AI agents now outnumber human employees by 10 to 50 times in cloud-native organizations. Most companies still govern identity like it's 2015.
Walk into a cloud-native enterprise in 2026 and ask how many identities have access to production. The number that comes back will undercount by an order of magnitude. The CISO usually quotes the active employee count. Maybe a few hundred contractors. Reality looks different. For every human in the directory, there are 10 to 50 non-human identities running with credentials, tokens, or service accounts on production data. AI agents are the fastest-growing slice. A 2026 GitGuardian report found 84% of organizations lack effective NHI governance. The boards have started asking. Most CISOs don't have an answer yet.
This is the next frontier of identity governance. The 2025 playbook will not catch it.
Key takeaways:
Non-human identities outnumber human identities by 10 to 50 times in cloud-native enterprises. Every AI agent, service account, automation script, and CI/CD job is an NHI.
A 2026 GitGuardian survey found 84% of organizations lack effective NHI governance. The same survey reported boards are now asking about NHI access at the same rate as human access.
A 2026 industry survey found 71% of CISOs say agents have access to core systems, but only 16% govern that access effectively. The gap is the governance gap.
NHI governance failures cause real breaches: leaked tokens, overprivileged service accounts, agents inheriting human credentials. Most are caught after, not before.
The fix is task-level least privilege, expiring credentials per agent, and treating every agent-to-agent call as an external API call. None of those exist in default identity platforms today.
What is a non-human identity and why is it the new identity problem?
A non-human identity is any account, token, key, or credential that authenticates a system instead of a person. It includes service accounts, API keys, OAuth tokens, certificates, machine-to-machine credentials, and the credentials used by AI agents. In a cloud-native enterprise, NHIs outnumber human identities by 10 to 50 times. Most identity governance programs were built for humans, so most NHIs operate with controls that haven't been audited the way human accounts are.
The problem accelerated in 2025 and 2026 because AI agents made the proliferation visible. Marketing teams spin up agents that authenticate against six SaaS tools. Engineering teams deploy agents that hold production database credentials. Sales teams authorize agents to read CRM records and write to Slack. Each agent is one NHI. Most companies have hundreds, sometimes thousands, that nobody approved through a formal review.
GitGuardian's 2026 report quantified the gap. 84% of organizations lack effective NHI governance. A separate report at RSAC 2026 found 71% of CISOs say agents have access to core systems but only 16% govern that access effectively. Boards have started raising the issue, partly because regulators have started raising it. The director-level question now is, "How is non-human access governed?" That question used to land on the desk of an SRE. It now lands on the CISO.
Why does traditional IAM fail for AI agents?
Three structural assumptions break. Identity isn't stable, behavior isn't stable, and access patterns aren't stable. Traditional IAM was designed around the idea that an identity is a person whose role and access stay relatively constant over a quarter or a year. AI agents don't behave that way. The agent that's running a customer service workflow today might be running a billing workflow next week, with new credentials, new scope, and new behavior the IAM system was never told to expect.
Identity isn't stable. A human identity has one person attached. An AI agent identity is a credential attached to a system that can change behavior between calls. The same agent can act as a summarizer, a writer, and an executor in three minutes. Each role would, in a sane IAM model, get a different identity. Most agents share one.
Behavior isn't stable. A human's normal looks similar week to week. An AI agent's normal changes every time its instructions, model version, or memory state changes. The behavioral baseline expires fast. Behavioral analytics tools wired for humans flag the agent's normal as suspicious, while missing the actually suspicious patterns.
Access patterns aren't stable. A human opens the same five apps every day. An AI agent's access pattern shifts based on the prompt. An agent asked to summarize a contract needs read access. An agent asked to file the contract needs write access. Most companies grant the broader access by default and never narrow it.
The fix isn't to retrofit human IAM onto agents. The fix is to treat NHIs as a separate governance category with its own controls, its own audit cadence, and its own risk models.
What does effective NHI governance look like in 2026?
A useful NHI governance program covers five capabilities. Discovery, ownership, scope, expiration, and audit. Without all five, you're tracking NHIs, not governing them. Each capability has a specific implementation pattern that scales.
Discovery. Every NHI in the environment is in an inventory. Includes service accounts, API keys, OAuth tokens, certificates, AI agent credentials, and CI/CD secrets. The inventory is continuous, not annual. New NHIs surface within seven days through network logs, API gateway logs, and finance audits.
Ownership. Every NHI has a named human owner. Not a team. One person who is accountable for what the NHI does. If the NHI causes a breach, the owner is the person who answers for it. If you can't name the owner, the NHI shouldn't be in production.
Scope. Every NHI has a documented scope of what it can access, initiate, or change. Scope by action, not by system. "Can read contact records" is scope. "Has access to the CRM" is not scope.
Expiration. Every NHI credential has an expiration date and an automated rotation schedule. No long-lived secrets. No tokens that survive 12 months without review. No service accounts that nobody touched since 2023.
Audit. Every action the NHI takes is logged with enough context to replay the decision. Inputs, reasoning, action, result. Without that audit trail, you can't prove what the NHI did or didn't do. You can't satisfy a regulator. You can't run forensics after a breach.
These five capabilities are the core of every NHI governance program that actually works. The order matters. Discovery comes first. Without it, the other four can't be applied consistently.
How do you handle the agent-to-agent identity problem?
Most agentic architectures inherit the highest privilege in the chain by default. Nobody decided that. It's just what happens when an orchestrator agent calls a worker agent and passes a token. The worker now has the orchestrator's full access. The fix is to treat every agent-to-agent call as an external API call with its own authentication, scope, and audit.
In 2026, agent-to-agent communication is one of the fastest-growing privilege escalation paths in cloud-native environments. An attacker who compromises a low-privilege agent can use the agent's network of trust relationships to reach high-privilege systems through other agents. The compromised agent doesn't need to exploit a vulnerability. It just needs to ask another agent to do something the second agent has permission to do.
Authenticate every agent-to-agent call. No shared tokens. No inherited privileges. The receiving agent verifies the sending agent's identity at every call.
Scope every agent-to-agent call. The receiving agent only acts within the scope of the specific request. Past calls don't grant future privileges.
Audit every agent-to-agent call. Both sides log the request, the reasoning, the action, and the result. If a compromise is suspected, you can replay the chain and identify the entry point.
Treat the agent-to-agent network as an external API surface. Vendor security review. Rate limiting. Anomaly detection. The same controls you'd apply to a third-party API belong on the calls between your own agents.
Most identity platforms in 2026 don't support task-level scoping or agent-to-agent authentication out of the box. Write the policy anyway. Make the technology match it.
How should boards report on NHI risk?
Three numbers matter. The total NHI count, the percentage with named owners, and the percentage with task-level scope. Boards have started asking for these numbers because regulators have. A useful board report adds a fourth: the count of NHIs that took action outside their documented scope in the last quarter, with the remediation status of each.
Total NHI count. Discovery completeness. If the number isn't growing or shrinking quarter over quarter, the discovery process probably isn't working. Healthy environments see continuous churn.
Percentage with named owners. Accountability completeness. The percentage should be 100. Anything less is a backlog of NHIs that nobody is accountable for.
Percentage with task-level scope. Least privilege completeness. Most organizations start at single-digit percentages and grow over time. The trend matters more than the absolute number.
Out-of-scope action count. The most useful operational signal. Each one is either a misconfiguration, an honest scope drift, or a compromise. The investigation tells you which. Boards want to see the count, the categorization, and the time-to-remediate trend.
These four numbers fit on one slide. They tell the board whether the company is governing NHIs or just naming them.
Frequently asked questions
Are AI agents a new kind of NHI or just another service account?
Both. AI agents authenticate the way service accounts do, but they reason and adapt the way human users do. The hybrid creates governance gaps that pure service accounts don't have. The right model is to treat AI agents as a sub-category of NHI with additional behavioral controls layered on top.
How do we discover NHIs we don't already know about?
Three concurrent approaches. Pull every credential from your secrets manager and reconcile against the active services in your environment. Scan network logs for traffic to known AI provider endpoints from systems without an inventory record. Audit your finance system for AI-platform charges that don't match a registered NHI. The overlap surfaces almost every shadow NHI.
Why is task-level scope different from role-based access?
Role-based access grants a fixed set of privileges to an identity. Task-level scope grants privileges only for the specific task currently running, with privileges expiring when the task ends. Roles are persistent. Tasks are ephemeral. AI agents need ephemeral, because their tasks change minute to minute.
What about NHIs in third-party SaaS tools?
Same governance program. The NHI inside Salesforce, Snowflake, or any SaaS tool that authenticates against your data is part of your inventory. Most organizations forget the SaaS-side identities entirely. Regulators have started asking specifically about them.
Where does the Agentic Trust Framework fit into NHI governance?
The Agentic Trust Framework provides the five elements every AI agent needs: identity, behavioral monitoring, capability boundaries, audit trail, and recovery. NHI governance is the broader category. The ATF is what you apply to the AI agent subset of NHIs to handle the behavioral and reasoning differences.
The bottom line
Non-human identities outnumber humans 10 to 50 times in cloud-native enterprises. AI agents are the fastest-growing slice. The IAM playbook from 2015 doesn't cover them. The 2026 board is starting to ask. The 2027 regulator will ask harder. Discovery, ownership, scope, expiration, and audit. Five capabilities. Get them in place before someone asks you to prove they exist.
How many non-human identities are running in your environment right now, and who is named as the human owner of each one?
Want to see where your organization stands? The free Agentic Trust Framework assessment at verifiedagents.ai takes ten minutes. For a deeper read, check out Agentic AI + Zero Trust: A Guide for Business Leaders and the Agentic Trust Framework. For the plain-language guide to AI agent security terms, see AI Agent Security Explained for Business Leaders.
