A customer agent is an AI agent that interacts with external users or operates in customer environments. It must protect tenant boundaries and delegated permissions because it often handles sensitive data across shared infrastructure, which makes isolation and auditability more important than broad capability.
Expanded Definition
Customer agents sit at the boundary between an organisation and external users, so they behave like operational representatives rather than simple chatbots. In NHI terms, the critical issue is not whether the agent is “helpful,” but whether it is constrained by tenant boundaries, scoped delegated permissions, and auditable execution paths. That makes the term closely aligned with the governance concerns described in the OWASP Agentic AI Top 10 and with risk framing in the NIST AI Risk Management Framework.
Definitions vary across vendors, but in practice a customer agent is any AI agent that can read, transform, or act on customer context across shared infrastructure, whether that means a support assistant, account-management agent, or service desk copilot. The distinction from an internal agent is operational: customer agents require stricter isolation, stronger evidence of authorization, and clearer rollback paths because one boundary failure can expose multiple tenants. The most common misapplication is treating a customer agent as a generic conversational interface, which occurs when organisations grant broad backend access without tenant-scoped controls or auditable delegation.
Examples and Use Cases
Implementing customer agents rigorously often introduces more permission design, monitoring, and exception handling, requiring organisations to weigh customer experience speed against isolation and audit cost.
- A support triage agent retrieves account history, but only after verifying the session context and using tenant-scoped credentials.
- An onboarding agent provisions trial access in a SaaS platform while enforcing just-in-time access and recording every delegated action.
- A billing agent explains invoice anomalies by querying internal systems, but redacts secrets and restricts response content to the requesting customer’s tenant.
- An agent that automates password resets or API key recovery must use tightly bounded workflows, because a support shortcut can become an escalation path.
These patterns are easiest to evaluate against agentic risk guidance in the OWASP Top 10 for Agentic Applications 2026 and against real-world incident analysis such as Moltbook AI agent keys breach, where exposed keys turned delegated automation into a credential exposure event. Similar lessons appear in AI LLM hijack breach, where agent behavior became dangerous once external inputs influenced tool use.
Why It Matters in NHI Security
Customer agents are security-sensitive because they frequently operate with the same kinds of credentials, tokens, and API keys that define non-human identities. NHIMG research shows that 97% of NHIs carry excessive privileges, and that makes customer-facing automation a high-value target whenever delegated access is broader than the task requires. The result is not just data leakage, but tenant crossover, unauthorized tool invocation, and audit gaps that make incident reconstruction difficult. That is why zero standing privilege and strong secret hygiene matter here, not as abstract policy but as the practical basis for safe customer interaction.
This is also where guidance from the OWASP NHI Top 10 and the Ultimate Guide to NHIs — 2025 Outlook and Predictions becomes operational: customer agents should be treated as governed identities with revocation, rotation, and traceability requirements, not as one-time application features. The most effective controls usually come from combining identity governance with threat modeling from the CSA MAESTRO agentic AI threat modeling framework and the MITRE ATLAS adversarial AI threat matrix.
Organisations typically encounter the need to define customer agent controls only after a permissions incident, customer complaint, or tenant-boundary breach, at which point the term becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A1 | Agent tool use and boundary failures are central risks in agentic applications. |
| NIST AI RMF | GOVERN | Risk governance covers deployed AI systems that act on external user data. |
| NIST Zero Trust (SP 800-207) | SA-3 | Zero trust requires explicit verification for every access path and resource. |
Enforce tenant-scoped authorization and continuous verification for each agent request.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 5, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
