Agent trust graph

Expanded Definition

An agent trust graph maps the trust relationships that let one autonomous software entity accept context, credentials, commands, or tool output from another. In NHI and agentic AI governance, the graph is less about “who can log in” and more about “who can influence execution.” That makes it a control-plane view of dependency, delegation, and blast radius.

The concept is still evolving. No single standard governs agent trust graphs yet, so teams usually infer them from orchestration policies, token exchange paths, tool permissions, and data-sharing boundaries. This is why the term sits adjacent to Zero Trust Architecture, but is not identical to it: ZTA focuses on continuous verification, while the trust graph describes the actual web of delegated trust inside a system. NIST’s NIST AI Risk Management Framework is useful for framing that trust as a governance and risk issue, not just an implementation detail.

The most common misapplication is treating every tool call as equally trusted, which occurs when orchestration layers do not distinguish between verified, inherited, and unauthenticated agent relationships.

Examples and Use Cases

Implementing an agent trust graph rigorously often introduces governance overhead, requiring organisations to weigh faster delegation against tighter validation and review.

• A customer-support agent can query a knowledge base, but only a workflow supervisor may approve actions that create refunds or revoke access.
• An engineering assistant can read repository data through a scoped token, yet cannot pass that token to a third-party code-analysis agent.
• A data-prep agent may trust a cleaning tool for transformation, but the analytics agent must re-verify the source before using the output for decisions.
• A multi-agent chain uses ephemeral context handoff, where each hop is logged so security teams can trace which agent influenced the final action.
• After a compromise, investigators reconstruct the path from the initial agent to downstream tools using the trust graph to identify where authority was overextended.

That operational view aligns with the attack patterns discussed in OWASP NHI Top 10 and the OWASP Agentic AI Top 10, both of which emphasise how delegated authority can be abused when agent boundaries are vague.

Why It Matters in NHI Security

Agent trust graphs matter because compromise in agentic systems spreads through trust edges, not just through identities. If one agent is overprivileged, reused across workflows, or allowed to forward sensitive context, the result can be a cascading failure across tools, datasets, and downstream agents. NHI Management Group research shows that 97% of NHIs carry excessive privileges, which makes hidden trust paths especially dangerous when autonomous systems are connected to real infrastructure.

This is also where NHI governance and AI governance intersect. The trust graph helps teams decide where to apply least privilege, where to require step-up approval, and where to break delegation entirely. It is especially relevant when organisations use broad tool access or allow agents to chain actions across systems, because the security model often assumes isolation that does not exist in practice. Guidance from the NIST AI Risk Management Framework and the CSA MAESTRO agentic AI threat modeling framework reinforces the need to model trust propagation explicitly.

Organisations typically encounter the blast radius only after a malicious tool call, poisoned prompt, or compromised agent has already propagated authority, at which point the trust graph becomes operationally unavoidable to address.

Related resources from NHI Mgmt Group

• AI Agent Authentication
• How do trust registries help AI agent and NHI governance?
• How should security teams handle trust assumptions in LLM and AI agent workflows?
• How do teams decide when an autonomous agent should escalate to a higher-trust model?