Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent identity and lateral movement , are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: Credential abuse remains the dominant initial access path, used in 22% of breaches, while compromised-credential incidents now take an average of 246 days to identify and contain, according to Verizon DBIR 2025 and IBM’s 2025 breach study. That makes lateral movement prevention an architectural problem, not a tooling afterthought, especially as AI agents multiply identity complexity.

NHIMG editorial — based on content published by Elisity: Andy Ellis on How to Prevent Lateral Movement in the Age of AI Agents

By the numbers:

Questions worth separating out

Q: How should security teams reduce lateral movement once credentials are already inside the environment?

A: They should focus on internal reach, not just authentication.

Q: Why do AI agents make lateral movement harder to contain?

A: AI agents add more runtime identities to the same endpoint and can act faster than human review cycles.

Q: What breaks when organisations rely on network location instead of identity for internal access control?

A: Location-based control breaks because internal systems still trust anything on the right subnet or inside the right segment.

Practitioner guidance

  • Map east-west trust paths by identity class Inventory which human users, service accounts, and AI agents can reach each internal asset, then identify where those paths were granted for convenience rather than necessity.
  • Separate AI agents from human users at the control plane Treat agents as distinct runtime identities with their own policy boundaries, logging, and least-privilege scopes instead of letting them inherit the user’s full access context.
  • Enclave unpatchable devices behind mediated access Place legacy, FDA-locked, or otherwise unpatchable assets behind identity-aware segmentation and proxy enforcement so that only explicitly allowed identities can reach them.

What's in the full article

Elisity's full article covers the architectural detail this post intentionally leaves at the strategy level:

  • A deeper walkthrough of Andy Ellis’s zero trust framing for stopping lateral movement in practice
  • Discussion of the VPN-and-proxy enclaving pattern for legacy and unpatchable devices
  • More detail on identity-based microsegmentation as a containment layer for east-west traffic
  • Additional context on how AI agents change endpoint identity separation and policy design

👉 Read Elisity’s analysis of preventing lateral movement in the age of AI agents →

AI agent identity and lateral movement , are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Preventing lateral movement is no longer a detection problem, it is an identity architecture problem. Once an attacker or rogue workload gets inside, the enterprise is already negotiating with its own trust model. The decisive question is which identities can still reach what, and whether those reach paths were designed for containment or convenience. Security leaders should treat lateral movement as a design constraint on IAM, PAM, and NHI programmes, not as a downstream incident response metric.

A few things that frame the scale:

A question worth separating out:

Q: Who is accountable when a compromised service account or AI agent moves laterally?

A: Accountability sits with the organisation that assigned the access and failed to constrain it. The right question is whether the identity was given more reach than its task required, and whether the programme had enough segmentation and governance to limit the resulting blast radius. That is the control failure leaders must own.

👉 Read our full editorial: AI agent identity and lateral movement: why architecture fails



   
ReplyQuote
Share: