An attack pattern where the adversary changes how legitimacy is perceived before abusing access. The identity may be authenticated and still be manipulated into taking the wrong action. This is increasingly relevant where humans, bots, and AI assistants decide based on context, tone, and workflow cues.
Expanded Definition
An identity perception attack targets the judgment layer around an identity rather than the login event itself. The actor may already have a valid session, token, or service credential, but the real objective is to alter how humans, bots, or AI assistants interpret legitimacy so they approve the wrong action. In NHI security, this often appears as request shaping, context poisoning, workflow impersonation, or prompt-adjacent manipulation that makes a privileged identity seem expected, urgent, or trusted.
Definitions vary across vendors because the attack can overlap with social engineering, session abuse, and agentic prompt manipulation. The practical distinction is that the attacker is not merely stealing access, but steering decision-making after access is established. This is especially relevant in systems that rely on conversational context or automated routing, where an authenticated identity can still be tricked into executing a high-risk operation. For identity governance context, see Ultimate Guide to NHIs and the OWASP NHI Top 10. The most common misapplication is treating it as a pure phishing problem, which occurs when defenders focus on the credential entry point and ignore post-authentication decision manipulation.
Standards language is still evolving, but the closest external framing comes from MITRE ATLAS adversarial AI threat matrix, which documents manipulation techniques that influence model or agent behavior.
Examples and Use Cases
Implementing defenses against identity perception attacks often introduces friction because systems must verify intent and context without slowing legitimate automation or creating constant human review overhead.
- A service account receives a request that looks routine because it arrives through a trusted workflow, but the context has been altered so the agent forwards secrets to the wrong destination.
- An AI assistant with tool access is presented with a seemingly legitimate follow-up request, then induced to act on stale or attacker-supplied context, as discussed in Anthropic — first AI-orchestrated cyber espionage campaign report.
- A compromised NHI token is not enough on its own, so the attacker impersonates a familiar operator pattern and exploits trust cues inside a queue, chat thread, or ticketing system.
- A developer-facing automation is nudged into approving a deployment because the request appears to come from the normal release path, even though the underlying identity event is anomalous. Similar patterns are visible across the 52 NHI Breaches Analysis.
- A cloud control-plane action is framed as a time-sensitive maintenance need, causing an assistant or operator to bypass the checks that would normally stop privilege escalation, which aligns with guidance in CISA cyber threat advisories.
Why It Matters in NHI Security
Identity perception attacks matter because they exploit the gap between authentication and authorization-by-judgment. In NHI environments, that gap is wider than many teams expect: secrets can be valid, sessions can be active, and the system can still be manipulated into approving unsafe actions. NHIMG research shows that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, which means post-authentication abuse is not an edge case but a common path to impact.
This is where NHI governance intersects with agentic AI safety. A token, certificate, or session may be technically sound while the surrounding workflow has been socially or contextually corrupted. The operational risk is especially high when approval logic depends on tone, request sequence, or prior conversation state. The Ultimate Guide to NHIs — Key Challenges and Risks highlights why visibility and lifecycle controls remain essential, while the Top 10 NHI Issues shows how excessive privilege amplifies the blast radius when perception is manipulated. Organisations typically encounter the consequence only after an assistant, queue, or operator has already approved an unsafe action, at which point identity perception attack response becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | N/A | Covers agent manipulation and tool misuse through deceptive context or prompts. |
| OWASP Non-Human Identity Top 10 | NHI-07 | Maps to abuse of valid NHI sessions and over-trusted service account workflows. |
| NIST CSF 2.0 | PR.AA-01 | Identity proofing and access decisions must resist deceptive legitimacy cues. |
Strengthen identity verification and review anomalous requests before approving action.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 24, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
