Agentic Application

Expanded Definition

An agentic application is more than a chatbot with a workflow wrapper. It is software in which an NIST AI Risk Management Framework lens is useful because the system can plan, select tools, and execute actions with bounded autonomy. In NHI security, that means the application behaves like an active workload with identity, permissions, auditability, and control boundaries.

Definitions vary across vendors, but the practical distinction is whether the system can change state outside the model response itself. If it can call APIs, write records, send messages, open tickets, or retrieve data on its own, it needs governance aligned to workload identity and privileged access management, not only prompt safety. That is why the OWASP Top 10 for Agentic Applications 2026 and NHIMG guidance treat action boundaries as a core security issue, not an implementation detail.

The most common misapplication is treating an agentic application as a passive model endpoint, which occurs when teams secure prompts but leave tool access, secrets, and data scopes largely unrestricted.

Examples and Use Cases

Implementing agentic applications rigorously often introduces more identity and policy overhead, requiring organisations to weigh faster task completion against tighter tool scoping and approval paths.

• An internal support agent triages tickets, queries customer systems, and drafts responses. It should have narrow RBAC, time-limited access, and logged actions, because broad standing access can turn a helpful workflow into an incident path. NHIMG’s OWASP NHI Top 10 is a useful reference for these risks.
• A code-assistant agent can create pull requests and trigger builds. Security teams should align the design with the Anthropic — first AI-orchestrated cyber espionage campaign report because autonomous tooling can become a high-speed attacker path when controls are weak.
• A finance workflow agent can compile invoices, reconcile records, and submit approvals. This is useful only if it uses just-in-time privilege, strong workflow segregation, and explicit human review before irreversible action.
• A research agent can browse internal knowledge bases and external sources, then summarise findings. The risk is not the summary itself, but uncontrolled disclosure of secrets, tokens, or sensitive records during retrieval and tool calls.
• An infrastructure agent can open cloud tickets or restart services. If it is not bound to a service identity with tightly scoped permissions, the result is often overreach that looks like automation success until a failed rollback exposes the blast radius.

Why It Matters in NHI Security

Agentic applications are security-relevant because they consume and exercise non-human credentials. They often require MCP-connected tools, API keys, and delegated access paths that can bypass normal user oversight if not designed as an NHI control problem. NHIMG’s AI LLM hijack breach reporting and the Moltbook AI agent keys breach both show how quickly exposed credentials can become operational compromise.

SailPoint reported that 80% of organisations say their AI agents have already acted beyond intended scope, including unauthorised system access, sensitive data sharing, and credential exposure. That makes agentic applications a governance issue as much as a software design issue. The right control model usually combines ZSP, ZTA, audit logging, and secret isolation, with the NIST AI Risk Management Framework and OWASP Agentic AI Top 10 providing broader risk language. Organisations typically encounter the true cost only after an agent has already accessed the wrong system or leaked a secret, at which point the term becomes operationally unavoidable to address.

Related resources from NHI Mgmt Group

• Agentic Supply Chain
• Where should practitioners go deeper on agentic application risks?
• What is Agentic AI and how does it differ from traditional generative AI?
• What NHI types do Agentic AI systems typically use?