Accountability sits with the organisation that allowed the request path to bypass identity verification. If a chatbot, portal, or privileged workflow can solicit secrets or approvals without strong controls, the governance gap is internal. Frameworks for PAM, IAM, and NHI governance all point to the same responsibility: control the trust boundary.
Why This Matters for Security Teams
The accountability question is less about the fake support bot itself and more about whether the organisation allowed an unauthenticated or weakly authenticated request path to trigger privileged action. Once a chatbot, service desk workflow, or impersonation request can solicit secrets, reset access, or approve changes without strong identity proofing, the failure sits inside the trust boundary. That is why NHI governance, PAM, and workflow controls converge on the same issue: who can ask, who can approve, and what evidence is required before a high-risk action is accepted.
Recent NHIMG research shows how common this gap has become. The 2024 ESG Report: Managing Non-Human Identities found that 72% of organisations have experienced or suspect they have experienced a breach of non-human identities. That matters because impersonation attacks often exploit the same weak trust assumptions used by bots, portals, and service integrations. Guidance from CISA Zero Trust maturity guidance reinforces the need to verify every request, not just every user session.
In practice, many security teams discover this only after a help desk or automated workflow has already been used to move credentials, approve access, or expose sensitive data.
How It Works in Practice
Accountability is usually assigned by tracing the control failure, not by guessing intent. If a fake support bot obtained a secret, the organisation that exposed the secret path is accountable for not enforcing identity verification, request validation, and approval boundaries. If a human was socially engineered through a workflow that looked internal, the organisation is still accountable for failing to make that workflow resistant to impersonation.
Practitioners should treat these events as governance failures across identity, workflow, and workload layers. The most effective controls are usually a combination of:
- Strong request authentication before any sensitive support action
- Step-up verification for password resets, token issuance, and privileged approvals
- Separation of request intake from execution, especially in service desks and chat interfaces
- Short-lived credentials and revocation after task completion
- Logging that preserves who requested, who approved, and what identity proof was used
For agentic or automated support channels, the same lesson applies to machine identities. NHI controls should ensure a bot or workflow only receives the minimum access needed for the specific task, and only after runtime policy checks. The Ultimate Guide to NHIs emphasizes why these identities are security-critical, while the NIST AI Risk Management Framework supports accountability, traceability, and measurement for automated decision paths.
Where response teams often go wrong is treating the fake request as a pure fraud event instead of a control design failure. These controls tend to break down when service agents, chatbots, and privileged workflows share the same approval path because the trust decision becomes ambiguous and easy to exploit.
Common Variations and Edge Cases
Tighter verification often increases friction, requiring organisations to balance user convenience against the reduction in impersonation risk. Current guidance suggests that not every request needs the same level of challenge, but there is no universal standard for this yet. High-risk actions should receive stronger proofing than routine support requests, and that distinction should be explicit in policy.
One common edge case is outsourced service desks. Even when a third party operates the process, accountability still remains with the organisation that defined the access model and accepted the residual risk. Another edge case is AI-assisted support. A bot may only be a front end, but if it can trigger privileged changes without independent validation, the control failure is still internal. The Anthropic report on AI-orchestrated cyber espionage shows how quickly automated abuse can scale once attackers obtain a usable path.
This is why security leaders should not rely on the label of the channel, such as “support bot” or “internal portal,” as proof of trust. The real question is whether the workflow verifies identity and intent before privilege changes occur. In practice, many breaches happen because the organisation trusted the interface more than the request.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A01 | Fake bots abuse agent trust paths and unsafe tool access. |
| CSA MAESTRO | GOV-1 | Governance must define who may request and approve autonomous actions. |
| NIST AI RMF | GOVERN | Accountability depends on traceable governance for automated decisions. |
Verify every agent-initiated request before allowing tool use or privileged execution.
Related resources from NHI Mgmt Group
- Who is accountable when a compromised machine identity causes a breach?
- Who is accountable when a compromised non-human identity causes major outage or data loss?
- Who is accountable when a certificate expires and enables a breach?
- Who is accountable when a former employee account or stolen token is used in a breach?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 24, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
