They apply one policy model to identities with very different lifecycles, behaviours, and evidence requirements. Human users, service accounts, and AI identities should not share the same review cadence or control assumptions. When they do, governance becomes broad but shallow, and the most risky access paths are usually the least visible.
Why This Matters for Security Teams
When organisations collapse human users, service accounts, and AI agents into one identity model, they usually optimise for administrative convenience instead of actual risk. Human identity is periodic and interactive, machine identity is workload-bound, and AI identity can be autonomous, stateful, and tool-using. The control failure is not just bad review hygiene; it is that the evidence needed to govern each one is different.
That matters because a quarterly access review can make a human directory look tidy while leaving long-lived API keys, embedded secrets, and agent permissions untouched. Current guidance from the NIST Cybersecurity Framework 2.0 favours risk-based control selection, not one-size-fits-all identity governance. NHIMG research on the state of secrets in AppSec shows how fragmented secrets management and delayed remediation create exactly the kind of blind spot that uniform policy models miss.
In practice, many security teams discover the mismatch only after a stale service credential or over-permissioned AI tool has already been used in an incident, rather than through intentional identity design.
How It Works in Practice
Good identity governance starts by separating the identity primitives. Human identities should be tied to verified people, interactive authentication, and periodic attestation. Machine identities should be tied to workloads, certificates, and automated renewal. AI identities need an additional layer because an agent may act on behalf of a user, invoke tools, chain steps, and request new resources based on runtime context. Treating all three as equivalent usually means the policy is written once, then applied everywhere, even where it does not fit.
A more workable model uses different control planes for each identity class:
- Humans: SSO, MFA, joiner-mover-leaver processes, and role review based on organisational function.
- Machines: workload identity, short-lived credentials, secret rotation, and attestation tied to deployment state.
- AI agents: runtime authorisation, scoped tool access, just-in-time credentials, and explicit session boundaries.
For machine and AI workloads, the emerging pattern is not static role assignment but context-aware approval. That means evaluating what the workload is, what it is trying to do, where it is running, and whether the request matches policy at that moment. Standards bodies and implementers increasingly point to workload identity concepts such as SPIFFE and short-lived OIDC tokens because they prove what the workload is, not just what secret it possesses. That distinction is crucial when credentials are copied across environments or used by an agent that can generate its own follow-on actions.
NHIMG research on JetBrains GitHub plugin token exposure illustrates how a single exposed token can become a broad compromise path when machine access is treated like a human entitlement. These controls tend to break down when organisations rely on manual review for secrets that are minted, copied, and consumed faster than the review cycle can detect them.
Common Variations and Edge Cases
Tighter identity segmentation often increases operational overhead, requiring organisations to balance stronger containment against tooling complexity and developer friction. That tradeoff is real, especially in hybrid estates where legacy applications still depend on long-lived credentials and shared service accounts.
There is no universal standard for this yet, but current guidance suggests the following exceptions should be handled deliberately rather than folded into a generic policy:
- Shared platform services may need transitional compensating controls while they are reworked to use workload identity.
- AI agents that only summarise data may require weaker tool permissions than agents that can write, deploy, or purchase.
- High-risk systems often justify shorter TTLs, more frequent attestation, and narrower blast-radius controls than low-risk internal tools.
The main failure mode is assuming that access review frequency alone solves identity risk. It does not. Humans can be reviewed on a cadence; secrets can be rotated on a schedule; AI agents can change behaviour in-session. Governance works best when policy matches behaviour class, not when every identity is forced into the same lifecycle. In mixed environments with legacy systems and autonomous agents, a single review model usually masks the riskiest access paths rather than reducing them.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Covers distinct NHI lifecycle and secret handling, central to mixed identity governance. |
| OWASP Agentic AI Top 10 | AGENT-03 | Agentic systems need runtime tool and permission scoping, unlike static human IAM. |
| NIST AI RMF | AI RMF addresses governance for autonomous AI behaviour and accountability. |
Classify each non-human identity by workload, then apply separate lifecycle, rotation, and review controls.
Related resources from NHI Mgmt Group
- What do teams get wrong when they treat identity verification as a one-time compliance task?
- What do teams get wrong when they treat SoD as only an audit requirement?
- What do organisations get wrong about AI policy enforcement?
- What do organisations get wrong when they secure AI only at the model layer?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 7, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
