The board approved the AI strategy. It probably did not approve what came with it: a growing population of non-human identities that no existing governance structure can account for.
Every AI agent your organization deploys creates or consumes credentials: API keys, OAuth tokens, service accounts, short-lived session tokens. In a single agentic pipeline, one agent spawns Agentlets, each Agentlet calls external APIs, and each API call may generate or inherit a credential. Non-human identities already outnumber human identities at a ratio of 45 to 1 in enterprise environments; in cloud-native deployments that ratio reaches 144 to 1.1 AIgentic deployment does not change the ratio. It changes the rate, and the rate is what breaks existing governance.
The governance problem this creates is not technical. It is a duty-of-care problem. Two regulatory instruments that many of your organization’s AI deployments already fall under are specific about what is required. The question is whether the board can demonstrate it knew.
Non-human identity (NHI): Any credential, token, or service account that represents a system, application, or agent rather than a human user. NHIs include the API keys AI agents use to call external services, the OAuth tokens that authorize one system to act on behalf of another, and the workload credentials that grant an agent access to cloud resources.
NHI sprawl: The condition in which NHIs multiply faster than any inventory process can track, leaving the organization unable to answer basic questions: which agents hold which credentials, what those credentials can access, and which of them are still active.
Human sponsorship model: A governance requirement that every NHI is formally owned by an identified human accountable for its scope, its use, and its revocation. Without this model, NHIs exist without authorization chains, and without authorization chains, no audit trail is complete.
Together, these three concepts describe the governance exposure: sprawl without sponsorship produces a population of active credentials that no one formally owns and no regulator can be shown evidence of control over.
Boards that approve AI deployment are approving credential creation at a scale their governance structures were not built for
Docusign CISO Michael Adams has observed that AI systems generate non-human identities, including credentials and tokens, faster than many inventory processes were designed to track, a condition that leaves the NHI population never accurately known. That is not a vendor complaint about tooling. It is a description of a structural condition that applies to any organization running AIgentic systems at operational scale. A CSA and Oasis Security study found that 78% of organizations lack formal policies for creating or removing AI identities, and 92% are not confident their legacy IAM tools can manage the risks that AI and non-human identities introduce, according to the CSA and Oasis Security State of Non-Human Identity and AI Security survey (January 2026, n=383).2
Nearly 75% of enterprise leaders surveyed by Deloitte plan to deploy AIgentic AI within two years, according to Deloitte’s 2026 State of AI in the Enterprise report.3 The governance infrastructure to manage the resulting NHI population is not yet in place at most of those organizations, meaning scale and compliance exposure will compound simultaneously.
This is the baseline condition your board should understand before the next approval decision on an AIgentic initiative.
DORA Article 9 and EU AI Act Article 14 impose obligations that current agentic architectures routinely cannot satisfy
DORA Article 9(4)(c) requires EU financial entities to limit the physical or logical access to information assets and ICT assets to what is required for legitimate and approved functions and activities only, in force since January 17, 2025. This is a least-privilege mandate. It applies to every credential an AI agent carries, not only to human user accounts. The agent that connects your workflow automation to a financial data system carries ICT access credentials. Under DORA, those credentials are in scope.
DORA Article 10 requires financial entities to implement mechanisms to promptly detect anomalous activities across their ICT estate, including ICT-related incidents. In an agentic pipeline, anomalous credential use by a compromised agent may be the first and only detectable signal of a breach. Without monitoring designed for non-human identity behavior, the obligation cannot be met.
EU AI Act Article 14 requires high-risk AI systems to be designed so that natural persons can effectively oversee them, including the ability to interpret outputs, override decisions, and halt operations. These obligations take effect August 2, 2026 for systems classified under Annex III. Whether a fully autonomous multi-agent pipeline, one in which no human is present in the decision loop at the point of consequential action, satisfies Article 14’s oversight requirement is an open legal question. No authoritative guidance has resolved this for agentic architectures as of mid-2026. Organizations subject to the Act should treat this as a question for legal counsel before deployment, not a threshold a technical team can settle at architecture review.
The gap between what these instruments require and what most deployed agentic architectures currently provide is not a compliance program problem. It is an architecture problem that the board’s approval decisions either closed or left open.
What does it mean for a board to exercise duty of care on NHI governance?
Duty of care in this context means demonstrating, at the time of the approval decision, that the board understood what credentials its AI systems would carry, what access those credentials confer, what oversight controls would govern them, and what the organization’s response would be in the event of compromise. The evidence from the March 2026 Vertex AI “Double Agent” incident is instructive. In that case, an overprivileged Google-managed service account allowed a compromised agent to pivot across cloud resources, extract credentials, and reach restricted internal artifacts, exploiting excessive default permissions rather than any authentication bypass. The credential configuration that enabled the breach was a design-time decision, not an operational failure. The board that approved the deployment inherited the exposure without, in all likelihood, being shown it.
A board that cannot answer four questions has not exercised duty of care on NHI governance: which agents are authorized, on whose authority, what access do their credentials confer, and who is responsible for revoking them when the agent is decommissioned?
Governing non-human identity requires a sponsorship model, not better tooling
The instinct to solve NHI sprawl by procuring a dedicated NHI management tool is understandable. However, tooling without a governance model produces an inventory that no one acts on. The prior question is structural: who owns each agent’s credentials, and what is their accountability for scope and revocation?
The human sponsorship model answers that question. Every non-human identity requires an identified human sponsor accountable for its scope, its authorized use, and its offboarding when the agent is retired. This is not technically complex. It requires the same governance discipline as any other access authorization: a named owner, a defined scope, and an expiration or review date. What it does require is that the board’s approval of an AI deployment is accompanied by a sponsorship assignment, not delegated to the technology team as an implementation detail.
For a board governing a regulated financial entity, as explored in Who’s Running Your Organization? The Identity Challenge of the AI Agent Era, the accountability question is existential: if a regulator asks which humans are accountable for the access decisions your agents made last quarter, the answer needs to exist in a governance record, not in someone’s memory of who built the system.
What does “zero standing privilege” mean in practice for the board?
Zero standing privilege (ZSP) means an AI agent holds no persistent credentials between tasks. Each operation requests exactly the access it needs, for exactly the duration required, and the credential expires at task completion. It is the non-human identity equivalent of requiring employees to check out building access cards rather than carry permanent badges. The IETF WIMSE working group draft on AI agent identity proposes dual-identity credentials that cryptographically bind each agent’s credential to an identified human owner, making every access decision traceable to a sponsoring human regardless of how many Agentlets a pipeline spawns (draft-ni-wimse-ai-agent-identity-02, an individual Internet-Draft without IETF endorsement, expiring September 2026). For the board, the significance is not the technical mechanism. It is that zero standing privilege makes the authorization chain auditable in a way that persistent, over-scoped credentials never can be.
Zero standing privilege and human sponsorship constitute a governance design pattern: a set of structural disciplines any organization can implement without a specialized platform. The requirement is deliberate policy: credential scope defined at provisioning, a named human accountable for each agent’s authorized access, and a defined revocation process for when the agent is retired. No novel infrastructure separates organizations that govern their NHI population from those that do not. The difference is governance intent. The architectural controls that implement this pattern at machine pace are examined in Governing Non-Human Identity at Machine Pace.
The approval decision you make next quarter is a governance decision you will be asked to account for
The NIST NCCoE launched a concept paper in February 2026 specifically on software and AI agent identity and authorization, signaling that existing NIST identity guidance does not yet address agentic pipeline identity as a defined problem space. OWASP’s 2025 Non-Human Identities Top 10 ranks improper offboarding, secret leakage, vulnerable third-party NHI, and insecure authentication as its four highest-risk categories, with each risk amplified when NHIs operate as autonomous AI agents rather than static service accounts. The standards bodies are telling you the map does not exist yet. That does not mean the territory is ungoverned. DORA and the EU AI Act are in force now.
The board’s governance posture on AIgentic deployments needs to shift from “has the security team approved this?” to “can we demonstrate control of the credentials this system will carry?” Those are different questions. The second one is the one a regulator will ask.
Frequently asked questions
What is the board’s specific regulatory exposure if NHI governance is absent?
Under DORA Article 9, EU financial entities must demonstrate least-privilege access controls across all ICT assets. AI agent credentials are ICT assets. An inability to demonstrate that agent credentials were scoped to minimum necessary access is a direct gap against the Article 9 obligation. Under EU AI Act Article 14, high-risk AI systems must support human oversight and the ability to override or halt the system. A fully autonomous agentic pipeline with no human in the decision loop requires legal interpretation before it can be deployed with confidence by organizations subject to the Act. The exposure is not hypothetical: the instruments are in force or entering force in 2026.
How is this different from the IAM governance the organization already does?
The existing IAM program governs human identities at human pace: an employee joins, is provisioned access, changes role, leaves, and is deprovisioned. NHI lifecycle management for agentic pipelines operates at machine pace. An agent may generate and consume dozens of credentials in a single workflow run. Existing IAM tools were not designed for this rate. The CSA and Oasis Security study finding that 92% of organizations are not confident their tools can manage AI and NHI risk2 is a statement about rate and volume, not about policy intent. The governance model needs to account for the speed at which agents create and abandon credentials, not only the policies under which they operate.
What should the board ask management before approving the next AIgentic AI initiative?
Four questions establish whether the governance posture is adequate. First: is there a named human sponsor accountable for each agent’s credentials and their authorized scope? Second: what is the credential offboarding process when this agent is retired or replaced? Third: do the monitoring tools in place detect anomalous NHI behavior, or only human user behavior? Fourth: if this deployment involves a high-risk AI system under EU AI Act Annex III, has the legal team confirmed what Article 14 requires of this specific architecture? These questions will not slow the deployment. They will produce the governance record the board needs to demonstrate it managed the risk it took on.
Who carries the accountability if an AI agent’s credentials are compromised?
Today, in most organizations, no one does. It is not that no one cares. No formal human sponsorship model exists for agent credentials. The credentials were created by the deployment process, scoped by the platform defaults, and never formally assigned to an accountable owner. That is the NHI sprawl problem in its governance form. When a breach occurs through a compromised agent credential, the absence of a named sponsor does not protect the organization from regulatory scrutiny. It exposes the board to the additional question of why no one was accountable.
Footnotes
-
Cloud Security Alliance, “Securing Non-Human Identities in the Age of AI Agents,” RSAC 2025. https://cloudsecurityalliance.org/artifacts/securing-non-human-identities-in-the-age-of-ai-agents-rsac-2025 (45 to 1 lower bound). Entro Labs, “NHI and Secrets Risk Report H1 2025,” enterprise data collected January–June 2025. https://23579664.fs1.hubspotusercontent-na1.net/hubfs/23579664/Assets/EL-The-NHI-Secrets-Risk-Report-H1-2025.pdf (144 to 1 upper bound in cloud-native deployments). ↩
-
Cloud Security Alliance and Oasis Security, “The State of Non-Human Identity and AI Security,” January 2026. https://cloudsecurityalliance.org/artifacts/state-of-nhi-and-ai-security-survey-report ↩ ↩2
-
Deloitte, “2026 State of AI in the Enterprise.” ↩