Notifications
Clear all
Topic starter
02/06/2026 6:54 pm
TL;DR: AI agents are being deployed with service accounts, OAuth tokens, and workload identities that outpace traditional governance, leaving most security teams unable to see tool calls, data access, or sub-agent activity at runtime, according to Permiso Security. The real control problem is no longer permissioning alone but identity attribution and real-time containment across the full agent lifecycle.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
- Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems.
Questions worth separating out
Q: How should security teams govern AI agents that use service accounts and MCP tools?
A: Start with ownership, then add runtime attribution and containment.
Q: Why do AI agents complicate traditional IAM controls?
A: AI agents complicate IAM because they behave like identities with execution authority, not like static workloads.
Q: What breaks when teams only manage agent permissions at approval time?
A: Approval-time controls break when an agent’s real behaviour diverges from its intended scope.
Practitioner guidance
- Map agent identities to explicit owners Require each AI agent to have a named business owner, a technical owner, and a revocation path before it is promoted into production.
- Instrument runtime telemetry for every session Collect run, event, tool call, and data-access records at the identity layer so you can reconstruct behaviour after authentication.
- Set hard containment thresholds Define triggers for session termination, such as access to new production data, unexpected tool expansion, or anomalous downstream reach.
Teams should expect auditors and incident responders to ask for session-level evidence, not permission screenshots?
👉 Read Permiso Security's announcement on AI agent runtime identity attribution →
Explore further
02/06/2026 7:07 pm
AI agent runtime security is becoming an identity problem before it is becoming a platform problem. The article shows a market shift from entitlement review to runtime attribution, which is the right direction for agentic systems. Agents do not merely hold access, they execute decisions, call tools, and move across systems in ways that traditional IAM was not built to observe. Practitioners should assume that governance will fail if it stops at authentication.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, which makes delayed containment a structural issue, not an exception.
A question worth separating out:
Q: What should organisations do in the first 24 to 72 hours after an agent behaves anomalously?
A: Contain the session, preserve the audit trail, and determine which identities and downstream systems were touched. Then review whether the anomaly reflects over-privilege, unsafe tool use, or a mis-scoped deployment pattern. If the agent can still act, revoke access before rebuilding the policy model.
👉 Read our full editorial: AI agent runtime identity attribution exposes the governance gap
