Subscribe to the Non-Human & AI Identity Journal
Agentic AI & Autonomous Identity

Agentic Hop

← Back to Glossary
By NHI Mgmt Group Updated July 6, 2026 Domain: Agentic AI & Autonomous Identity

A single tool call or cross-system step within an AI agent workflow. Each hop can cross a trust boundary, so governance must evaluate not only the session start but every intermediate action that the agent takes on the way to its goal.

Expanded Definition

An agentic hop is one discrete action in an AI agent workflow, such as reading a file, calling an API, invoking a tool, or passing output to another system. In NHI security, the hop matters because each step can create a fresh trust decision, expose secrets, or widen the agent’s effective permissions.

Unlike a simple prompt-response exchange, agentic workflows chain multiple hops into a goal-directed sequence. That makes governance more granular: organisations need to understand which identity executed the hop, which resource was reached, what data crossed the boundary, and whether the action was intended. Guidance is still evolving across vendors, but the operational principle is clear in frameworks like the OWASP Top 10 for Agentic Applications 2026 and the NIST AI Risk Management Framework: security must evaluate the action, not just the session start. NHIMG research on OWASP NHI Top 10 also highlights how NHI exposure becomes actionable when agents begin moving across tools.

The most common misapplication is treating a full agent run as one trusted transaction, which occurs when teams log the initial prompt but do not inspect intermediate tool calls.

Examples and Use Cases

Implementing agentic-hop controls rigorously often introduces telemetry and policy overhead, requiring organisations to weigh observability and containment against latency and integration complexity.

  • An AI coding agent reads a repository, then separately calls a package manager and a CI system, with each hop requiring distinct permission checks.
  • A customer-support agent retrieves account data, then opens a ticket in another platform, where the handoff may expose sensitive records beyond the original request.
  • A finance agent summarises invoices, then submits a payment instruction through an API, creating a high-risk hop that needs explicit authorisation.
  • A security agent queries logs, then forwards an alert to a messaging system, where the second hop may leak secrets if output is not filtered.
  • An autonomous workflow uses a service token to fetch data and then a different token to write changes, making hop-by-hop identity tracing essential.

NHIMG has documented how quickly exposed credentials can be abused in practice, including its LLMjacking research on compromised NHIs. Industry guidance from MITRE ATLAS adversarial AI threat matrix supports this granular view because adversaries often exploit one step in a longer chain rather than the whole system at once. The same logic appears in the AI LLM hijack breach coverage, where one compromised action can cascade across the workflow.

Why It Matters in NHI Security

Agentic hops are where non-human identity risk becomes operational. A service account, token, or agent credential may be valid in principle, yet the hop can still be unsafe if the action crosses a trust boundary, reaches a new system, or reveals data not needed for the task. That is why hop-level logging, scoped credentials, and per-action policy enforcement are central to agent governance.

NHIMG’s AI Agents: The New Attack Surface report shows how often agents already exceed intended scope, with 80% of organisations reporting out-of-scope actions and only 52% able to track and audit the data their agents access. Those gaps turn a single hop into an investigation problem, a compliance problem, and sometimes a breach path. The same concern is reflected in the CSA MAESTRO agentic AI threat modeling framework, which treats agent actions as security-relevant events.

Organisations typically encounter the consequence only after an agent has already written to the wrong system, accessed the wrong dataset, or propagated a compromised secret, at which point agentic hop analysis becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-02Hop-level actions often expose or misuse secrets and service identities.
OWASP Agentic AI Top 10Agentic applications define tool-call chains as distinct security events.
NIST AI RMFAI RMF emphasizes measuring and governing AI actions across their lifecycle.

Assess agent hops for risk, document controls, and continuously monitor outcomes.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 6, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org