Use the authority source and access path to decide. If the agent inherits human privileges in a browser flow, human IAM and PAM matter most. If it uses API keys, tokens, or service credentials, NHI governance is the right lane. If it spans both, the programme needs a delegation model that explicitly connects them.
Why This Matters for Security Teams
The decision is less about the label on the AI agent and more about the authority source it uses to act. A browser-borne agent that inherits a user session can collide with human IAM and PAM controls, while an API-driven agent belongs in non-human identity governance because its access is expressed as secrets, tokens, certificates, or workload identity. NHI Management Group research shows 88.5% of organisations say their non-human IAM lags human IAM, which is a strong signal that many teams are still classifying agents by ownership rather than access path. See the 2024 Non-Human Identity Security Report and the NIST AI Risk Management Framework for the governance lens.
That distinction matters because agents do not always behave like static service accounts. A single workflow can start in a human session, pivot into a delegated token, call multiple tools, and then retain access longer than intended if ownership is unclear. Security teams that place the agent in the wrong programme often end up with duplicated reviews, blind spots in revocation, and weak accountability for delegated actions. In practice, many security teams discover the misclassification only after an agent has already chained privileges across browser and API paths.
How It Works in Practice
A practical classification model starts with three questions: what is the original authority source, how does the agent authenticate, and who can revoke it. If the agent is running inside a human browser session, PAM and human IAM govern the interactive privilege, approval flow, and session monitoring. If the agent authenticates with API keys, OAuth tokens, certificates, or other machine credentials, then NHI governance is the primary control plane. For systems that span both, the right answer is usually delegation, not a forced choice between silos.
That delegation model should track the human principal, the agent workload identity, and the issued credential as separate objects. Best practice is evolving toward intent-based or context-aware authorisation, where the policy engine evaluates what the agent is trying to do at request time rather than assuming a fixed role covers every action. This is where OWASP Agentic AI Top 10 and the CSA MAESTRO agentic AI threat modeling framework become useful for classifying tool access and escalation paths.
- Use PAM for human interactive elevation, session approval, and keystroke or browser session oversight.
- Use IAM for the human principal that authorises the delegation or approves the workflow.
- Use NHI governance for the agent’s tokens, secrets, certificates, rotation, and revocation.
- Treat workload identity as the anchor when the agent needs cryptographic proof of what it is, not just what it can use.
NHI Management Group research on agentic and non-human risk, including the Top 10 NHI Issues and the Lifecycle Processes for Managing NHIs, shows why lifecycle ownership and revocation discipline are central to this decision. These controls tend to break down when a browser agent can request fresh API credentials mid-session because the effective privilege boundary becomes fragmented across systems.
Common Variations and Edge Cases
Tighter separation between PAM, IAM, and NHI often increases operational overhead, requiring organisations to balance stronger delegation control against deployment speed and developer friction. That tradeoff is real, especially when an agent alternates between human-in-the-loop steps and autonomous tool use. Current guidance suggests that mixed workflows should not be forced into a single governance bucket if doing so hides the actual control point.
Edge cases usually appear in copilots, RPA-style automations, and agents that act on behalf of a user in one system and as a service in another. In those cases, the human identity, the delegated grant, and the machine credential each need explicit lifecycle handling. The strongest signal for NHI governance is not whether the agent is “smart” or “autonomous”; it is whether it holds secrets or workload credentials that can be reused outside the browser session. For implementation patterns and compromise context, compare the Moltbook AI agent keys breach with the NIST Cybersecurity Framework 2.0.
There is no universal standard for this yet, but the safest rule is to classify by control surface, not by business owner. If the agent can laterally move, chain tools, or persist access after the human session ends, the governance model must treat it as a non-human identity with delegated provenance. Organisations that rely on static roles alone usually learn this only after an access review or incident reveals the agent’s real blast radius.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A2 | Addresses agent tool abuse and delegated action risk across human and machine paths. |
| CSA MAESTRO | TRA | Covers threat modeling for agentic workflows and cross-boundary delegation. |
| NIST AI RMF | GOVERN | Supports accountable AI governance when authority spans IAM, PAM, and NHI. |
Assign ownership for each delegated agent path and enforce policy, monitoring, and revocation across the full lifecycle.
Related resources from NHI Mgmt Group
- How do organisations decide whether an AI agent needs NHI controls, AI controls, or both?
- How should organisations decide whether DLP belongs with IAM governance?
- How can organisations decide whether adaptive AI agents are suitable for critical workflows?
- How can organisations decide whether their AI security workflow is mature enough?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 11, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
