Notifications
Clear all
Topic starter
25/06/2026 5:23 pm
TL;DR: Identity programmes now need to treat humans, NHIs, and AI agents as one operating model, not separate side projects, according to Saviynt. Its AI-powered identity platform governs human and non-human access across applications, data, and business processes, while highlighting non-human identity, just-in-time access, and AI-agent capabilities as core parts of its portfolio.
NHIMG editorial — based on content published by Saviynt: newsroom overview of its identity platform, non-human identity, and AI-agent coverage
By the numbers:
- Over 100 million identities protected, and counting!
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should security teams govern human and non-human identities in one programme?
A: Start by classifying identities by behaviour, not by system ownership.
Q: When does just-in-time access fail to reduce identity risk?
A: JIT fails when it changes the request flow but leaves persistent authority underneath it.
Q: What do teams get wrong about identity posture management for NHIs?
A: They often treat posture management as a discovery exercise instead of an operating control.
Practitioner guidance
- Map governance by actor type Separate human, NHI, and AI-agent access paths in your identity inventory, then confirm each path has ownership, review, and revocation rules that match how the identity actually operates.
- Test standing privilege removal Review whether privileged access is truly ephemeral for service accounts, API keys, and workload tokens, or whether standing authority remains behind the JIT workflow.
- Fold AI agents into posture reviews Add AI-agent entitlements, delegated tool access, and runtime permission drift to the same entitlement review cycle used for NHIs and privileged humans.
What's in the full article
Saviynt's full newsroom post covers the product and platform detail this post intentionally leaves for the source:
- How Saviynt positions its non-human identity, JIT access, and AI-agent capabilities within the broader platform.
- The specific product areas highlighted across identity governance, privileged access, and identity posture management.
- The vendor's own description of how its platform is organised for human and non-human access.
- The surrounding newsroom context and related platform pages that place the announcement in Saviynt's wider portfolio.
👉 Read Saviynt's newsroom update on identity platform coverage for humans and NHIs →
Saviynt identity platform: what it means for IAM and NHI teams?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
25/06/2026 6:02 pm
Identity platforms are now being judged on whether they can govern three actor types at once. The old split between workforce IAM and machine identity management no longer matches how access is actually consumed. NHIs and AI agents share the same enterprise systems as people, but they do not share the same trust model or review cadence. Practitioners should treat platform scope as a governance question, not a feature checklist.
A few things that frame the scale:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: How do AI agents change identity governance requirements?
A: AI agents introduce runtime behaviour that can expand access during execution, so governance can no longer rely only on provisioning-time assumptions. Teams need policy, monitoring, and revocation that work while the agent is acting, not just after the fact. That shifts identity governance from static approval to continuous control.
👉 Read our full editorial: Saviynt's identity platform positioning for human and NHI governance
