The human assumption behind JML breaks down. AI agents can be created, modified, and retired inside workflows that do not match employment-based lifecycle events, which leads to stale permissions, unclear ownership, and missed offboarding unless the process is redesigned for non-human identities.
Why This Matters for Security Teams
Joiner-mover-leaver controls were built around people changing jobs, not autonomous software that can be spawned, reconfigured, and retired inside a single workflow. For AI agents, the risk is not only forgotten access, but also ambiguous ownership, inherited secrets, and no reliable offboarding trigger when a model, prompt, toolchain, or integration changes. That is why lifecycle management for agents needs to be treated as an NHI problem, not a HR process.
This gap is visible across current guidance on agentic systems. NHI lifecycle practices from NHI Management Group and the control patterns discussed in the Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs show that lifecycle events for machines are operational, not employment-based. The same point appears in the OWASP Agentic AI Top 10, which treats tool use, privilege scope, and runtime control as core attack surfaces. In practice, many security teams encounter agent access drift only after an agent has already acted with stale credentials or an owner has disappeared from the process.
How It Works in Practice
For AI agents, a safer lifecycle starts with workload identity, not a human-style account record. The agent should be issued a cryptographic identity, then granted access only for the task at hand. In mature designs, that means short-lived tokens, per-task credential issuance, and automatic revocation when the workflow completes. Static role assignments are a poor fit because agents do not have stable, predictable access patterns. Their behaviour is dynamic, tool-driven, and often conditioned on runtime context.
Current guidance suggests mapping agent actions to policy decisions at request time. That is where frameworks such as the NIST AI Risk Management Framework and the CSA MAESTRO agentic AI threat modeling framework align with policy-as-code enforcement. The operational pattern is usually:
- Register the agent as a workload identity, not as a user.
- Issue JIT secrets or tokens with short TTLs and narrow audience claims.
- Bind privileges to task context, tool scope, and approval state.
- Revoke access on workflow completion, model swap, or orchestration change.
- Record ownership in the platform registry, not in the HR directory.
This is where lifecycle discipline becomes continuous. The Ultimate Guide to NHIs — 2025 Outlook and Predictions notes that credential sprawl and weak secret hygiene remain persistent NHI issues, and the LLMjacking research shows how quickly attackers try exposed AI credentials once they appear. These controls tend to break down when agents are embedded in ephemeral pipelines with multiple orchestrators because ownership and revocation signals become fragmented across systems.
Common Variations and Edge Cases
Tighter lifecycle control often increases operational overhead, requiring organisations to balance speed of agent deployment against revocation accuracy and auditability. That tradeoff is especially visible when the same agent template is reused across environments, or when an agent is allowed to self-modify prompts, tools, or execution paths. In those cases, a simple leaver event is not enough, because the security-relevant change may be a configuration update rather than a personnel change.
Best practice is evolving, but current guidance suggests treating several events as lifecycle boundaries: model version changes, toolchain changes, new data access scopes, and orchestration ownership changes. A move from one environment to another may also require a full re-issuance of workload identity and secrets. This is where static JML logic fails most visibly, because there is no universal standard for mapping human-style join, move, and leave events to autonomous agent state changes yet. Security teams should instead define lifecycle triggers in the platform that runs the agent, then tie them to automated renewal and revocation rules. The breach analyses in Moltbook AI agent keys breach and DeepSeek breach underscore how quickly exposed or lingering secrets can become an incident when lifecycle controls do not match machine behaviour.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A3 | Agent privilege and lifecycle drift are core agentic application risks. |
| CSA MAESTRO | M2 | MAESTRO addresses agent identity, control, and lifecycle governance. |
| NIST AI RMF | AI RMF governance applies to ownership, accountability, and lifecycle oversight. |
Define accountable owners and lifecycle triggers for every agent, then enforce continuous monitoring.
Related resources from NHI Mgmt Group
- What breaks when joiner, mover, leaver processes are handled differently for technical accounts?
- When is it crucial to implement least-privilege access for AI agents?
- What is the difference between managed identities and hardcoded secrets for AI agents?
- Why do AI agents make non-human identity governance harder?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 24, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
