Notifications

Clear all

How should teams govern Claude Code sessions and NHI visibility?

Last Post

RSS

Entro Security

(@entro)

Reputable Member

Joined: 1 year ago

Posts: 92

Topic starter 10/05/2026 10:09 pm

TL;DR: Claude Code and similar agentic tools can execute autonomous actions, touch repositories, and call MCP servers with little native auditability, leaving security teams blind to which identities were used or whether secrets were exposed, according to Entro Security. That visibility gap makes NHI governance and intent monitoring a requirement, not a nice-to-have.

NHIMG editorial — based on research published by Entro Security.

By the numbers:

92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.
53% of MCP servers expose credentials through hard-coded values in configuration files.
Only 18% of MCP server deployments implement any form of access scoping for tool permissions.

Questions worth separating out

Q: How should security teams govern AI agents that use developer tools and MCP servers?

A: Treat the agent session as an identity event, not just an application event.

Q: Why do AI agents create more NHI risk than ordinary developer automation?

A: AI agents can choose actions dynamically, call external services, and chain requests without a human approving each step.

Q: What is the difference between logging agent actions and monitoring agent intent?

A: Logging records what happened, such as a tool call or API request.

Practitioner guidance

Map every agent session to a named human owner Tie each Claude Code or similar session to the initiating user, the non-human identity used, and the downstream systems contacted so that incident response can reconstruct accountability quickly.
Scope MCP permissions by task, not by tool family Limit which MCP servers, repositories, and data domains an agent can reach for a specific workflow, then review those scopes regularly as tasks and privileges change.
Alert on identity and data boundary crossings Flag sessions that access secrets, switch identities mid-task, or reach data outside the expected repository or service set, because those are the moments when agent behaviour becomes a governance issue.

For programme owners, the priority is to make agent sessions visible inside the same control fabric as human access?

👉 Read Entro Security's intent monitoring analysis for Claude Code and AI agents →

Explore further

View Full Forum → | NHI Foundation Course → | Our Services →

Quote

Topic Tags

Forum Statistics

9 Forums

7,101 Topics

12.5 K Posts

33 Online

135 Members

Latest Post: B2B content writing and SEO: what identity teams can learn Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies