TL;DR: AI agents, automation scripts, and local tooling are pushing credentials outside traditional identity systems, where login-based IAM cannot reliably see or govern secret use, according to 1Password. The core shift is that authority now needs to be re-evaluated at the moment of access, because session-based trust assumes a stable actor and a stable privilege window.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
Questions worth separating out
Q: How should security teams govern AI agents that use credentials outside traditional IAM systems?
A: Security teams should govern AI agents at the point of credential use, not only at login.
Q: Why do AI agents complicate access reviews and audit trails?
A: AI agents complicate access reviews because their activity often spans endpoint tools, browser sessions, and machine identities that are logged in different places.
Q: What breaks when secrets are stored in local files and developer tools?
A: What breaks is visibility, attribution, and revocation speed.
Practitioner guidance
- Extend discovery to endpoint credential use Inventory where secrets are created, copied, and first exercised on employee devices, in IDEs, and in browser-based AI tools.
- Move high-risk secrets to just-in-time delivery Use runtime evaluation before issuing secrets to agents, scripts, or machine identities.
- Unify attribution across humans, agents, and workloads Correlate each secret use to the originating user, agent session, or machine identity in one system of record.
What's in the full announcement
1Password's full article covers the operational detail this post intentionally leaves for the source:
- How Unified Access discovers credentials on employee devices, in browsers, and inside local development environments.
- How the vaulting and scoped delivery model is intended to govern API keys, SSH keys, and environment files.
- How the integrations with IDEs, CI/CD tools, AI browsers, and MCP gateways are positioned for daily workflows.
- How access can be attributed across humans, agents, and machine identities in a single audit trail.
👉 Read 1Password's analysis of unified access for humans, agents, and machine identities →
AI agents and runtime access controls: are your IAM controls keeping up?
Explore further
Login-time authority is no longer a sufficient governance model. This article shows that the identity boundary has moved from authentication to credential use, which is where AI agents and local tooling now create risk. Login establishes who began a session, but it does not prove who or what exercised a secret later. Practitioners should treat runtime access as the real control point, not the original sign-in.
A few things that frame the scale:
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to the same report.
A question worth separating out:
Q: Who is accountable when AI agents use shared credentials across workflows?
A: Accountability belongs to the organisation that owns the credential lifecycle and the policy attached to it. When shared secrets are used across humans, agents, and machines, the governance model must still identify which actor used the credential, under what approval path, and for what task. Without that, accountability becomes ambiguous.
👉 Read our full editorial: Unified access for AI agents exposes the limits of login-based IAM