The rights that allow an identity to modify or retrain a model through actions such as customization jobs or updates. These permissions affect model state, data provenance, and accountability, so they must be treated separately from ordinary runtime access and governed as high-risk administrative actions.
Expanded Definition
Model customization permissions are administrative rights that let an identity alter model behaviour through fine-tuning, retraining, adapters, prompt-tuning, or vendor-supported update workflows. In NHI governance, these permissions are more sensitive than ordinary runtime inference access because they can change the model’s outputs, embedded knowledge, and traceability of training inputs.
Definitions vary across vendors because some platforms treat customization as a separate control plane while others expose it as an API extension of model management. That distinction matters: the right to call a model is not the same as the right to change it. NHI Management Group treats these permissions as high-risk administrative authority that should be scoped, logged, and reviewed independently from application execution rights. The operational baseline is consistent with the concerns highlighted in the OWASP Non-Human Identity Top 10 and broader identity governance principles.
The most common misapplication is granting customization permissions to the same service account used for inference or orchestration, which occurs when teams collapse model operations into a single shared identity.
Examples and Use Cases
Implementing model customization permissions rigorously often introduces workflow friction, requiring organisations to weigh faster model iteration against tighter change control and stronger accountability.
- An ML platform uses a dedicated NHI to launch fine-tuning jobs, while production inference tokens remain read-only and cannot trigger retraining.
- A data science pipeline permits a controlled CI/CD identity to submit adapter updates, with approval gates and immutable job logs for audit review.
- A regulated enterprise allows only a model governance service account to approve training data snapshots, reducing the risk of unreviewed provenance drift.
- An AI agent can query model performance metrics but cannot modify weights, aligning runtime access with separate customization authority.
- For broader NHI context, organisations often discover control gaps only after secret sprawl or privilege misuse; the Ultimate Guide to NHIs — Key Challenges and Risks explains why these failures persist.
These patterns are consistent with guidance from the OWASP Non-Human Identity Top 10, especially where secret handling, privilege scope, and change accountability intersect.
Why It Matters in NHI Security
Model customization permissions matter because they can silently convert a trusted model into a compromised decision engine. If an attacker, overprivileged automation, or misconfigured pipeline can alter training data, tuning parameters, or deployed weights, the result is not just unauthorised access but long-lived integrity damage. That damage is hard to detect because the model may continue operating “normally” while producing biased, unsafe, or manipulated outputs.
This is why NHI Management Group treats customization authority as part of the high-risk administrative surface, not as a routine application permission. The same discipline used for secrets, rotation, and privileged access should apply here, especially when organizations expose model services to third parties or CI/CD tooling. NHIMG research shows that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, which is a useful reminder that AI control planes often fail through identity abuse rather than model math. The issue also aligns with the governance emphasis in the OWASP Non-Human Identity Top 10.
Organisations typically encounter the consequences only after an unauthorized retraining event, at which point model customization permissions become operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Focuses on excessive privilege and control of non-human identities used in model operations. |
| OWASP Agentic AI Top 10 | AI-03 | Agentic systems require strict control over actions that can change model behavior or state. |
| NIST CSF 2.0 | PR.AC-4 | Access permissions must be managed and reviewed for sensitive administrative actions. |
Separate model customization rights from runtime access and enforce least privilege with explicit approvals.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 24, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
