AegisAgentic
Enterprise Study Guide

Agentic AI & Non-Human Identity Field Guide

Machine identities now outnumber humans 45 to 1. Autonomous agents are entering production. This guide explains what they are, why they break traditional IAM, and how leading enterprises are governing them — with real data, frameworks, and a step-by-step playbook.

See the numbers Open Console

The numbers reshaping identity

Sourced from CyberArk, Gartner, Verizon, CSA, GitGuardian, and MarketsandMarkets (2024-2025).

45×
NHI-to-human ratio[1]

CyberArk 2024 Identity Security Threat Landscape — machine identities outnumber humans 45:1 in the average enterprise.

View source
$2.1T
Agentic AI market by 2030[2]

MarketsandMarkets 2025 — Agentic AI projected ~45% CAGR through 2030.

View source
82%
of breaches involve credentials[3]

Verizon Data Breach Investigations Report 2024 — stolen/leaked credentials remain the #1 breach vector.

View source
70%
of new enterprise apps will embed agentic AI[4]

Gartner — Top Strategic Technology Trends for 2025 (Agentic AI).

View source
<10%
of NHIs are governed today[5]

Cloud Security Alliance — State of Non-Human Identity Security Survey 2024.

View source
12.8M
secrets leaked on public GitHub in 2023[6]

GitGuardian State of Secrets Sprawl 2024.

View source

Live signal — what's happening right now

Pulled live from GitHub Search & Hacker News public APIs. Awaiting refresh.

Chapter 1

What is Agentic AI?

Agentic AI describes systems where Large Language Models don't just answer — they plan, decide, and act. They invoke tools, call APIs, write to databases, and even spawn other agents to complete multi-step goals with minimal human steering.

From chatbot to autonomous worker

  • Reasoning loop: the agent observes, plans, acts, then re-evaluates (ReAct, Plan-and-Execute, Tree-of-Thoughts).
  • Tool use: structured function calls to search, code execution, SaaS APIs, internal databases, RPA bots.
  • Delegation: agents may dispatch sub-agents, creating agent-to-agent trust chains.
  • Identity: every action needs an identity — the agent's own, plus an on-behalf-of (OBO) claim for the user it represents.
Why it breaks IAM: a single user request can trigger 20+ downstream API calls under different scopes. Traditional RBAC, designed for human click-paths, has no model for this.
Chapter 2

What is a Non-Human Identity?

A Non-Human Identity (NHI) is any digital identity not tied to a person — a service account, API key, OAuth client, workload, bot, or AI agent. NHIs authenticate to systems, hold entitlements, and act. They now outnumber employees by 40-50× in cloud-native enterprises.

Service Accounts

Long-lived OS / DB / app accounts used by scheduled jobs and integrations.

Risk High — often shared, rarely rotated.

Workload Identities

Kubernetes pods, VMs, containers using SPIFFE/SPIRE, IRSA, Workload Identity Federation.

Risk Medium — federated short-lived tokens reduce blast radius.

API Keys & OAuth Clients

Static tokens issued to apps, partners, SaaS integrations.

Risk Very High — leaked in Git, CI logs, mobile apps.

RPA Bots

UiPath, Automation Anywhere, Blue Prism bots emulating human workers.

Risk High — often granted broad human-equivalent entitlements.

AI Agents

LLM-driven assistants invoking tools, APIs, and other agents on behalf of a user or task.

Risk Critical — prompt injection, tool misuse, delegated authority.

Autonomous Agentic AI

Multi-step planners that chain agents, write code, and act with minimal oversight.

Risk Critical — emergent behavior, hard-to-audit reasoning, scale of action.

Chapter 3

How industries are responding

Across regulated sectors, three plays dominate 2025 roadmaps: discover-and-vault, federate-and-rotate, and govern-the-agent.

Banking & Finance

SoD enforcement extended to bots; Fed Reserve SR 11-7 model risk review of agentic systems; quarterly NHI access certifications mandated by internal audit.

Healthcare

HIPAA-aligned secret vaulting for Epic/Cerner integrations; bot accounts tagged as ePHI processors; BAA coverage extended to AI agent vendors.

Retail & E-commerce

PCI-DSS v4.0 (March 2025) explicitly requires inventory and rotation of all application/system accounts touching CDE.

Public Sector

OMB M-22-09 Zero Trust mandate; CISA agentic AI threat advisories; FedRAMP Rev 5 controls on workload identity and machine-to-machine auth.

Insurance

Claims-processing RPA estates folded into IGA; agent reasoning logs retained 7 years for regulatory defense; OBO tokens for adjuster-acting agents.

Tech / SaaS

SPIFFE/SPIRE in service mesh; secretless CI via OIDC federation to cloud IAM; agent gateways with per-tool entitlements and rate-limited blast radius.

Chapter 4

Frameworks & standards to know

OWASP Non-Human Identities Top 10 (2025)

Improper offboarding, secret leakage, overprivileged NHIs, insecure cloud deployment, long-lived secrets.

NIST SP 800-207 — Zero Trust Architecture

Identity-centric perimeter; every workload authenticates and authorizes per request.

IETF RFC 8693 — OAuth 2.0 Token Exchange

On-behalf-of (OBO) tokens for agents acting for a user, with audience + scope downscoping.

SPIFFE / SPIRE

Cryptographic workload identity (SVIDs) replacing shared secrets between services.

CSA Agentic AI / MAESTRO Threat Framework

Tool allowlists, action ceilings, human-in-the-loop checkpoints, agent-to-agent trust.

MITRE ATLAS

Adversarial threat matrix for AI/ML systems — prompt injection, model evasion, supply-chain poisoning.

Chapter 5

The 8-step enterprise playbook

A repeatable program to bring NHIs and agents under governance — adopted by leading SailPoint and Saviynt customers.

  1. 1

    Discover

    Inventory every NHI: scan IdP, cloud (IAM/Roles), Git, secret vaults, SaaS audit logs, CI/CD. You cannot govern what you cannot see.

  2. 2

    Own

    Assign a named human owner + backup to every NHI. Orphaned identities are immediately disabled or quarantined.

  3. 3

    Vault & Rotate

    Centralize secrets in HashiCorp Vault / CyberArk / cloud KMS. Enforce 30/60/90-day rotation, prefer short-lived OIDC/STS tokens.

  4. 4

    Least Privilege

    Right-size entitlements per workload; bind scopes to resources and time windows; require JIT elevation for sensitive operations.

  5. 5

    Govern Agentic AI

    Tool/function allowlists, per-tool entitlements, prompt-injection guardrails, action rate-limits, HITL approvals, full reasoning + invocation audit.

  6. 6

    Certify

    Quarterly access reviews that INCLUDE NHIs and agents (most certification programs miss this). Auto-revoke stale access.

  7. 7

    Detect

    Behavioral analytics on token usage, geo/ASN anomalies, off-hours invocations, tool-call sequences outside the agent's normal pattern.

  8. 8

    Offboard

    When an owner leaves or a service is decommissioned, all linked NHIs are disabled within hours — automated, not ticket-driven.

Do this, not that

Do

  • • Issue short-lived OIDC / STS / SPIFFE SVIDs (minutes, not years).
  • • Assign a human owner + backup to every NHI and agent.
  • • Allowlist agent tools per task; require HITL for high-impact actions.
  • • Log agent reasoning + every tool call to an immutable audit store.
  • • Include NHIs and agents in quarterly access certifications.

Don't

  • • Hardcode API keys in repos, CI configs, or container images.
  • • Share one service account across multiple apps or teams.
  • • Grant agents broad admin scopes "just to get it working".
  • • Let NHIs survive their owner's offboarding.
  • • Treat AI agents as software — they need identity governance.
References & Citations

Sources

Every statistic and framework on this page links to its primary source. Reports below were published between 2023 and 2025.

  1. [1]CyberArk 2024 Identity Security Threat Landscape — machine identities outnumber humans 45:1 in the average enterprise. Open
  2. [2]MarketsandMarkets 2025 — Agentic AI projected ~45% CAGR through 2030. Open
  3. [3]Verizon Data Breach Investigations Report 2024 — stolen/leaked credentials remain the #1 breach vector. Open
  4. [4]Gartner — Top Strategic Technology Trends for 2025 (Agentic AI). Open
  5. [5]Cloud Security Alliance — State of Non-Human Identity Security Survey 2024. Open
  6. [6]GitGuardian State of Secrets Sprawl 2024. Open
  7. [F1]OWASP Non-Human Identities Top 10 (2025)Improper offboarding, secret leakage, overprivileged NHIs, insecure cloud deployment, long-lived secrets. Open
  8. [F2]NIST SP 800-207 — Zero Trust ArchitectureIdentity-centric perimeter; every workload authenticates and authorizes per request. Open
  9. [F3]IETF RFC 8693 — OAuth 2.0 Token ExchangeOn-behalf-of (OBO) tokens for agents acting for a user, with audience + scope downscoping. Open
  10. [F4]SPIFFE / SPIRECryptographic workload identity (SVIDs) replacing shared secrets between services. Open
  11. [F5]CSA Agentic AI / MAESTRO Threat FrameworkTool allowlists, action ceilings, human-in-the-loop checkpoints, agent-to-agent trust. Open
  12. [F6]MITRE ATLASAdversarial threat matrix for AI/ML systems — prompt injection, model evasion, supply-chain poisoning. Open

Links open in a new tab. AegisAgentic AI is not affiliated with the cited organizations; trademarks belong to their respective owners.

Put the playbook to work

Generate Architecture Documents, Code, and Governance artifacts tuned to NHI and Agentic AI controls for SailPoint and Saviynt.

Launch Console See Pricing