Welcome to the latest edition of our Non-Human & AI Identity Journal where we cover:   

• What is the NHI Mgmt Group up to? 

• The Non-Human & AI Identity Podcast 

• Our pick from our Non-Human & AI Identity Forum 

• Recent Breaches and Security Incidents 

• Upcoming Events, Webinars, Industry Announcements 

What’s Happening at the NHI Mgmt Group 

Last week we hosted the massive Non-Human & AI Identity Summit at Pavilion at Identiverse, Las Vegas, with close to 300 folks attending the summit with 8 sessions and 25 industry leaders. We then hosted a further 12 sessions at the only dedicated pavilion, all about NHIs and the intersection with Agentic AI. Feedback overall was overwhelming; we received amazing feedback on the content, insights and what folks learned and took away from the summit. 

CSA Keynote – Humans & Now Agents: The NHI Internal Threat Amplified (2026-06-24) — Virtual 

Our founder, Lalit Choda, delivered a keynote talk at the Cloud Security Alliance Agentic AI Security Summit on June 24, 2026. In his talk, “Humans & Now Agents: The NHI Internal Threat Amplified”.   

The Most Comprehensive & Only CPD-Certified NHI Course 

As part of celebrating our huge NHI & AI Identity Summit and Pavilion at Identiverse last week, we are offering a special 33% discount on our CPD Certified NHI Foundation Level course. The course is the most comprehensive and only accredited course in the industry, 5-star rated, that delivers practical guidance on governing, managing, and securing NHIs, including AI agents. 

Use discount code IDV33OFF. Enroll here.

The Non-Human & AI Identity Podcast 

Mr. NHI’s Human Identity in the Hot Seat 

David Lee is in the hot seat this week! As Field CTO at Saviynt, he tackles 10 rapid-fire questions on identity risks that enterprises can no longer ignore. The discussion ranges from unmanaged NHIs to whether AI agents should be viewed as employees or software, highlighting critical governance failures. Lee’s insights delve into whether AI agents should undergo the same scrutiny as human users and the security lapses arising from the rush to deploy agentic AI. Watch the episode here 

Catch up on previous episodes here and join the conversation shaping the future of NHI security. 

Recent NHI & Identity Security Breaches 

Notable breaches and security incidents highlighting the risks of unmanaged non-human identities and AI agents: 

Klue OAuth Supply Chain Breach: How Stolen SaaS Credentials Hit 700+ Organisations 

In June 2026, a breach involving Klue, a market intelligence SaaS platform, exposed OAuth tokens, granting unauthorized access to over 700 organizations’ Salesforce environments. The attack highlighted the risk of long-lived OAuth tokens, which were stored without adequate rotation or expiration policies, leading to a significant supply chain incident. This breach underscores the critical need for security professionals to implement stringent governance over API credentials and regularly audit integration points to minimize the risk of broad unauthorized access. 

Mastra npm Supply Chain Attack: North Korea’s Sapphire Sleet Backdoors 144 AI Packages in 88 Minutes 

On June 17, 2026, North Korea’s Sapphire Sleet group executed a sophisticated supply chain attack on the Mastra AI framework, compromising 144 npm packages by exploiting a stale contributor account with unrevoked publish permissions. The attack involved publishing a trojanized npm package that targeted LLM API keys, cloud credentials, and other sensitive machine identities, executing upon installation and then self-deleting. This incident underscores the critical need for rigorous credential management and automated offboarding processes in software supply chains to prevent similar breaches and protect valuable non-human identities. 

Non-Human and AI Identity Forum Posts 

Our suggested reading for this week from our forum — with over 9,400 articles about NHIs, including Agentic AI. 

• Identity Governance and AI Security: Why Identity Governance Is the First Step to Safe AI Adoption — Clarity Security 

• FedRAMP 20x KSI-IAM: why identity evidence now matters more — Teleport 

• 2025 Cybersecurity Shift: Attackers Target Access, Not Apps — Entro Security 

• Cloud supply chain attacks: what identity teams are missing — Unosecur 

• When Did “Access” Shift from Login to Authorization? Insights Explained — P0 Security 

• Understanding Short-Lived Credentials in Agentic Systems — GitGuardian 

• AI-era application access governance: what IAM teams need to rethink — Saviynt 

• Financial institution credential sprawl: what IAM teams need now — Akeyless 

• Identity lifecycle automation for IT productivity: are your metrics lying? — Lumos 

• Identity-first security in the cloud: what IAM teams need now — PlainID 

• Authn and authz are diverging under modern IAM pressure — Opal Security 

• Identity intelligence and IAM hygiene: what teams are missing — SPHERE 

• Identity attack surface: what it means for IAM and NHI teams — Hydden 

• Custom connectors for IGA: what changes when integration becomes configuration? — ConductorOne 

• Phishing-resistant web authentication: are your controls truly relay-proof? — Scramble ID 

• Enterprise AI agents vs NHIs: what governance model fits? — Aizome 

• Microsoft EntraID governance gaps in mixed enterprise environments — EmpowerID 

Latest Industry Announcements 

Major updates shaping the NHI and identity security space this week: 

• Clarity Security: Clarity Aperture and adaptive trust: what changes for IAM teams? 
• Saviynt’s NHI and AI agent identity scope: what should teams notice? 

• Akeyless: AI agent identity security and runtime access control: what changes? 

• Unosecur: M&A identity security risks and the governance gap teams miss 

• Kong Operator 2.2 and Kubernetes-native control of API platforms 

• SailPoint’s Entro deal: what changes for NHI and AI agents? 

• Riptides: AI agent attribution and access control: what changes for IAM teams? 

• Zenity: AI agent security in public sector environments: what teams miss 

• PlainID: Data classification plus authorization: what IAM teams need to know 

• SPHERE: Privileged account discovery gaps: what IAM teams are missing 

Upcoming Events and Webinars 

To support your learning journey, here are key events happening across the industry. They feature experts discussing the latest challenges and innovations in identity security: 

• NHI Identity Summit 2026: what should teams expect from the agenda? — by GitGuardian 

• Clarity Aperture webinar: what the latest identity risk updates mean — by Clarity Security 

• 47-day certificate lifecycles on June 18: what changes for IAM teams? — by Akeyless 

• Certified access to certified transaction: what changes on June 25, 2026 — by Pathlock 

• Kong Developer Summit 2026 in Los Angeles: what IAM teams should watch — by Kong 

• Trust infrastructure on February 23, 2027: what IAM teams need now — by Keyfactor 

• Copilot exposure and hidden data risk: are your controls keeping up? — by Netwrix 

• AI agent security in the enterprise: are your controls keeping up? — by Zenity 

• AI agent governance is outpacing identity controls at Gartner SRM 2026 — by SailPoint 

• Policy sync across apps and APIs: what does it change for IAM teams? — by Cerbos 

Are you planning a NHI Program in 2026 including Agentic AI? 

As the premier authority on Non-Human Identities, with over 20 years of hands-on experience managing $10M–$20M+ global NHI programs, we offer independent guidance and advice tailored to your needs. Our expertise spans risk and maturity assessments, program initiation and hands-on execution, ensuring your organisation stays ahead of evolving threats and maximises risk reduction. Reach out here for a free initial consultation. 

Lalit Choda 

Founder of the NHI Mgmt Group