The condition where the person formally responsible for a task is no longer the sole or primary source of its content at execution time. In practice, AI shapes the outcome while identity controls still record human ownership, creating audit and accountability gaps.
Expanded Definition
Runtime authorship drift describes a governance gap where human ownership remains recorded, but an AI agent or other automated system materially shapes the output at execution time. In NHI and agentic AI environments, the label on the task does not match the real decision path.
Usage in the industry is still evolving, and definitions vary across vendors. Some teams treat this as an AI governance issue, while others frame it as an identity accountability problem. NIST’s NIST Cybersecurity Framework 2.0 is useful here because it emphasises traceability, governance, and outcome accountability even when execution is delegated across tools and identities.
The concept matters most when a human approves a workflow but an agent fills in context, selects actions, or writes the final artifact with minimal supervision. The most common misapplication is assuming human approval equals human authorship, which occurs when delegation is present but runtime review, logging, and provenance controls are not.
Examples and Use Cases
Implementing controls against runtime authorship drift rigorously often introduces review overhead and slower execution, requiring organisations to weigh speed against traceable accountability.
- A support engineer signs off on a customer response, but an AI agent drafts the message, pulls incident data, and chooses the escalation path.
- A developer owns a release note, yet a code assistant rewrites the summary and inserts dependency guidance that changes operational meaning.
- An identity admin approves a service account workflow, but an agent rotates secrets, updates permissions, and creates side effects the approver never inspected.
- A procurement manager is recorded as the author of a vendor risk summary, while an AI system aggregates evidence and shapes the final recommendation.
These cases are not just workflow automation. They become security-relevant when the runtime actor can reach secrets, APIs, or privileged actions. The Salesloft OAuth token breach shows how identity and token misuse can turn delegated execution into broad access, especially when accountability trails are incomplete. For implementation guidance, NIST Cybersecurity Framework 2.0 helps organisations connect provenance, logging, and access control to actual operational ownership.
Why It Matters in NHI Security
Runtime authorship drift weakens auditability, non-repudiation, and incident response because the person on record may not understand what the agent actually did. In NHI operations, that gap can hide over-permissioned service accounts, unreviewed token use, or agentic actions that exceed the intended scope of the task.
NHI Mgmt Group research shows that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, which is why accountability gaps at runtime are dangerous. The same pattern appears when teams neglect provenance controls and assume that human approval alone satisfies governance. NIST’s NIST Cybersecurity Framework 2.0 reinforces the need for traceable control ownership, while the Salesloft OAuth token breach is a reminder that delegated access becomes a liability when execution is not tightly bound to identity and intent.
Organisations typically encounter this consequence only after an agent has modified records, exposed secrets, or triggered an incident response review, at which point runtime authorship drift becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A2 | Agentic systems need clear provenance to distinguish human intent from AI execution. |
| OWASP Non-Human Identity Top 10 | NHI-02 | Runtime drift often exposes weak secret and workflow ownership boundaries. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege and access accountability are central when AI acts at runtime. |
Log agent actions and preserve provenance so the approver and executor are never conflated.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 6, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
