AI agent identity and workload identity: are your controls ready?

TL;DR: Workload identity has become foundational, SPIFFE has emerged as the assumed standard, and AI agents are now exposing the gap between proving identity and governing what that identity can do, according to Cerbos' analysis. The real problem is assumption collapse: access controls built for human-paced judgment do not hold when non-human actors act at machine speed and pursue goals without restraint.

NHIMG editorial — based on content published by Cerbos: Workload Identity Day 0 at KubeCon and the shift to AI agent governance

By the numbers:

• For every human identity in your organization, there are approximately 80 non-human identities.

Questions worth separating out

Q: How should security teams govern AI agents that need access to multiple systems?

A: Security teams should treat AI agents as workloads with tightly bounded runtime authorisation, not as humans with delegated convenience access.

Q: Why do workload identity standards matter more as AI agents proliferate?

A: Workload identity standards matter because they create a common way to prove identity across services and agents without relying on shared secrets or one-off integrations.

Q: What breaks when teams rely on human judgment to limit machine access?

A: What breaks is the assumption that dangerous permissions will remain safe because a human will make cautious decisions.

Practitioner guidance

• Separate authentication from authorisation Issue verifiable identities to workloads and agents, then enforce context-aware policy at request time.
• Centralise policy for AI-enabled services Move access decisions into a shared platform layer so service teams are not each building their own authorization logic, audit logging, and exception handling for agents.
• Limit agent permissions to task-scoped actions Define the exact resources, records, and operations an agent may use, then deny everything else by default.

What's in the full article

Cerbos' full blog post covers the operational detail this analysis intentionally leaves for the source:

• How Cerbos maps policy-based authorisation to workload identity and AI agent access paths
• The platform integration pattern for making secure identity use easier than hardcoded secrets
• The observability and audit-trail examples behind request-by-request authorisation decisions
• The implementation nuances of using SPIFFE identities across services, agents, and downstream systems

👉 Read Cerbos' analysis of workload identity and AI agent authorisation →

AI agent identity and workload identity: are your controls ready?

Explore further

View Full Forum →  |  NHI Foundation Course →