Non-Human Identity (NHI)
Definition
Non-Human Identities (NHIs) are digital credentials assigned to software workloads — services, bots, automation scripts, and AI agents — rather than to human users. In the context of agentic AI, NHIs encompass every API key, service account, certificate, OAuth token, and JWT issued to an AI agent so it can authenticate to internal or external systems.
Aliases / Variants
- Machine identity — broader term covering all software principals
- Workload identity — often used specifically for cloud-native, certificate-based identity (e.g., SPIFFE SVIDs)
- Service account — legacy term for IAM principals bound to a software service
- NHI — preferred shorthand in recent vendor and analyst discourse
NHI taxonomy
Eleven distinct types, each with different rotation, ownership, and detection profiles (per What Are Non-Human Identities? (Oasis Security)):
| Type | Authentication mechanism | Rotation profile |
|---|---|---|
| Service Account | Username/password or service-account secret | Decoupled (secret separate from principal) |
| Service Principal | Client secret or certificate | Decoupled |
| System Account | OS-issued, typically high privilege | Decoupled |
| IAM Role (AWS-style) | Temporary STS session credentials | Decoupled, short-lived |
| API Key | Static key | Decoupled |
| Machine Identity (VM / container / serverless) | Cloud-issued cert / SVID | Decoupled |
| OAuth Token | Time-limited bearer | Decoupled |
| TLS / mTLS Certificate | Asymmetric key | Decoupled |
| Storage Access Key | Long-lived, broad-permission | Coupled (see Identity-Credential Coupling) |
| SAS Token (Azure) | Time-limited, granular | Coupled |
| Personal Access Token (PAT) | Developer-generated | Often coupled (the token IS the access) |
| Database User | Application-level | Decoupled |
The coupled rows are where the credential string IS the identity — rotation is identity rotation. See Identity-Credential Coupling for implications.
Why NHI Matters for Agentic AI
AI agent deployments dramatically amplify the NHI problem in three ways:
- Scale: Each agent (and often each agent task) may require one or more credentials. Large multi-agent systems can generate thousands of identities quickly.
- Ephemerality: Agents can be spun up and torn down dynamically; their credentials may not be systematically revoked.
- Autonomy: Unlike a human who can be asked to justify an action, an agent may exercise credentials in ways that are opaque without purpose-built tracing.
The result is an NHI estate that grows rapidly, is poorly inventoried, and is a high-value attack surface.
Scale evidence (triangulated)
| Source | Metric | Year | Type |
|---|---|---|---|
| CyberArk | 82:1 machine-to-human identity ratio | 2025 | Vendor (Vanson Bourne survey, n=2,600) |
| Rubrik Zero Labs | 45:1 average; up to 100:1 in some orgs | 2025 | Vendor |
| arXiv 2503.18255 | 50K → 250K machine identities per enterprise (400% growth) | 2021–2025 | Academic preprint |
| SailPoint Horizons of Identity Security 2025–2026 | 69% of orgs have more machine than human identities; ~half deploy 10× more | 2025–2026 | Vendor (n=375 IAM decision-makers, methodology disclosed) |
| Verizon DBIR 2025 | Third-party breach involvement doubled YoY (15% → 30%), driven by ungoverned machine accounts | 2025 | Industry survey (annual, methodology disclosed) |
| GitGuardian / Verizon 2025 | 441,780 exposed secrets in public repos; 39% web-app infra (66% JWTs) | 2025 | Industry-data quantitative |
| IBM 2025 Cost of a Data Breach | 10.22M US average; explicit recommendation for NHI controls | 2025 | Industry survey (Ponemon methodology) |
| ENISA Threat Landscape 2025 | Confirms identity- and credential-themed risk acceleration | 2025 | EU government |
Different sources differ on the exact ratio (45:1 vs 82:1; SailPoint reports 69% of orgs have more machine than human, ~half 10×) but agree on the structural point: NHIs outnumber humans by an order of magnitude or more, and growth is exponential. The exact 82:1 figure is single-vendor and should be cited as CyberArk-specific; the directional claim is well-corroborated. See Source Triangulation Audit §Claim 1.
Why human-identity controls fail for NHIs
Eight structural differences make HR-driven IAM and credential-storage-focused PAM unsuitable (per What Are Non-Human Identities? (Oasis Security)):
| Property | Human | NHI |
|---|---|---|
| Centralization | IT-managed, single source of truth | Decentralized; created by developers / IT / IaC |
| Ownership | Tied to individual | Often unowned; shared across teams / apps |
| Scale | Linear with headcount | 10–100× human count, growing exponentially |
| Rate of change | HR-driven (joiner/mover/leaver) | Code-pace (per commit / per deploy) |
| Provisioning | IT-mediated | Developer-driven, often invisible to IT |
| Secret expiration | Frequent password rotation | Often never rotated; sometimes no expiration |
| Operational risk of rotation | Low | High (rotation breaks production workflows) |
| Authentication factor diversity | Three-factor + MFA + SSO | Single-factor (the secret); no MFA equivalent |
The implication is that legacy IAM/PAM cannot be retrofitted for NHIs at scale — purpose-built tooling is required.
Real-world incident anchors
| Incident | Vector | NHI lesson |
|---|---|---|
| Microsoft AI Storage Breach | Misconfigured SAS token | 38TB internal data exposed (passwords + private keys); coupled identity-credential — see Identity-Credential Coupling |
| CircleCI Breach | OAuth token compromise | Mass-rotation across thousands of customer environments — rotation infrastructure must be tested |
| Mercedes-Benz Breach | Service accounts with excessive privileges | Long-lived, over-permissioned NHIs are persistent attacker access |
Relationship to DSPM
The paper draws an explicit analogy: NHI vendors are to agent credentials what DSPM (Data Security Posture Management) vendors were to data sprawl. Just as DSPM helped enterprises discover and govern data that had proliferated across cloud stores without oversight, NHI tooling helps discover, classify, and govern the machine credentials that AI agents accumulate.
Framing from source
“Improper management of credentials related to NHIs is a people and process problem, not so much a technology problem.” — Insight Partners, 2025
Governance Capabilities
NHI governance solutions typically provide:
- Discovery — inventory all machine identities across cloud, SaaS, and on-prem
- Lifecycle management — rotation, expiry, and revocation of credentials
- Scoped permissions — enforce least-privilege for each agent identity (extends into Identity Security Posture Management / ISPM)
- OAuth / API scope governance — visibility and control over what OAuth tokens and API scopes agents have been granted
Credential Zero Problem
A foundational challenge: an agent must authenticate to a secrets vault or IdP to retrieve its working credentials. This bootstrapping step is the Credential Zero problem. Solutions include SPIRE certificates baked into the workload at deploy time, which avoid storing static secrets entirely.
Where It Appears
- AI Agent Identity Architecture — architectural context for NHI in agentic systems
- Securing the Autonomous Future: Trust, Safety, and Reliability of Agentic AI — primary source introducing NHI framing for agents
Related Concepts
- AI Agent Identity Architecture — the full architecture within which NHI sits
- Agent Observability — action-to-identity tracing requires knowing which NHI took which action