NHI controls focus on identities such as service accounts, keys, tokens, and certificates. AI security controls extend that model to systems that can reason, select tools, and sometimes act autonomously. In practice, the strongest programmes use NHI discipline as the baseline and then add governance for runtime decision-making.
Why This Matters for Security Teams
AI security controls and NHI controls overlap, but they solve different risk problems. NHI controls are designed to govern service accounts, API keys, certificates, and other machine identities that already exist inside a defined trust boundary. AI security controls must also account for systems that can choose actions, call tools, chain steps, and change behaviour based on context. That difference matters because static access assumptions break down once the workload can reason and act independently.
The practical gap is often visible in incidents involving long-lived secrets, over-privileged service accounts, and weak lifecycle control. NHIMG’s Ultimate Guide to NHIs notes that 97% of NHIs carry excessive privileges, which shows how quickly machine identity sprawl becomes an access problem. AI security adds another layer: the system may also decide when to use those privileges. Current guidance suggests that NHI discipline is the baseline, but it is not sufficient on its own for agentic systems. In practice, many security teams encounter unsafe autonomy only after a tool-chaining event or secret exposure has already occurred, rather than through intentional design review.
How It Works in Practice
NHI controls focus on proving and constraining what a workload is allowed to do: authenticate with a certificate or token, rotate secrets, restrict scopes, and revoke access when the workload changes. AI security controls extend that by asking what the system is trying to do at runtime, whether the action is acceptable, and whether the model or agent should be allowed to continue. That is why AI governance increasingly relies on context-aware authorisation, runtime policy evaluation, and explicit oversight of tool use rather than only pre-defined RBAC rules.
For autonomous or semi-autonomous agents, the identity primitive is usually workload identity, not a human-style login. Modern patterns rely on cryptographic proof of workload identity, such as SPIFFE/SPIRE or OIDC-based federation, and then issue short-lived credentials per task. This aligns with the operational lessons in Top 10 NHI Issues, which emphasize rotation, visibility, and privilege reduction as core controls. AI-specific controls layer on:
- intent-based authorisation, so the system is checked against the action it is attempting right now
- policy-as-code evaluation with tools such as OPA or Cedar at request time
- JIT credential issuance with short TTLs and automatic revocation after task completion
- tool and data access approvals that are narrower than the agent’s theoretical capability
- logging that records the model decision, tool call, and identity context together
This is also where broader AI governance frameworks help. The Anthropic Project Glasswing work and the CSA MAESTRO agentic AI threat modeling framework both reinforce that the security question is not just “who authenticated” but “what can this system safely do now.” These controls tend to break down when legacy applications assume long-lived credentials and fixed service accounts because the environment cannot evaluate or revoke access quickly enough.
Common Variations and Edge Cases
Tighter runtime control often increases operational overhead, requiring organisations to balance autonomy against auditability and response speed. That tradeoff is most visible in environments with high-volume automation, multi-agent orchestration, or developer-led experimentation, where overly rigid approvals can slow legitimate work. Best practice is evolving, and there is no universal standard for how much autonomy should be delegated to an agent by default.
One common edge case is a system that looks like a normal NHI on paper but behaves like an agent in practice. If it can select tools, generate follow-on tasks, or query external systems dynamically, then NHI controls alone are too narrow. Another edge case is third-party or SaaS-connected automation, where visibility into downstream OAuth grants is weak. NHIMG research shows only 1.5 out of 10 organisations are highly confident in securing NHIs, which underscores how easily machine identity gaps can hide in plain sight. For those environments, the right model is layered: use NHI controls to secure the secret, then add AI security controls to govern the decision path that secret unlocks. Where the system is fully deterministic and cannot act outside a fixed script, the NHI model may be sufficient; once goal-directed behaviour appears, the control set must expand.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A01 | Agentic systems need runtime checks beyond static identity controls. |
| CSA MAESTRO | MST-02 | Maps to threat modeling and control design for autonomous AI systems. |
| NIST AI RMF | GOVERN | AI governance is needed where systems make context-sensitive decisions. |
Assign accountability, policy, and monitoring for agent behavior and outcomes.
Related resources from NHI Mgmt Group
- What is the difference between content filtering and intent security for AI agents?
- What is the difference between managed identities and hardcoded secrets for AI agents?
- What is the difference between human identity governance and AI agent governance?
- What is the difference between workload identity and API keys for AI agents?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
