It's fair to say, that at this point in time, organizations have moved on from initial Agentic AI experimentation to using them widespread in enterprise workflows. With these changes cybersecurity leaders face an identity challenge: how to govern systems that can act, delegate, and trigger actions without direct human involvement. In this Cyber Security Tribe deep dive, Sumeet Jeswani, Senior Security Specialist, who led the NHI section titled "Agent Identity vs Non-Human Identity" in the recently published OWASP State of Agentic AI Security and Governance Report, explains why traditional approaches to service accounts, API keys, workload identities, and long-lived credentials are no longer sufficient for autonomous agents.
The article is based on a focused interview with Sumeet, structured around the questions most relevant to CISOs and senior security leaders: excessive privilege, agent provenance, intent-bound access, delegation chains, and practical guardrails. It explores why NHI governance is becoming a board-level security issue, not simply an IAM concern. For those organizations embracing AI agents, confident adoption depends on identity controls that operate dynamically, continuously, and with clear accountability.
Question: Non-human identities already appear to outnumber human users dramatically in many enterprises. From a CISO's perspective, why has this become such an urgent governance issue now, especially with the rise of agentic AI?
Barry, that's a really strong question to kick us off with, and honestly one I wish more CISOs were asking right now.
Let me say upfront that agentic AI is genuinely transformative. The use cases I'm seeing in enterprises are remarkable. Agents automating complex workflows, accelerating decisions, operating around the clock without fatigue. The productivity gains are real and the competitive advantage for organizations that get this right is significant. I'm genuinely excited about where this is going.
But that excitement is exactly why the identity governance question matters so much right now. The scale of the NHI problem is something most organizations don't appreciate until they actually go looking. Non-human identities already outnumber human users by 100:1 in most enterprises, with some organizations reporting 500:1. And 97% of those identities carry excessive privileges. That's not an edge case. That's the norm.
For years this was a manageable problem because NHIs were mostly static. A service account did the same job every night at 2am. Predictable, containable. Agents break that model completely. An agent doesn't do the same thing every day. It reasons, adapts, discovers new tools at runtime, and can spawn other agents. Suddenly you have a non-human identity that is dynamic and autonomous, and most organizations are still managing it like it's that 2am service account from 2015.
The gap between how we're governing these identities and what they're actually capable of doing in production is where the risk lives. And closing that gap is what allows organizations to deploy these powerful systems with confidence.
Question: You make a distinction between "identity" and "agent identity." Why is that distinction important, and what should security leaders understand about the difference between authentication, provenance, intent, and authority?
Great question, and I want to gently refine the framing here because precision matters a lot in this space. The distinction worth making is between Non-Human Identity, NHI, and Agent Identity specifically. Not just "identity" broadly, because NHI is already a concept most security teams have some familiarity with, and Agent Identity is something built on top of it. Conflating the two is actually one of the core reasons most identity programs are not ready for agents today.
Here's the cleanest way I can put it. NHI is the digital representation and authentication of non-human entities, traditionally your static service accounts and API keys. It tells you one thing: is this credential valid and authorized to connect? That's it. That question holds perfectly well for a workload that does the same thing every time.
Agent Identity is something fundamentally different. It's a dynamic, cryptographic framework to attest the identity and continuously govern autonomous agents that are capable of independent reasoning and cross-boundary execution. The shift is from verifying that a credential is authorized to connect, to verifying what the holder is actually doing with that authorization, right now, at the moment of each action.
The analogy I keep coming back to is the difference between a door key and a security escort. NHI gives you the key. Agent Identity is the escort that walks beside you through the building, checking at every door whether you should actually be going through it at this moment, for this reason.
That continuous dimension is what traditional NHI simply cannot provide. An agent reasons, delegates to other agents, and discovers new tools at runtime. The question is no longer "can this credential connect" but "who delegated this agent, what is it trying to do right now, and is it still authorized to do it." Until your identity program can answer those questions in real time, not just at authentication time, you don't have agent governance. You have keys that open too many doors.
Question: Many organizations still manage NHIs through service accounts, API keys, workload identities, and long-lived credentials. Why do these traditional approaches become dangerous when autonomous agents are introduced?
I touched on JIT credentials in our previous conversation, so let me go a level deeper because I think the more interesting problem is inheritance, not just theft.
And I want to be clear that none of this is an argument against adopting agentic AI. Quite the opposite. The organizations that figure out credential governance for agents early are the ones that will be able to deploy these systems at scale confidently, while others are pumping the brakes out of fear. Getting this right is a competitive advantage, not just a compliance checkbox.
The core danger with long-lived credentials in an agentic world isn't primarily that they get stolen, although that's still very real. It's that they get inherited silently across agent chains without anyone realizing how far they've traveled.
Think about how a multi-agent system actually works. An orchestrator spawns a sub-agent to complete part of a task. That sub-agent inherits or derives credentials from its parent. Three hops later, you have an agent acting on a credential originally scoped for something completely different, and your audit trail probably doesn't tell you that story clearly.
And then there's the rotation problem. We found in our research that 71% of machine identities are not rotated within recommended timeframes. With a static service account, a stale credential is bad but passive. With an agent that never sleeps, never takes a vacation, and never second-guesses itself, that same stale credential is being actively exercised around the clock.
Traditional NHI approaches were designed for workloads that behave predictably. The answer isn't to slow down agent adoption. It's to modernize the identity framework so it can keep up with what agents are actually doing.
Question: You have argued that static NHI patterns are no longer sufficient for autonomous AI systems. What does a more dynamic, cryptographic framework for governing NHIs look like in practice?
I want to be practical here because this topic can get very theoretical very quickly and CISOs need something they can actually act on.
The shift we need is from point-in-time authentication to continuous credential governance. The building blocks are starting to come together at the standards level. NIST is adapting OAuth 2.0 for agents, the OpenID Foundation is addressing recursive delegation in multi-agent token exchanges, and MCP already mandates OAuth 2.1 flows with resource-scoped tokens. By 2027 I expect auditors to be asking not just what permissions an agent holds, but how those permissions were derived and how revocation propagates through the delegation chain.
In practice, a dynamic framework has three things that static NHI doesn't.
First, task-level credential scoping. Not "this agent has read access to the customer database" but "this agent has read access to this specific customer record, for this specific transaction, valid for the next 15 minutes." The permission expires with the task.
Second, delegation chain logging. Every time an agent delegates to another agent, that delegation is recorded and traceable. You can reconstruct the full authorization chain back to the human who initiated the original request.
Third, behavioral baseline enforcement. You're not just checking credentials at connection time. You're maintaining a model of what this agent normally does and flagging deviations. If an agent that handles expense reports suddenly tries to access HR records, that's not an authentication failure. It's a behavioral anomaly, and your governance layer needs to catch it before the action completes.
None of this requires ripping out your existing infrastructure. It requires layering governance on top of what you already have.
Question: For CISOs trying to reduce excessive privilege across machine identities, where should they start? What are the first practical guardrails or controls that can materially reduce risk?
Start with what's already hurting you, not with what might hurt you.
Here's a number that should focus everyone's attention: just 0.01% of machine identities control 80% of cloud resources. So my first advice is always, don't try to boil the ocean. Pull the thread on your highest privilege non-human identities. The top 10% by permission scope. That's where your real exposure is concentrated. Fix that before you worry about the long tail.
For each of those high-privilege identities, I'd ask three questions. When was this last used? What was the last thing it did? And does the team that owns it even know it exists? That third question gets uncomfortable answers more often than you'd think.
The second guardrail is a "no permanent keys" policy for anything new going into production. You don't have to fix your entire legacy NHI estate overnight, that battle will take years. But you can draw a line today: any new agent deployment gets JIT credentials, full stop. You ring-fence the legacy problem while stopping it from getting worse.
Third, and this is the one I feel most strongly about, put a human review step on credential issuance for any agent that touches financial systems, customer PII, or production infrastructure. Most organizations don't have this today. Credentials are issued programmatically with no human eyes on the scope at all. That's not a technology gap. That's a process gap, and it's fixable tomorrow.
Question: Looking ahead, how should CISOs prepare their identity and access management strategies as AI agents can act, decide, and trigger downstream actions across enterprise systems?
The honest answer is that the IAM strategy most organizations have today was designed for a world where identities are mostly human and mostly static. Both of those assumptions are gone, and that's not a bad thing. It's a sign of how much more capable our systems have become. The question is whether our governance has evolved at the same pace.
The fundamental shift I'd prepare for is treating identity governance as a runtime control, not a configuration control. Today IAM is mostly about setup. Configure roles, assign permissions, write policies, and you're done until the next audit. In an agentic world, that setup is just table stakes. The governance that actually matters happens continuously, while agents are running and delivering value.
There are three capabilities I'd start building now before you need them urgently.
Agent inventory first. You cannot govern what you cannot see. This is the Shadow AI problem I've talked about before, but it hits differently in an identity context. An undiscovered agent with a long-lived credential is a liability you're carrying without knowing it.
Delegation chain visibility second. As multi-agent architectures become normal, you need to trace any action back through every agent that touched it. Without that, incident response becomes incredibly difficult. You're looking for a needle in a haystack without knowing how many haystacks there are.
And finally, privilege right-sizing as a continuous process, not an annual audit, not a quarterly review. Something that continuously flags when an agent's actual behavior diverges from its authorized scope and triggers a human review.
The organizations that build these capabilities now are the ones that will be able to say yes to agentic AI deployments with confidence, because they've built the foundation to govern them properly. That's the goal. Not to slow adoption down, but to make sure the adoption is built to last.
Sumeet Jeswani led the NHI section titled "Agent Identity vs Non-Human Identity" in the recently published OWASP State of Agentic AI Security and Governance Report which is available to download now.
