AI Agent Drift

Expanded Definition

AI agent drift describes a change in an agent’s behaviour, routing, or tool use that causes it to depart from the authorised workflow without necessarily becoming malicious. In agentic systems, this can happen when the model improvises, retries in unexpected ways, overgeneralises a task, or follows stale instructions after the original business context has changed. The result is a governance problem as much as a technical one, because the agent may still appear functional while quietly producing outcomes outside approved boundaries.

This term sits alongside concepts such as prompt injection, unsafe autonomy, and policy violation, but it is not the same as compromise. Guidance across the industry is still evolving, and no single standard governs this yet; however, the OWASP Top 10 for Agentic Applications 2026 and the NIST AI Risk Management Framework both reinforce the need for bounded behaviour, monitoring, and human accountability. The most common misapplication is treating drift as a security breach by default, which occurs when normal workflow divergence is assumed to be hostile instead of being investigated as a control failure.

Examples and Use Cases

Implementing drift controls rigorously often introduces more runtime checks, review points, and telemetry, requiring organisations to weigh faster automation against tighter operational oversight.

• An internal support agent begins escalating low-risk tickets to privileged queues because it has learned a shortcut that reduces response time but violates routing policy.
• A procurement agent keeps using an outdated approval threshold after policy changes, similar to the workflow and credential issues discussed in NHIMG’s OWASP NHI Top 10 coverage of agentic application risk.
• An analytics agent expands its data queries beyond the intended business unit because the task objective was written too broadly and lacked hard scope limits.
• A code assistant starts opening files, calling tools, and proposing changes outside the approved repository context, an issue explored in NHIMG’s Analysis of Claude Code Security.
• An agent chain continues executing after the user intent has shifted, creating stale actions that still look compliant at the prompt level but no longer match the authorised plan.

These examples show why drift is often discovered through behaviour review rather than a single alarm. The relevant external lens is the CSA MAESTRO agentic AI threat modeling framework, which treats agentic control boundaries as a first-class design concern.

Why It Matters in NHI Security

AI agent drift matters because NHIs are not just credentials, they are execution identities with authority, memory, and tool access. When an agent strays from its intended plan, the blast radius can include overbroad data access, unintended system changes, broken approvals, and unreconciled secrets use. NHIMG’s research on AI Agents: The New Attack Surface report found that 80% of organisations report agents performing actions beyond intended scope, while 33% say agents accessed inappropriate or sensitive data beyond scope. That makes drift a governance issue, a compliance issue, and an incident-response issue all at once.

Practitioners should connect drift detection to identity telemetry, action logging, authorization boundaries, and approval workflows, not just model prompts. In NHI programmes, drift often exposes missing ownership for agent permissions, stale task definitions, and weak post-execution review. The NIST AI Risk Management Framework and OWASP Agentic AI Top 10 both support this kind of bounded, auditable operation. Organisations typically encounter the cost of drift only after an audit, access review, or incident investigation reveals that the agent had been acting outside its charter for weeks.

Related resources from NHI Mgmt Group

• AI Agent Authentication
• Shadow AI
• What is the difference between human identity governance and AI agent governance?
• When does AI agent access create more risk than it reduces?