The non-human identity (NHI) problem was always the same problem: too many service accounts, too few owners, too many secrets in too many places. They sat where we left them, quietly piling up privilege, outliving the engineer who created them. Eventually someone, an auditor, sometimes an attacker, went looking and found them.
Agents are a different problem.
What Carries Over
Agents are non-human, so they still need credentials, scopes, and lifecycles. They will sprawl if you let them. They will leak secrets if you let them. Everything the NHI playbook taught, short-lived tokens, scoped permissions, owner tags, kill switches, still applies, and applies faster, because agents spin up and tear down at a pace service accounts never did.
If you skipped NHI hygiene, you will fail agent hygiene faster.
Where the Analogy Breaks
The NHI problem was a problem of neglect. Service accounts didn’t do anything wrong. They sat there and waited. The risk was that you forgot them; ownership lost in a re-org, scopes granted in 2019 still live in 2024, the cron job written by an intern still the most privileged thing in your environment. Orphaned, over-permissioned, undocumented. The attacker’s job was to find the forgotten thing. The defender’s job was to not forget.
Agents are the opposite. Agents have owners. Agents have a team. Agents are given a job: process invoices, triage tickets, reconcile accounts. They are not orphaned the moment they are created. Ownership and purpose come baked in. The hygiene side actually gets easier.
What gets harder is everything else.
Agents Don’t Sit. They Move.
A service account does what it was scripted to do. An agent does what it decides to do, within the room its prompt and tools give it. That room is the new attack surface, and it does not look like anything we built defenses for.
An agent with access to your CRM, your email, and your billing system is not an identity that does X. It is an identity that does X today, X’ tomorrow when the prompt shifts, and something nobody predicted the day a customer email contains a line that nudges its reasoning. The identity is stable. The behavior is not.
This breaks NHI tooling. The NHI question was: what is this account allowed to touch? The agent question is: what is this agent doing right now, and is that what its owner asked it to do?
You cannot answer that with a credential scan. You cannot answer it with a permission audit. You can barely answer it with logging, the logs will show valid calls, valid tokens, and actions the agent has every right to take. Wrong, but allowed.
Identity Plus Intent
Agent identity, taken seriously, is more than a credential and a permission set. It is the credential plus the purpose the agent was deployed for, the owner accountable for it, and continuous evidence that today’s actions still line up with both.
That gap between what an agent is allowed to do and what it should be doing is where business logic abuse lives. It is also where WAFs, SIEMs, and identity providers go blind, because every call looks technically valid.
At AppSentinels, we map every object, every ownership relationship, and every access path into a Business Logic Graph, then continuously red-team it for missing authorization, privilege escalation chains, and intent drift. The graph sees the gap the other tools can’t.
Service accounts were a problem of what you forgot. Agents are a problem of what they decide. The defenses do not transfer.
Book a demo to discover how to protect agent workflows, APIs, and business logic.
Frequently Asked Questions
What is agentic identity, and how is it different from non-human identity (NHI)?
Why can’t traditional NHI security approaches fully secure AI agents?
What are the key security risks associated with AI agents?
Why is visibility into agent behavior important?
How should organizations approach securing agent-based systems?
