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when an autonomous agent performs an unauthorised action?
A: Accountability sits with the organisation that granted the agent’s scope, approved its controls, and failed to constrain its access path. That means ownership, approval records, and audit logs must be attached to the agent identity itself. Without that, incident response cannot reliably reconstruct who authorised what and why.
👉 Read our full editorial: Agentic identity hub updates expose the limits of human IAM patterns
