Organisations can reduce fraud by defining separate policy paths for humans, ordinary automation, and agentic actors, then applying controls based on context and risk. The goal is to raise attacker cost while preserving legitimate workflows. Good programmes measure both abuse reduction and user friction, because one without the other is not sustainable.
Why This Matters for Security Teams
Fraud controls that treat every request like a suspicious human login usually create the wrong friction: they slow down approved automation while leaving room for scripted abuse, token replay, and privilege chaining. The real problem is not “automation” itself but whether the actor is behaving as a normal workload, a delegated business process, or an autonomous agent with changing intent. NHI Mgmt Group’s guide notes that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, which is why controls that focus only on employee sessions miss a large part of the attack surface. Ultimate Guide to NHIs
Current guidance suggests aligning fraud prevention with identity type, runtime context, and privilege scope rather than with a single “deny by default” pattern. That approach fits the direction of the NIST Cybersecurity Framework 2.0, which emphasizes governance, protective controls, and continuous monitoring. In practice, many security teams discover this only after legitimate jobs start failing in production or after attackers learn to imitate the very automation the business depends on.
How It Works in Practice
The most effective model is to create separate policy paths for humans, ordinary automation, and agentic actors. Humans may use MFA and session risk checks. Stable automation may use scoped service accounts, IP allowlists, and fixed runbooks. Agentic systems need something stricter and more dynamic: workload identity, per-task authorization, and short-lived credentials that expire as soon as the task ends.
That means moving from static role assignments to runtime decisions. A fraud rule can ask: what is the actor trying to do, from which workload, with which tool chain, against which data, and under which approval state? This is where policy-as-code becomes useful. The policy engine evaluates the request at the moment of action, rather than relying on broad entitlements granted weeks earlier. For autonomous systems, that is a major difference because behaviour is goal-driven and not fully predictable in advance.
Practical controls usually include:
- JIT credentials issued per task and revoked automatically on completion
- Workload identity for cryptographic proof of the service or agent
- Transaction limits, velocity checks, and step-up approval for high-risk actions
- Secrets stored in a vault, not embedded in code or long-lived configs
- Continuous monitoring of tool use, lateral movement, and unusual privilege escalation
This is also where NHI lifecycle discipline matters. NHI Mgmt Group’s CI/CD pipeline exploitation case study shows how automation paths can be abused when credentials are overexposed or poorly segmented. The operational lesson is straightforward: protect the workflow without assuming every automated step deserves the same trust as the business process it supports. These controls tend to break down in legacy batch environments where one shared credential serves multiple jobs, because the system cannot distinguish legitimate volume from malicious reuse.
Common Variations and Edge Cases
Tighter fraud controls often increase engineering overhead, so organisations must balance abuse reduction against deployment speed and operational resilience. There is no universal standard for this yet, especially for agentic AI, where best practice is still evolving.
One common edge case is third-party automation. NHI Mgmt Group reports that 92% of organisations expose NHIs to third parties, which raises supply chain risk and complicates trust decisions. In those environments, intent-based authorisation should be paired with strict contractual scope, token TTL limits, and continuous attestation rather than broad network trust.
Another edge case is high-volume business automation, such as reconciliation jobs or customer-facing workflows. Blocking by IP, geolocation, or login frequency alone can create false positives and break production. A better pattern is to allow the workflow but constrain what it can do, how often it can do it, and which downstream actions require secondary approval. For agentic systems, that may also mean restricting tool access until the agent proves the specific task context.
Fraud teams should also be careful not to treat every anomaly as malicious. Emerging guidance suggests separating anomalous-but-expected workload behaviour from true abuse, especially when autonomous agents chain tools in unpredictable ways. The strongest programmes measure both fraud suppression and successful automation rate, then tune controls to reduce one without damaging the other.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A2 | Agent behaviour needs runtime controls, not static assumptions. |
| CSA MAESTRO | GAI-03 | Covers governance for autonomous workloads and delegated actions. |
| NIST AI RMF | Risk management must account for autonomous and potentially unpredictable AI behaviour. |
Use AI RMF governance to assign ownership, monitor misuse, and constrain high-risk agent actions.
Related resources from NHI Mgmt Group
- How can organisations reduce ShadowAI risk without blocking automation outright?
- How should security teams reduce identity fraud without blocking legitimate users?
- How should gig platforms reduce identity fraud without blocking legitimate users?
- How can organisations reduce the blast radius of compromised agent identities?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 5, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org