Non-Human Identities: the control gap behind AI agents
This article explains what non-human identities are, why every second AI agent runs unmonitored, what 2026 studies reveal about the control gap and the five steps organisations use to secure machine identities.
Non-human identities are machine identities such as service accounts, API keys, tokens and the credentials of AI agents. Agentic AI multiplies them, because every agent creates new credentials when it calls tools and interfaces. According to the Gravitee Report 2026, 50 percent of all active AI agents run without monitoring. A KnowBe4 survey from July 2026 shows that 62 percent of companies deploy autonomous agents, while 48 percent of executives admit that use is not governed. Machine identities outnumber human users by 45 to 1 on average, and up to 144 to 1 in cloud-native environments, and 80 percent of identity incidents already run through compromised non-human identities. For organisations in the EU, the topic coincides with the EU AI Act, NIS2 and DORA. The way out of the gap is not a new product but an operating process: inventory identities, grant least privilege per autonomy level, use short-lived credentials, monitor at runtime and revoke identities that are no longer needed.
Why the control gap appears now
AI agents moved from pilots into production in 2026, and that is exactly where the gap opens. Every agent needs its own credentials, permissions and interfaces. It becomes its own machine identity, a non-human identity. These identities grow faster than oversight can follow.
For you as a decision-maker, the question is no longer whether agents are in use, but whether you know which identities they create and what those are allowed to do. According to the Gravitee Report 2026, 50 percent of all active agents run without any monitoring. That is half the estate, not an edge case.
- The maturity of agentic systems jumped from 8 to 64 percent within a year, according to one market assessment. Control does not keep that pace.
- A Technology Radar from July 2026 puts it plainly: agents go into production, and governance does not keep up.
- The general governance question is covered in the piece on the AI agent governance gap. Here the focus is narrower, on operational identity and access security.
What non-human identities are
Non-human identities are machine identities that access systems on their own. They are not new, but agentic AI multiplies them quickly. A single agent calls tools, opens interfaces and creates tokens, keys and service accounts along the way.
- Machine identities outnumber human users by 45 to 1 on average, and up to 144 to 1 in cloud-native environments.
- 16 percent of organisations do not track the creation of AI-related identities at all. What you do not know, you can neither secure nor revoke.
- In 2025, 24 million leaked machine identity credentials were found on GitHub, and 70 percent of the older finds were still valid.
How large the control gap really is
The current numbers from July 2026 paint a clear picture: deployment runs ahead of oversight. Organisations put agents into production without adding rules, inventory or monitoring. That is the majority, not the exception.
Identity assurance for an AI world scored 4.46 out of 5 among CISOs, the second-highest priority for 2026, because agents act at machine speed and expand identity complexity faster than existing systems can accommodate.
- 50 percent of all active AI agents run without monitoring. An unmonitored agent can act without anyone seeing it.
- In a KnowBe4 survey of 250 companies, 62 percent deploy autonomous agents, yet 48 percent of executives admit the use is not officially governed and 64 percent of employees bypass security protocols for speed.
- Gartner estimates that agents bypassing human software users could threaten up to 234 billion US dollars in SaaS revenue by 2030. The stakes reach well beyond security.
Why AI agents sharpen the identity question
Agents act at machine speed and chain actions without waiting for a human to approve each step. Classic identity management is not built for that, because it assumes a small number of slowly changing human accounts.
An agent can reach several services in seconds and pass on permissions that no one checked individually. If one credential is compromised, the damage is immediate and broad, not the result of a slow manual chain.
- IANS analyst Jake Williams calls the Model Context Protocol the AI security issue of 2026, because immature OAuth and delegation patterns create new exposure.
- 80 percent of identity incidents already run through compromised non-human identities such as service accounts and API keys. How agents themselves become an entry point is shown in the piece on agentic AI as an attack surface .
- 91.6 percent of exposed secrets are still valid five days after the affected organisation is notified. Between discovery and remediation sits a dangerous gap.
European perspective
For organisations in the EU, the topic coincides with dense regulation. Identity and access controls are obligations under NIS2, DORA and the GDPR, while the EU AI Act sets requirements for high-risk uses. Anyone deploying agents needs the evidence of permissions and logs anyway.
- Deloitte research finds a familiar pattern: adoption of agentic AI outpaces governance, with roughly 27 percent using it at least moderately but only 19 percent holding mature governance.
- The Cyber Resilience Act requires detailed software bills of materials from December 2027. That raises the evidence burden for deployed components and their identities.
- The European Commission presented a technological sovereignty package on 3 June 2026. Digital independence and secure control over one's own systems move up the agenda. The regulatory frame for critical operators is described in the piece on NIS2 and the KRITIS umbrella law .
Challenges and risks
The topic has two sides, and the critical one belongs in the picture. Part of the market practises agent washing, relabelling simple chatbots or automations as agents. At the same time Gartner warns that the opposite fails too: uniform governance applied to every agent alike.
- Agent washing: Gartner estimates that only about 130 of thousands of vendors deliver genuine agentic capability. Skip the check, and you end up securing something other than you think.
- Cancellations: Gartner expects over 40 percent of agentic AI projects to be cancelled by the end of 2027, mostly over cost, unclear value and weak risk controls, not the models.
- Uniform control: Treating every agent with the same strictness stalls the value. A read-only agent needs different rights than one that triggers payments. What is needed is graded permissions, not blanket bans.
- Remediation gap: As long as leaked secrets stay valid for days, even the best inventory helps little. Without fast rotation and revocation, the response stays too slow.
Why many pilots never reach production despite good technology is set out in the piece on the rebuild era of AI agents .
What organisations should do now
The way out of the control gap is not a new product but an operating process for machine identities. It starts with a full inventory and ends with the controlled revocation of identities that are no longer needed. In between sit least privilege, short-lived credentials and continuous runtime monitoring.
Five priority steps
-
Inventory
Record all identities, human and machine, including the tokens and keys agents create. What is not in the inventory cannot be protected.
-
Least privilege per autonomy level
Grant role-based access matched to the agent's autonomy level. A read-only agent gets less than one that acts.
-
Short-lived credentials
Use tokens with short validity and automatic rotation, so a leaked secret quickly becomes worthless and the remediation gap shrinks.
-
Runtime monitoring
Log agent activity and check it in real time for anomalies, so no agent runs unmonitored and misuse shows up early.
-
Controlled revocation
Shut down identities that are no longer used in a controlled way and map the process to the EU AI Act, NIS2 and DORA. Repeat the steps continuously, do not file them once.
How controls compare across AWS, Microsoft and Anthropic is shown in the piece on AI agent governance by provider . Only inventory, permissions and monitoring together give a reliable picture.
Further reading
Frequently asked questions
Non-human identities are machine identities that access systems on their own. They include service accounts, API keys, OAuth tokens, machine certificates and the credentials of AI agents. Every agent that calls tools or uses interfaces creates such identities. In many organisations they outnumber human users by 45 to 1 on average, and up to 144 to 1 in cloud-native environments.
According to the Gravitee Report 2026, 50 percent of all active AI agents run without monitoring. Agents act at machine speed and chain actions without a human approving each step. If a credential is compromised, an agent can reach many systems in a short time. 80 percent of identity incidents already run through compromised non-human identities such as service accounts and API keys.
A KnowBe4 survey from July 2026 with 250 respondents shows that 62 percent of companies deploy autonomous AI agents, while 48 percent of executives admit that use is not officially governed. 64 percent of employees bypass security protocols to complete tasks faster. Deployment clearly runs ahead of oversight.
The path is an operating process for machine identities: inventory all identities, grant least privilege matched to the agent's autonomy level, use short-lived credentials with automatic rotation, monitor agent activity in real time and revoke identities that are no longer needed in a controlled way. These steps repeat continuously and map to the EU AI Act, NIS2 and DORA.
Identity and access controls are obligations under NIS2, DORA and the GDPR, while the EU AI Act sets requirements for high-risk uses. The Cyber Resilience Act requires detailed software bills of materials from December 2027. Organisations deploying AI agents need the evidence of permissions and logs anyway, so it pays to build identity control in from the start.