Zero Standing Privilege fails when elevation is requested in one system, approved in another, and revoked somewhere else. Any handoff that depends on manual steps or delayed synchronization creates residual access. If the workflow cannot automatically remove privilege at task completion, the organisation has standing privilege in disguise.
Why Zero Standing Privilege breaks down in real operations
zero standing privilege only works when privilege can be granted, observed, and revoked inside one coherent control plane. The moment approval lives in one tool, execution in another, and revocation in a third, ZSP becomes a policy statement rather than an operational guarantee. That gap is especially dangerous for NHI workflows because credentials, tokens, and API keys can outlive the task that needed them. The OWASP Non-Human Identity Top 10 treats this as a core identity problem, not a convenience issue.
The practical failure mode is fragmentation: PAM approves a session, RBAC authorises a service account, and a separate automation layer is supposed to revoke access later. If revocation depends on a queue, a ticket, or a human closure step, privilege remains standing after the task ends. That is why current guidance increasingly ties ZSP to short-lived issuance, enforced TTLs, and automatic teardown rather than policy alone. The broader NHI risk picture is covered in Ultimate Guide to NHIs — Key Challenges and Risks. In practice, many security teams discover ZSP failure only after an audit finds active access that no workflow can prove was removed.
How ZSP should operate across approvals, execution, and revocation
Operational ZSP needs one lifecycle for the privilege, not three disconnected systems. Best practice is evolving toward just-in-time credential provisioning, workload identity, and policy evaluation at request time. For autonomous workloads, the question is not whether a role exists, but whether the agent currently has a valid, task-bound grant. That is consistent with the direction of the OWASP Non-Human Identity Top 10 and with broader zero trust thinking in Ultimate Guide to NHIs — Key Challenges and Risks.
- Issue credentials per task, with short TTLs and automatic expiry on completion.
- Bind access to workload identity, so the system knows what the agent is cryptographically, not just what secret it holds.
- Evaluate authorisation at runtime using current context, not only pre-defined RBAC assignments.
- Revoke the grant in the same control path that issued it, or the standing access window remains open.
For agentic systems, this matters even more because the agent may chain tools, retry operations, or change paths mid-task. A static role cannot anticipate all possible actions, so intent-based or context-aware authorisation is the stronger control model. That is also why secrets sprawl becomes a ZSP problem: if a secret is copied into logs, caches, or secondary tools, revocation at the source does not fully remove privilege. The NHI evidence base on compromise and secret exposure is reinforced by the DeepSeek breach, which shows how quickly sensitive material can spread once embedded in a workload. These controls tend to break down when revocation is handed to batch jobs, ticket closure, or asynchronous sync between identity systems because the access window outlives the approved task.
Where organisations still get ZSP wrong
Tighter privilege controls often increase integration overhead, requiring organisations to balance short-lived access against operational friction. The most common tradeoff is speed versus assurance: teams want immediate automation, but they also need traceable approvals and deterministic revocation. There is no universal standard for this yet, especially in multi-agent environments where one agent can trigger another, and each step may require a different tool or identity boundary.
Two edge cases matter most. First, long-running jobs: if a task exceeds the TTL, teams sometimes extend the credential instead of redesigning the workflow. That creates a de facto standing privilege model. Second, cross-system approval chains: if one platform approves and another platform issues the secret, revocation logic can miss one of them. The result is residual access that looks temporary on paper but remains active in practice. That pattern is discussed in NHIMG research on broader NHI risk and secret handling, including Ultimate Guide to NHIs — Key Challenges and Risks and the DeepSeek breach. ZSP also weakens when teams rely on RBAC alone, because roles describe eligibility, not whether access has truly expired. The practical fix is to treat revocation as part of the transaction, not an afterthought, and to verify it continuously rather than at review time.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | ZSP fails when NHI credentials are not automatically rotated or revoked. |
| OWASP Agentic AI Top 10 | AGENT-02 | Autonomous agents need runtime authorization, not static standing roles. |
| NIST AI RMF | AI governance must cover accountability and lifecycle risk for autonomous systems. |
Enforce short-lived NHI access and automate revocation so privilege never persists after task completion.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on May 16, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
