Multi-hop execution is a chain of actions where one identity or service invokes another, which then invokes another system or tool. In agentic environments, each hop can expand access, change context, or obscure accountability, making the full path more important than any single authentication event.
Expanded Definition
Multi-hop execution describes a linked sequence of delegated actions in which one identity, workload, or agent invokes another service, which then invokes a further tool, API, or system. In NHI and agentic AI environments, the security question is not only whether the first caller was authenticated, but whether each downstream hop was authorised, constrained, and attributable. That distinction matters because context often changes at every step: scopes expand, tokens are exchanged, and policy enforcement may shift between platforms. NIST Cybersecurity Framework 2.0 frames this as an identity and access governance problem inside broader NIST Cybersecurity Framework 2.0 functions, but no single standard yet fully governs hop-level accountability in agentic systems. Definitions vary across vendors when “delegation,” “tool chaining,” and “workflow orchestration” are used interchangeably, so precision is essential. The most common misapplication is treating the initial login as proof of trust for all subsequent calls, which occurs when downstream services inherit privileges without separate policy checks.
Examples and Use Cases
Implementing multi-hop execution rigorously often introduces latency and policy complexity, requiring organisations to weigh stronger containment against the operational cost of more frequent authorisation checks.
- An AI agent receives a ticket summary, calls a retrieval service, then triggers a remediation workflow that opens a cloud API session with broader permissions than the original prompt implied.
- A build pipeline uses one service account to fetch a secret, another to sign an artifact, and a third to deploy it, making the full path visible in the Ultimate Guide to NHIs more important than any single token event.
- A SaaS integration calls a broker service, which then uses a federation endpoint to reach a downstream storage API, illustrating why hop-by-hop audit trails matter in environments aligned to NIST Cybersecurity Framework 2.0.
- A security copilot queries an internal knowledge base and then invokes a change-management API, where each step should be constrained by separate scopes, time limits, and logging.
- A partner-facing automation chain crosses organisational boundaries, creating supply-chain exposure when the second or third hop retains broader credentials than the initial request required.
Why It Matters in NHI Security
Multi-hop execution becomes a security issue when each hop silently accumulates privilege, obscures provenance, or bypasses inspection points that were designed for single-step requests. This is especially dangerous for NHIs because identities are often numerous, long-lived, and overprivileged; NHI Mgmt Group reports that 97% of NHIs carry excessive privileges, which broadens the attack surface when one compromised hop can fan out into several downstream actions. The same risk appears in incident response: a leaked token may not be the final impact vector, but the starting point for chained access into systems that were never directly exposed. Organisations that ignore hop-level governance may satisfy a login control while still losing control of the effective action path. In practical terms, multi-hop execution should be mapped, logged, and bounded as a sequence of decisions, not a single authentication event. The Ultimate Guide to NHIs is the clearest NHIMG reference for why visibility, rotation, and least privilege matter across chained service interactions. Organisations typically encounter the true blast radius only after an agentic workflow or service account compromise, at which point multi-hop execution becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-04 | Multi-hop chains magnify excessive privilege and weak delegation across NHI paths. |
| NIST CSF 2.0 | PR.AC-4 | Access control must govern each downstream action, not only the first authentication. |
| OWASP Agentic AI Top 10 | A1 | Agentic tool chaining is a core risk area when autonomous actions cascade across systems. |
Enforce stepwise approvals, bounded tool access, and auditability for every agent action chain.
Related resources from NHI Mgmt Group
- Why do multi-hop AI agent workflows create more risk than single-agent automation?
- How should security teams govern multi-hop agent delegation chains?
- Why do multi-hop delegation chains increase identity risk?
- How should teams use multi-hop relationships in a knowledge graph for governance decisions?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 4, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org