Subscribe to the Non-Human & AI Identity Journal
Agentic AI & Autonomous Identity

Agent agency

← Back to Glossary
By NHI Mgmt Group Updated July 9, 2026 Domain: Agentic AI & Autonomous Identity

Agent agency is the actual authority an AI agent can exercise through its credentials and permissions. It is not the model's intelligence or language ability. For governance purposes, agency is measured by what the identity can reach, change, and persist in the environment.

Expanded Definition

Agent agency is the operational reach of an AI agent, meaning the concrete actions its identity can perform through assigned permissions, delegated tokens, and session credentials. It is distinct from model capability: a highly capable model with no permissions has little agency, while a modest model with broad access can create severe exposure. In NHI governance, agency is assessed by what the agent can read, modify, delete, approve, or persist across systems.

Industry usage is still evolving, and definitions vary across vendors, but the security meaning is consistent with least privilege, separation of duties, and explicit authorization boundaries. The most relevant external framing comes from the OWASP Agentic AI Top 10, which treats tool access and delegated execution as core risk surfaces. For NHI programs, agency is not theoretical intent. It is measured in live credentials, reachable APIs, and persistence mechanisms that can survive a restart or handoff.

The most common misapplication is treating agent agency as equivalent to model intelligence, which occurs when teams assume stronger reasoning automatically means stronger or safer operational authority.

Examples and Use Cases

Implementing agent agency rigorously often introduces friction, because limiting reach can reduce automation speed and increase approval overhead, requiring organisations to weigh execution convenience against blast-radius reduction.

  • An internal support agent can open tickets, but it cannot close incidents or change customer records because its service account is scoped to read and create only.
  • A code-assistant agent may propose fixes, while a separate deployment identity performs merges only after policy checks, reducing the chance of autonomous production change.
  • A finance agent can reconcile invoices through an API token, yet it cannot issue payments unless a human-approved workflow grants a time-bound privilege.
  • A data-analysis agent can query warehouse tables, but row-level restrictions prevent it from accessing regulated fields even when prompt content requests them.
  • In incident response, an agent can gather logs and enrich alerts, while its credentials are blocked from deleting evidence or rotating unrelated secrets.

These patterns map directly to the NHI guidance in the Ultimate Guide to NHIs — 2025 Outlook and Predictions and to implementation concerns highlighted in OWASP NHI Top 10. The external control lens from the NIST AI Risk Management Framework is useful when assigning human oversight to high-impact agent actions.

Why It Matters in NHI Security

Agent agency matters because most NHI incidents are not caused by model failure alone, but by over-privileged identities that can act far beyond the original design intent. NHIMG research shows that 97% of NHIs carry excessive privileges, which means many agents are already operating with more reach than they need. That is dangerous in agentic systems, where a compromised prompt, poisoned tool call, or stolen token can convert a helpful workflow into an active adversary.

This is why governance must focus on actual authority, not just approved use cases. The difference is visible in breaches involving token theft, tool abuse, and unintended writes, such as the patterns discussed in CoPhish OAuth Token Theft via Copilot Studio and Replit AI Tool Database Deletion. The corresponding external threat models in MITRE ATLAS adversarial AI threat matrix and CSA MAESTRO agentic AI threat modeling framework help translate that authority into control requirements.

Organisations typically encounter the consequence only after a prompt injection, token theft, or automation error has already used the agent’s own privileges against them, at which point agent agency becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-02Agent agency is governed by secret scope and privilege exposure.
OWASP Agentic AI Top 10Defines agentic risks around tool use, delegation, and autonomous action.
NIST AI RMFFrames AI risk around context, impact, and governance of deployed systems.
NIST Zero Trust (SP 800-207)PR.ACZero Trust requires verifying each request and limiting implicit trust.
CSA MAESTROCovers agentic AI threat modeling, permissions, and control boundaries.

Constrain agent credentials to the minimum actions needed and review their effective reach.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org