An IT security engineer stands in the aisle between two rows of dark server racks with blinking status lights, looking down the data hall corridor.
SECURITY & DATA PROTECTION

Non-Human Identities: the control gap behind AI agents

AI agents have moved from pilots into production. Each agent needs its own credentials and becomes its own machine identity. These non-human identities grow faster than the control over them.

This article explains what non-human identities are, why every second AI agent runs unmonitored, what 2026 studies reveal about the control gap and the five steps organisations use to secure machine identities.

Summary

Non-human identities are machine identities such as service accounts, API keys, tokens and the credentials of AI agents. Agentic AI multiplies them, because every agent creates new credentials when it calls tools and interfaces. According to the Gravitee Report 2026, 50 percent of all active AI agents run without monitoring. A KnowBe4 survey from July 2026 shows that 62 percent of companies deploy autonomous agents, while 48 percent of executives admit that use is not governed. Machine identities outnumber human users by 45 to 1 on average, and up to 144 to 1 in cloud-native environments, and 80 percent of identity incidents already run through compromised non-human identities. For organisations in the EU, the topic coincides with the EU AI Act, NIS2 and DORA. The way out of the gap is not a new product but an operating process: inventory identities, grant least privilege per autonomy level, use short-lived credentials, monitor at runtime and revoke identities that are no longer needed.

50 %
AI agents unmonitored
Gravitee Report 2026
62 %
companies using AI agents
KnowBe4, July 2026
48 %
use not governed
executives, KnowBe4
45:1
machine per human identity
up to 144:1 cloud-native
80 %
identity incidents via NHIs
Cloud Security Alliance
over 40 %
agent projects cancelled
by end 2027, Gartner

Why the control gap appears now

AI agents moved from pilots into production in 2026, and that is exactly where the gap opens. Every agent needs its own credentials, permissions and interfaces. It becomes its own machine identity, a non-human identity. These identities grow faster than oversight can follow.

For you as a decision-maker, the question is no longer whether agents are in use, but whether you know which identities they create and what those are allowed to do. According to the Gravitee Report 2026, 50 percent of all active agents run without any monitoring. That is half the estate, not an edge case.

  • The maturity of agentic systems jumped from 8 to 64 percent within a year, according to one market assessment. Control does not keep that pace.
  • A Technology Radar from July 2026 puts it plainly: agents go into production, and governance does not keep up.
  • The general governance question is covered in the piece on the AI agent governance gap. Here the focus is narrower, on operational identity and access security.

What non-human identities are

Non-human identities are machine identities that access systems on their own. They are not new, but agentic AI multiplies them quickly. A single agent calls tools, opens interfaces and creates tokens, keys and service accounts along the way.

A non-human identity is a machine identity such as a service account, an API key, an OAuth token, a machine certificate or the credentials of an AI agent, used to access other systems without direct human action.
A hand holds a small black access token in front of a reader beside a server cabinet door, with a grille and blue and yellow indicator lights behind it.
Every identity is a key. What holds for access to the server cabinet holds digitally for every agent: without controlled credentials, access stays unchecked.
  • Machine identities outnumber human users by 45 to 1 on average, and up to 144 to 1 in cloud-native environments.
  • 16 percent of organisations do not track the creation of AI-related identities at all. What you do not know, you can neither secure nor revoke.
  • In 2025, 24 million leaked machine identity credentials were found on GitHub, and 70 percent of the older finds were still valid.

How large the control gap really is

The current numbers from July 2026 paint a clear picture: deployment runs ahead of oversight. Organisations put agents into production without adding rules, inventory or monitoring. That is the majority, not the exception.

Identity assurance for an AI world scored 4.46 out of 5 among CISOs, the second-highest priority for 2026, because agents act at machine speed and expand identity complexity faster than existing systems can accommodate.

IANS Research,
  • 50 percent of all active AI agents run without monitoring. An unmonitored agent can act without anyone seeing it.
  • In a KnowBe4 survey of 250 companies, 62 percent deploy autonomous agents, yet 48 percent of executives admit the use is not officially governed and 64 percent of employees bypass security protocols for speed.
  • Gartner estimates that agents bypassing human software users could threaten up to 234 billion US dollars in SaaS revenue by 2030. The stakes reach well beyond security.

Why AI agents sharpen the identity question

Agents act at machine speed and chain actions without waiting for a human to approve each step. Classic identity management is not built for that, because it assumes a small number of slowly changing human accounts.

An agent can reach several services in seconds and pass on permissions that no one checked individually. If one credential is compromised, the damage is immediate and broad, not the result of a slow manual chain.

  • IANS analyst Jake Williams calls the Model Context Protocol the AI security issue of 2026, because immature OAuth and delegation patterns create new exposure.
  • 80 percent of identity incidents already run through compromised non-human identities such as service accounts and API keys. How agents themselves become an entry point is shown in the piece on agentic AI as an attack surface .
  • 91.6 percent of exposed secrets are still valid five days after the affected organisation is notified. Between discovery and remediation sits a dangerous gap.

European perspective

For organisations in the EU, the topic coincides with dense regulation. Identity and access controls are obligations under NIS2, DORA and the GDPR, while the EU AI Act sets requirements for high-risk uses. Anyone deploying agents needs the evidence of permissions and logs anyway.

Two colleagues stand at a glass wall in an office arranging coloured sticky notes while aligning on their approach.
Governance is alignment work first. Clarifying responsibilities and rules early avoids forcing identity controls into live operations later.
  • Deloitte research finds a familiar pattern: adoption of agentic AI outpaces governance, with roughly 27 percent using it at least moderately but only 19 percent holding mature governance.
  • The Cyber Resilience Act requires detailed software bills of materials from December 2027. That raises the evidence burden for deployed components and their identities.
  • The European Commission presented a technological sovereignty package on 3 June 2026. Digital independence and secure control over one's own systems move up the agenda. The regulatory frame for critical operators is described in the piece on NIS2 and the KRITIS umbrella law .

Challenges and risks

The topic has two sides, and the critical one belongs in the picture. Part of the market practises agent washing, relabelling simple chatbots or automations as agents. At the same time Gartner warns that the opposite fails too: uniform governance applied to every agent alike.

  • Agent washing: Gartner estimates that only about 130 of thousands of vendors deliver genuine agentic capability. Skip the check, and you end up securing something other than you think.
  • Cancellations: Gartner expects over 40 percent of agentic AI projects to be cancelled by the end of 2027, mostly over cost, unclear value and weak risk controls, not the models.
  • Uniform control: Treating every agent with the same strictness stalls the value. A read-only agent needs different rights than one that triggers payments. What is needed is graded permissions, not blanket bans.
  • Remediation gap: As long as leaked secrets stay valid for days, even the best inventory helps little. Without fast rotation and revocation, the response stays too slow.

Why many pilots never reach production despite good technology is set out in the piece on the rebuild era of AI agents .

What organisations should do now

The way out of the control gap is not a new product but an operating process for machine identities. It starts with a full inventory and ends with the controlled revocation of identities that are no longer needed. In between sit least privilege, short-lived credentials and continuous runtime monitoring.

Flow diagram with five steps: inventory, least privilege per autonomy level, short-lived credentials, runtime monitoring and controlled revocation, as a continuous loop.
Control loop for machine identities. Five steps work together and repeat continuously, rather than being run once and filed away.

Five priority steps

  1. Inventory

    Record all identities, human and machine, including the tokens and keys agents create. What is not in the inventory cannot be protected.

  2. Least privilege per autonomy level

    Grant role-based access matched to the agent's autonomy level. A read-only agent gets less than one that acts.

  3. Short-lived credentials

    Use tokens with short validity and automatic rotation, so a leaked secret quickly becomes worthless and the remediation gap shrinks.

  4. Runtime monitoring

    Log agent activity and check it in real time for anomalies, so no agent runs unmonitored and misuse shows up early.

  5. Controlled revocation

    Shut down identities that are no longer used in a controlled way and map the process to the EU AI Act, NIS2 and DORA. Repeat the steps continuously, do not file them once.

How controls compare across AWS, Microsoft and Anthropic is shown in the piece on AI agent governance by provider . Only inventory, permissions and monitoring together give a reliable picture.

Further reading

Frequently asked questions

What are non-human identities? +

Non-human identities are machine identities that access systems on their own. They include service accounts, API keys, OAuth tokens, machine certificates and the credentials of AI agents. Every agent that calls tools or uses interfaces creates such identities. In many organisations they outnumber human users by 45 to 1 on average, and up to 144 to 1 in cloud-native environments.

Why are unmonitored AI agents a security risk? +

According to the Gravitee Report 2026, 50 percent of all active AI agents run without monitoring. Agents act at machine speed and chain actions without a human approving each step. If a credential is compromised, an agent can reach many systems in a short time. 80 percent of identity incidents already run through compromised non-human identities such as service accounts and API keys.

How many organisations do not govern their use of AI agents? +

A KnowBe4 survey from July 2026 with 250 respondents shows that 62 percent of companies deploy autonomous AI agents, while 48 percent of executives admit that use is not officially governed. 64 percent of employees bypass security protocols to complete tasks faster. Deployment clearly runs ahead of oversight.

How do organisations secure the identities of AI agents? +

The path is an operating process for machine identities: inventory all identities, grant least privilege matched to the agent's autonomy level, use short-lived credentials with automatic rotation, monitor agent activity in real time and revoke identities that are no longer needed in a controlled way. These steps repeat continuously and map to the EU AI Act, NIS2 and DORA.

Which rules apply in the EU? +

Identity and access controls are obligations under NIS2, DORA and the GDPR, while the EU AI Act sets requirements for high-risk uses. The Cyber Resilience Act requires detailed software bills of materials from December 2027. Organisations deploying AI agents need the evidence of permissions and logs anyway, so it pays to build identity control in from the start.