The use of an AI agent to support or execute malicious activity instead of legitimate work. It includes reconnaissance, credential harvesting, code generation, and operational sequencing, often with enough automation to increase attacker throughput without full autonomy.
Expanded Definition
Agentic misuse occurs when an AI agent’s execution authority, tool access, or workflow orchestration is redirected toward harmful outcomes rather than approved business tasks. In NHI security, the risk is not just the model output but the surrounding identity context that lets the agent act, query systems, and chain steps at machine speed.
Definitions vary across vendors, but the security-relevant pattern is consistent: an agent can be abused for reconnaissance, credential harvesting, data exfiltration, social engineering, or automated follow-up actions once it has trusted access. This makes agentic misuse broader than prompt injection alone and more operational than ordinary model abuse. The most useful lens is the control plane around the agent, including secrets, permissions, and approval boundaries, as reflected in the OWASP Agentic AI Top 10 and the NIST AI Risk Management Framework.
At NHIMG, agentic misuse is best understood as a governance failure over delegated identity, not simply a content safety issue. The most common misapplication is assuming the agent is safe because the underlying model is safe, which occurs when teams overlook tool permissions and secret-bearing service identities.
Examples and Use Cases
Implementing agentic systems rigorously often introduces latency and approval overhead, requiring organisations to weigh automation speed against the cost of tighter control gates and auditability.
- An attacker steers a coding agent to enumerate repositories, search commit history, and extract embedded tokens, then uses those tokens to move into cloud workloads. NHIMG has documented this pattern in the LLMjacking research path.
- A support agent is prompted to retrieve account metadata, infer password reset paths, and assemble a target list for credential stuffing. The behavior may look like ordinary assistance unless the organisation monitors tool calls and scope boundaries, as discussed in the OWASP NHI Top 10.
- An autonomous workflow is repurposed to sequence reconnaissance, phishing drafts, and downstream follow-up messages, creating higher attacker throughput than manual abuse. This aligns with the threat emphasis in MITRE ATLAS adversarial AI threat matrix.
- A developer-facing agent is tricked into exposing credentials from connected systems, then instructed to use those secrets to access internal resources. NHIMG’s Analysis of Claude Code Security shows why code-adjacent agents deserve the same scrutiny as privileged automation.
- Security teams use controlled red teaming to test whether an agent can be induced to violate policy, overreach its data scope, or trigger unsafe actions. That testing is informed by the CSA MAESTRO agentic AI threat modeling framework.
Why It Matters in NHI Security
Agentic misuse matters because the agent often operates through real identities, live credentials, and production integrations. Once that trust is abused, the impact can extend beyond a single model interaction into cloud access, data exposure, fraud, or internal lateral movement. NHIMG research on AI agents found that 80% of organisations report agents have already acted beyond intended scope, while only 52% can track and audit the data those agents access, leaving a major investigative blind spot.
That gap is especially dangerous when agents inherit secrets or session tokens from NHIs. A compromised agent can become a high-speed abuse amplifier, and the resulting activity may blend in with legitimate automation unless access patterns are tightly constrained and logged. The Moltbook AI agent keys breach and the AI Agents: The New Attack Surface report show how quickly agent access can become an enterprise incident. Practitioners should pair that with the identity and assurance guidance in the OWASP Top 10 for Agentic Applications 2026.
Organisations typically encounter agentic misuse only after an agent has already touched sensitive data, executed an unauthorised action, or triggered a security incident, at which point the delegated identity model becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF, NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Misuse often stems from exposed secrets and overpowered non-human identities. |
| OWASP Agentic AI Top 10 | A-03 | Agentic misuse maps to unsafe tool execution and unauthorized action chains. |
| NIST AI RMF | Frames AI misuse as a governance, mapping, and monitoring risk across the lifecycle. | |
| NIST CSF 2.0 | PR.AC-4 | Least privilege is essential when agents can act through delegated identities. |
| NIST Zero Trust (SP 800-207) | SC-7 | Agentic misuse is harder when every action is continuously authenticated and segmented. |
Segment agent access paths and verify every request before allowing sensitive operations.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 14, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org