Subscribe to the Non-Human & AI Identity Journal
Home Glossary Agentic AI & Autonomous Identity Action Resistance
Agentic AI & Autonomous Identity

Action Resistance

← Back to Glossary
By NHI Mgmt Group Updated July 5, 2026 Domain: Agentic AI & Autonomous Identity

Action resistance is the ability of a model or agent to avoid carrying out harmful instructions when those instructions are embedded in otherwise legitimate input. It is different from content safety, because the key question is not what the model says but what it can be induced to do.

Expanded Definition

Action resistance describes whether a model or agent can be prompted into refusing harmful execution even when the surrounding input appears legitimate. In NHI and agentic AI governance, the issue is not only whether the system recognises unsafe content, but whether it can resist being induced into taking an unsafe action through tool calls, workflow steps, or delegated permissions.

This distinction matters because a model may be well-behaved in conversation yet still be operationally weak when connected to systems that can send email, modify records, trigger payments, or retrieve secrets. Guidance across the field is still evolving, but the operational test is clear: action resistance is about preserving control boundaries under adversarial prompting, not just filtering outputs. That makes it closely related to least privilege, authorization checks, and human approval gates in NIST Cybersecurity Framework 2.0.

The most common misapplication is treating content moderation as proof of action safety, which occurs when teams validate chat responses but never test whether the agent can be steered into executing harmful tools or privileged workflows.

Examples and Use Cases

Implementing action resistance rigorously often introduces latency and workflow friction, requiring organisations to weigh safer execution against the speed and autonomy that make agents useful.

  • An internal support agent is allowed to draft ticket responses, but must refuse any instruction that attempts to export customer records into an external channel.
  • A code assistant can propose changes, yet it should not be able to open a pull request that embeds a malicious dependency when the prompt includes hidden instructions.
  • An IT automation agent can reset passwords only after a separate approval step, limiting the chance that a deceptive prompt converts a routine request into privilege abuse.
  • A procurement agent can gather vendor quotes, but it must reject attempts to reroute approvals or trigger payment actions from untrusted input.
  • An NHI governance review uses the Ultimate Guide to NHIs alongside NIST Cybersecurity Framework 2.0 to evaluate whether an agent can be induced to exceed its delegated authority.

In practice, action resistance is tested with adversarial prompts, prompt injection payloads, and workflow poisoning scenarios that attempt to turn a normal request into an unsafe action.

Why It Matters in NHI Security

Action resistance becomes a governance issue when an AI agent is treated like a trusted operator but lacks the ability to discriminate between legitimate intent and malicious instructions embedded in the context. When that happens, the agent can become a conduit for secret exposure, unauthorized changes, or downstream abuse of service accounts and API keys.

That risk is amplified in environments where NHIs are already difficult to control. NHI Mgmt Group reports that 97% of NHIs carry excessive privileges, and 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, which makes agentic misuse more consequential than a simple bad response. In other words, weak action resistance can turn an overprivileged identity into an execution path for an attacker, especially when the agent can reach secrets, CI/CD systems, or business workflows. The Ultimate Guide to NHIs also notes that only 5.7% of organisations have full visibility into their service accounts, which makes monitoring agent behavior even harder.

Organisations typically encounter the need for action resistance only after a prompt injection or workflow abuse causes an agent to perform an unintended privileged action, at which point the control becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10Agentic AI guidance focuses on prompt injection and unsafe tool execution resistance.
OWASP Non-Human Identity Top 10NHI-06Action resistance depends on preventing overprivileged NHIs from executing unsafe actions.
NIST CSF 2.0PR.AC-4Least-privilege access control is the governance basis for limiting harmful agent actions.

Design agents to reject malicious instructions and require explicit authorization before tool use.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 5, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org