Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Identity trust and agent accountability: what changed in 2026?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9136
Topic starter  

TL;DR: At Gartner SRM and Identiverse 2026, the identity conversation shifted from making IAM work to proving which identity can be trusted, at what moment, for what action, and with what accountability, according to 1Kosmos. That shift makes attribution, lifecycle control, and runtime proof the new centre of gravity for human, machine, and AI agent identity governance.

NHIMG editorial — based on content published by 1Kosmos: Takeaways from Gartner SRM and Identiverse 2026

Questions worth separating out

Q: How should security teams govern AI agents that act on behalf of people and systems?

A: Treat AI agents as governed identities, not just automation.

Q: Why do machine identities complicate identity governance programmes?

A: Machine identities complicate governance because they scale faster than human review processes and often inherit trust from shared secrets or embedded credentials.

Q: What breaks when identity programmes only measure authentication success?

A: Authentication success alone does not show whether the right identity acted, whether the action stayed in scope, or whether accountability survives a delegated workflow.

Practitioner guidance

What's in the full article

1Kosmos' full post covers the operational detail this analysis intentionally leaves for the source:

  • Conference-floor observations from Gartner SRM and Identiverse that explain how practitioners are reframing identity priorities.
  • Direct commentary from 1Kosmos leaders on agent accountability, attribution, and proof in identity governance.
  • The vendor's view on why SPIFFE, OAuth-based delegation, and short-lived credentials matter for machine identity.
  • Event context and networking notes that show how the industry conversation is changing in practice.

👉 Read 1Kosmos' takeaways from Gartner SRM and Identiverse 2026 →

Identity trust and agent accountability: what changed in 2026?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8575
 

Identity governance is moving from entitlement management to accountability management. The article reflects a market shift in which knowing that an identity can authenticate is no longer enough. Practitioners now need to know which identity acted, under what authority, and with what proof. That changes IAM from a gatekeeping function into a runtime assurance discipline, and it raises the bar for both human and non-human identity programmes.

A few things that frame the scale:

  • 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.

A question worth separating out:

Q: Who is accountable when an AI agent or service account causes harm?

A: Accountability should rest with the human sponsor, system owner, and governance process that allowed the identity to act. If the organisation cannot identify an owner, a purpose, and a revocation path, the identity programme is not ready for delegated or autonomous action.

👉 Read our full editorial: Identity is shifting to trust, proof, and accountability



   
ReplyQuote
Share: