A machine-readable governance record that describes what an AI agent is allowed to do, why it is acting, what data it may use, how long the permission lasts and how the authority is revoked. It turns behavioural constraints into a controllable policy object.
Expanded Definition
An intent passport is a policy record for an AI agent that binds authorised action to declared purpose, data scope, time limit, and revocation logic. In NHI security, it acts as a governance object rather than a simple permission flag, because the agent’s authority must be interpretable, bounded, and auditable across workflows.
Definitions vary across vendors, but the common thread is the same: the record should answer why the agent is acting, what inputs it may consume, and when the authority expires. That makes the concept adjacent to NIST Cybersecurity Framework 2.0 governance and identity control expectations, while also fitting the NHI lifecycle model described in Ultimate Guide to NHIs. It is not the same as a generic access policy, because an intent passport is meant to travel with the agent’s operation and capture context that static RBAC roles do not express.
The most common misapplication is treating an intent passport as a one-time approval, which occurs when teams issue broad standing access and fail to bind scope, duration, and revocation to each agent action.
Examples and Use Cases
Implementing intent passports rigorously often introduces operational friction, requiring organisations to weigh agent autonomy against tighter review and revocation processes.
- An AI coding agent receives a passport that permits repository read access for a single deployment task, with a two-hour expiry and a defined rollback trigger.
- A customer support agent is granted access to ticketing data only for case summarisation, while excluding payment data and regulated personal fields.
- A finance workflow agent gets a passport tied to invoice reconciliation, allowing limited API calls to ERP systems and automatic revocation after completion.
- A security triage agent is authorised to query logs and create containment tickets, but not to change firewall policy without human approval.
These patterns align with the governance intent of the NHI lifecycle described in Ultimate Guide to NHIs and with the access control discipline expected by the NIST Cybersecurity Framework 2.0. The practical value is that reviewers can inspect a passport before an action begins, rather than reconstructing intent after logs are already dispersed across systems.
Why It Matters in NHI Security
Intent passports matter because agent authority becomes dangerous when it is implicit, persistent, or reused outside the original purpose. Without a clear passport, an agent can drift from a narrow operational goal into broader data access, especially when prompts are chained, tools are added, or temporary exceptions become permanent. That creates governance gaps similar to excessive privilege in service accounts and secrets-driven automation.
This is not a theoretical problem. NHI Management Group research shows that 97% of NHIs carry excessive privileges, a signal that standing authority remains the default in many environments, while the Ultimate Guide to NHIs also notes that only 20% of organisations have formal processes for offboarding and revoking API keys. An intent passport helps close that gap by making expiry, revocation, and permitted scope explicit at the moment authority is granted.
Organisations typically encounter the need for an intent passport only after an agent has accessed data outside its original task, at which point the concept becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agentic security guidance centers on constraining tool use, scope, and autonomous actions. | |
| OWASP Non-Human Identity Top 10 | NHI-01 | Intent passports reduce overprivileged non-human access by enforcing least privilege. |
| NIST CSF 2.0 | PR.AC-4 | Access permissions should be managed and reviewed according to least-privilege principles. |
Bind each agent action to explicit purpose, limits, and revocation before tool execution.
Related resources from NHI Mgmt Group
- What is the difference between logging actions and logging intent for AI agents?
- What is the difference between role-based access and intent-based access for agents?
- What is the difference between RBAC and intent-aware access for autonomous workflows?
- What is the difference between access control and intent governance for AI agents?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
