Mediated credential use means the agent never directly holds the underlying secret. Access is routed through a control layer that binds credentials to specific destinations, reducing the chance that secrets are copied into the model context or reused outside the intended workflow.
Expanded Definition
Mediated credential use is a control pattern for non-human identities in which an agent is allowed to act, but never directly receives the underlying secret. A broker, vault, workload identity service, or policy enforcement layer issues scoped access only when a request matches approved destinations, time windows, and action boundaries.
This differs from simple secret storage because the control objective is not just hiding the credential. It is constraining where and how an agent can use it, so the secret is not copied into prompt history, logs, tool output, or reusable state. In NHI security terms, the pattern sits between static secret distribution and fully ephemeral workload identity, and usage in the industry is still evolving because vendors describe it differently. The OWASP Non-Human Identity Top 10 treats this problem as part of broader secret exposure and over-permissioning risk, while NIST SP 800-63 Digital Identity Guidelines provides the identity assurance lens that many programs use when mapping human-grade controls to workload access.
The most common misapplication is treating mediated use as equivalent to secret vaulting, which occurs when an agent still caches or relays the credential through model context or tool memory.
Examples and Use Cases
Implementing mediated credential use rigorously often introduces workflow latency and policy complexity, requiring organisations to weigh tighter control against more orchestration effort.
- A code-generation agent requests database access through a broker that returns a short-lived token only for one approved schema and one named service.
- A support agent can trigger a ticketing API through a mediation layer, but the API key never appears in prompts, transcripts, or exported logs.
- A CI/CD pipeline uses a control plane to mint destination-bound credentials at runtime, reducing reuse across build jobs and environments, similar to the attack patterns described in the CI/CD pipeline exploitation case study.
- An AI assistant retrieves cloud metadata through a bounded proxy rather than holding the cloud secret itself, aligning with the secret-sprawl concerns in the Guide to the Secret Sprawl Challenge.
- A software supply chain workflow mediates package publishing credentials so that a compromised agent cannot repurpose them outside the intended repository or release job, as seen in the Shai Hulud npm malware campaign.
These patterns are most useful when teams want delegated autonomy without granting durable secret possession, especially where trust must be narrowed to a specific destination or transaction.
Why It Matters in NHI Security
Mediated credential use matters because most NHI compromises begin with secret exposure, overbroad reuse, or an agent path that leaks credentials into places defenders cannot reliably inspect. NHIMG research shows that 23.7% of organisations still share secrets through insecure methods such as email or messaging applications, and that operational habit becomes far more dangerous when the secret is reachable by an agent that can copy, summarize, or forward it. The LLMjacking: How Attackers Hijack AI Using Compromised NHIs research also shows attackers can move quickly once exposed credentials appear online, which is why mediated use is often paired with short-lived access and destination binding.
This concept is especially important for governance because it helps separate agent permission from secret custody. It also forces designers to define where control ends, including logging, escalation paths, and fallback access, instead of assuming the model will behave safely with raw secrets. Organisational weakness often remains invisible until a breach, prompt leak, or pipeline compromise reveals that an agent had durable access it never should have held, at which point mediated credential use becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST SP 800-63 and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Mediated access reduces secret exposure and reuse, which maps to non-human secret management risk. |
| NIST SP 800-63 | Identity assurance concepts inform how workload access is issued and constrained. | |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access and permission management underpin mediated credential use. |
Replace direct secret possession with brokered, destination-bound access and review every agent secret path.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
