The permission an AI agent receives to act on behalf of a verified person. In this model, authority is inherited rather than original, so governance must trace the agent back to the human intent, device context, and current trust state that authorised it.
Expanded Definition
Agent authority is the delegated permission boundary that lets an AI agent act on behalf of a verified person, but not as an independent identity. The authority is borrowed, scoped, and time-bound, which means governance must preserve the chain from human intent to agent action, along with the device context and trust state that justified the delegation. In NHI programs, this makes agent authority different from simple authentication: a successfully authenticated agent is still not entitled to every action the human could perform. Definitions vary across vendors on how much autonomy can be bundled into a single delegation event, so practitioners should treat authority as a policy decision, not a model capability. That framing aligns with the NIST AI Risk Management Framework, which emphasises traceability, validity, and governance for AI-enabled actions.
The most common misapplication is treating first login as permanent permission, which occurs when delegated access is not revalidated as context or risk changes.
Examples and Use Cases
Implementing agent authority rigorously often introduces friction in workflows, requiring organisations to weigh faster automation against tighter approval, logging, and revocation controls.
- A support agent can draft account changes, but the human owner must approve the final state change before the AI executes it.
- An engineering agent can open a pull request, yet deployment authority is limited to pre-approved repositories and release windows.
- A finance assistant agent may prepare a payment batch, while approval to submit the batch is tied to current device posture and session trust.
- A customer success agent can access a CRM through delegated access, but the delegation expires when the user ends the session or changes location.
- An incident response agent may query logs and isolate a host, with every tool invocation mapped to the human operator’s authority chain and reviewed later through the controls discussed in the Ultimate Guide to NHIs — 2025 Outlook and Predictions.
These patterns are also reflected in the OWASP Top 10 for Agentic Applications 2026, especially where tool use, authorization, and prompt-driven actions must be constrained.
Why It Matters in NHI Security
Agent authority is a governance control point because it determines whether an AI agent is operating inside a human’s intended boundary or exploiting inherited trust too broadly. When it is weak, organisations create overprivileged agents, orphaned permissions, and unclear accountability for harmful actions. NHIMG research shows that 97% of NHIs carry excessive privileges, and that pattern becomes even more dangerous when those identities are wrapped inside autonomous or semi-autonomous agent workflows. The risk is not only access misuse, but also failure to prove who authorised what, when, and under what trust conditions. That traceability requirement is central to both the NIST AI Risk Management Framework and the CSA MAESTRO agentic AI threat modeling framework, which both stress lifecycle controls around delegated action.
Practitioners should also watch for patterns seen in incidents such as the CoPhish OAuth Token Theft via Copilot Studio, where delegated trust becomes an attack path rather than a safeguard. Organisations typically encounter the true cost of agent authority only after a delegated action causes unauthorized change or data exposure, at which point revocation and forensic attribution become operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10, OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A2 | Agent authority is bounded by agent tool-use and authorization risks. |
| OWASP Non-Human Identity Top 10 | NHI-03 | Delegated agent access depends on strong NHI authorization and lifecycle control. |
| NIST AI RMF | GV-2 | AI governance requires accountable oversight of delegated agent decisions and actions. |
| NIST Zero Trust (SP 800-207) | SA-2 | Zero Trust assumes trust must be continuously evaluated, not inherited permanently. |
| CSA MAESTRO | IAM-4 | MAESTRO treats delegated agent permissions as a core identity and access governance issue. |
Scope every agent action to explicit policy and verify each tool call against current authorization.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org