The Non-Human & AI Identity Journal – Edition 58

Welcome to the latest edition of our Non-Human & AI Identity Journal where we cover:  

• What is the NHI Mgmt Group up to? 

• The Non-Human & AI Identity Podcast 

• Our pick from our Non-Human & AI Identity Forum 

• Recent Breaches and Security Incidents 

• Upcoming Events, Webinars, Industry Announcements 

• NHI Foundation Level Course 

• Planning an NHI Program in 2026 

What’s Happening at the NHI Mgmt Group 

Identiverse 2026 – Non-Human & AI Identity Summit & Pavilion (2026-06-15) — Mandalay Bay, Las Vegas 

Just 1 week to go to the biggest Non-Human & Agentic AI Identity Summit, taking place on June 15, 2026, at Mandalay Bay, Las Vegas that our NHI Mgmt Group is hosting. A half day event covering 8  sessions and 24 thought leaders across the industry. This event is a must-attend for those eager to stay at the forefront of innovation and security in the rapidly evolving landscape of AI identity.   

The Non-Human & AI Identity Podcast 

The latest episode of The Non-Human & AI Identity Podcast is now available. 

**Ep #11 – Securing AI Agents In Runtime** 

In this episode, Oded Hareven, CEO and Co-Founder of Akeyless, explores the unique security challenges posed by AI agents, highlighting the inadequacy of traditional identity frameworks. He delves into the concept of runtime authority, emphasizing why static entitlements and session tokens fall short in governing non-deterministic behavior. Watch the episode here.

Catch up on previous episodes here and join the conversation shaping the future of NHI security. 

NHI & Identity Security Breaches 

Inside the Shai-Hulud Campaign: npm Malware Attack Exposes Secrets on GitHub 

The Shai-Hulud malware campaign targetted over 500 npm packages to harvest sensitive information from developer environments, including API keys, environment variables, and cloud provider secrets. These credentials were exfiltrated to GitHub repositories controlled by attackers, exploiting the widespread reuse of npm packages and dependency chains. The breach underscores the vulnerability of the open-source supply chain and the risk of large-scale credential theft, emphasizing the need for security professionals to implement rigorous monitoring and validation of dependencies to protect against such sophisticated threats. 

Non-Human and AI Identity Forum Posts 

Our suggested reading for this week from our forum — with over 2,700 articles about NHIs, including Agentic AI. 

• Multi-site auditability gaps: are your logs enough for compliance? — Teleport 

• AI agent visibility and the governance gap teams are missing — SailPoint 

• 900K Users Affected by Malicious AI Chrome Extensions — Astrix Security 

• Understanding NHI Risks of Active Directory Service Accounts — Entro Security 

• Why Privileged Access Tech Fails as Environments Evolve — P0 Security 

• Unpacking the Mythos-Ready Briefing: Key Insights on AI Credentials — GitGuardian 

• Why AI Agents Struggle to Keep Secrets: Unveiling the Truth — Akeyless 

• Why Access Risk Outpaces Cloud Security: Key Insights Revealed — Token Security 

• How Identity Leaders Can Choose the Right IAM Vendors in 2026 — Clarity Security 

• AI agent lifecycle governance: are your controls keeping up? — Saviynt 

• Vercel Attack 2026: How a Major Web Platform Was Compromised — Unosecur 

• User access reviews at scale: are manual controls keeping up? — Delinea 

• How should teams respond when AI finds vulnerabilities faster than defenders? — Silverfort 

Latest Industry Announcements 

Major updates shaping the NHI and identity security space this week: 

• SailPoint: How should teams govern Databricks AI agents before access sprawl grows? 

• Saviynt: How should APJ teams treat identity as a strategic control plane? 

• Unosecur: On-prem identity gaps: what IAM teams need to fix now 

• Securing the Agentic Workforce: Cisco Announces Intent to Acquire Astrix Security 

• Akeyless Achieves FIPS 140-3 Validation: Why It Matters for Cybersecurity 

• Descope: How should teams govern AI agent identities in MCP workflows? 

• Unlocking AI + SaaS Security: Grip Security + Cyera’s Identity Integration 

• Unlocking Control: Cyera’s Agent Graph for Securing AI Agents 

• CrowdStrike Launches Project QuiltWorks to Tackle AI-Driven Cybersecurity Risks 

• Secure Agent Traffic with Ping Identity’s Google Cloud Gateway 

Upcoming Events and Webinars 

To support your learning journey, here are key events happening across the industry. They feature experts discussing the latest challenges and innovations in identity security: 

• OWASP Global AppSec EU 2026: what should AppSec teams prepare for? — by GitGuardian 

• How should identity teams adapt governance for agentic AI? — by SailPoint 

• Live insights briefing: AI agent identity risk – June 4 — by Akeyless 

• GRC maturity for application access governance on 2026-06-16 — by Delinea 

• Governance in motion lab on June 9: what changes for IAM and GRC? — by Pathlock 

• How should teams govern non-human identities as AI agents scale? — by Omada Identity 

The Most Comprehensive & Only CPD-Certified NHI Course 

Our CPD Certified NHI Foundation Level course delivers practical guidance on governing, managing, and securing NHIs, including AI agents. Developed by Mr NHI, it’s designed for beginners, security professionals, and IT leaders, with hundreds of learners and an average 5-star rating. 

Enroll here.

Are you planning a NHI Program in 2026 including Agentic AI? 

As the premier authority on Non-Human Identities, with over 20 years of hands-on experience managing $10M–$20M+ global NHI programs, we offer independent guidance and advice tailored to your needs. Our expertise spans risk and maturity assessments, program initiation and hands-on execution, ensuring your organisation stays ahead of evolving threats and maximises risk reduction.

Reach out here for a free initial consultation.