Subscribe to the Non-Human & AI Identity Journal
Home Glossary Agentic AI & Autonomous Identity ReAct agent
Agentic AI & Autonomous Identity

ReAct agent

← Back to Glossary
By NHI Mgmt Group Updated June 23, 2026 Domain: Agentic AI & Autonomous Identity

An AI agent that combines reasoning and action in a loop. The system plans, calls tools, observes results, and then revises its next step. In agentic environments, this pattern can expand access risk because decisions and execution happen together.

Expanded Definition

A ReAct agent is an agentic pattern that interleaves reasoning and action: it evaluates a task, selects a tool, observes the output, and revises the next step. In NHI security, that loop matters because each tool call can carry secrets, privileges, and data exposure into the decision path.

Definitions vary across vendors, but the core idea is consistent: the model is not just generating text, it is also executing steps against external systems. That makes ReAct different from a passive chatbot and closer to an operational identity with delegated authority. Guidance from the OWASP Agentic AI Top 10 and the NIST AI Risk Management Framework both reinforce that the risk surface expands when reasoning, planning, and execution are coupled.

NHI Management Group treats ReAct as a governance problem as much as a technical design pattern, because each loop can amplify excessive privilege, prompt injection, or unsafe tool selection. The most common misapplication is treating a ReAct agent like a harmless conversational workflow, which occurs when teams expose tools without scoping credentials, logging actions, or constraining the action loop.

Examples and Use Cases

Implementing ReAct rigorously often introduces latency and control overhead, requiring organisations to weigh faster task completion against tighter approval, auditing, and credential boundaries.

  • A support agent drafts a reply, queries a ticketing tool, and updates case status based on observed context.
  • An engineering agent reads repository state, proposes a fix, runs a build tool, and revises the patch after test failures.
  • A security triage agent inspects alerts, enriches them through an API, and opens a containment workflow when confidence rises.
  • A finance agent checks invoice data, validates records in an ERP system, and prepares a payment action for human review.
  • An identity operations agent looks up service-account usage and recommends rotation after repeated tool observations reveal stale access.

These patterns are discussed in NHIMG research such as OWASP NHI Top 10 and the AI LLM hijack breach, where execution context, not just model output, became the attack path. External guidance in OWASP Top 10 for Agentic Applications 2026 is especially relevant when tool use is conditional on model interpretation rather than fixed workflow logic.

Why It Matters in NHI Security

ReAct agents become sensitive NHI assets because they usually depend on API keys, scoped tokens, certificates, or delegated service accounts to complete the action step. If those credentials are overprivileged, long-lived, or poorly observed, the agent can turn a minor prompt manipulation into a real operational event. NHIMG reports that Ultimate Guide to NHIs — 2025 Outlook and Predictions notes 97% of NHIs carry excessive privileges, which is exactly the kind of condition that makes action-capable agents dangerous.

The practical control question is not whether an agent can reason, but whether each action is authorized, attributable, and limited to a narrow purpose. That is why ReAct design should align with NIST AI Risk Management Framework principles and with NHIMG research on Analysis of Claude Code Security, where tool-mediated execution changes the threat profile. Organisations typically encounter the need for ReAct controls only after an agent has already made an unintended call, at which point the action loop becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10A1Agentic app guidance covers tool use, autonomy, and prompt-driven action loops.
NIST AI RMFAI RMF addresses governance, measurement, and monitoring of AI system risks.
OWASP Non-Human Identity Top 10NHI-02NHI controls cover secret handling and excessive privilege in machine identities.

Assess ReAct agent risks, monitor outputs, and implement human oversight for high-impact actions.

Deepen Your Knowledge

Ultimate Guide to NHIs → NHI Foundation Course → Discussion Forum →
NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on June 23, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.