Notifications
Clear all
Topic starter
12/06/2026 9:45 pm
TL;DR: Non-interactive agents can authenticate with scoped, policy-backed access, while audit trails and just-in-time downstream credentials reduce secrets sprawl, according to Descope; the harder problem is not authentication alone, but the collapse of assumptions built around human-paced approval and review loops.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- According to GitGuardian, 28.65 million new hardcoded secrets were added to public GitHub repositories in 2025, a 34% YoY increase.
- According to SailPoint, 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
Questions worth separating out
Q: How should security teams govern autonomous agents that use backend tools?
A: Treat autonomous agents as identities with their own scopes, policies, and revocation paths.
Q: Why do autonomous agents complicate traditional access reviews?
A: Access reviews assume permissions persist long enough to be observed, certified, and removed on a schedule.
Q: What breaks when teams copy service account secrets into every agent workflow?
A: Credential sprawl, weak accountability, and large blast radius all follow.
Practitioner guidance
- Define autonomous agents as first-class OAuth clients Assign dedicated client IDs, grant types, and explicit revocation handling so the agent has a stable identity boundary instead of borrowed secrets.
- Separate workflow triggers from runtime privilege Let orchestration decide who can start a workflow, but enforce what the agent can do through policy at token issuance and tool access time.
- Broker downstream credentials just in time Keep long-lived service account material inside a controlled broker and mint short-lived downstream access only when a specific tool call needs it.
What's in the full announcement
Descope's full post covers the operational detail this post intentionally leaves for the source:
- Step-by-step configuration of autonomous agent clients with client_credentials and scoped policies.
- Server-side token validation and downstream credential brokering logic for MCP and BigQuery calls.
- Implementation details for storing service account credentials centrally and fetching them at call time.
- Workflow-level gating examples showing how orchestration and identity policy split responsibilities.
👉 Read Descope's identity model for autonomous agents and MCP access →
Autonomous agent identities: what changes for IAM teams?
Explore further
13/06/2026 12:03 am
Autonomous agent identity collapses the assumption that access is stable long enough to be reviewed. Access review and recertification processes were designed for credentials that persist across a known period of use. That assumption fails when an autonomous actor can obtain, use, and discard scoped access within a short runtime session. The implication is not just faster governance, but a different governance premise for identity programmes.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
- 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who should own autonomous agent identity governance in an organisation?
A: Ownership should sit with the identity and security teams that govern NHI, access policy, and revocation, not only with the workflow owners. If the team that builds the automation also controls the credential model without central governance, privilege boundaries will drift.
👉 Read our full editorial: Identity support for autonomous agents changes the access model
