惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
S
Securelist
P
Privacy & Cybersecurity Law Blog
Scott Helme
Scott Helme
T
Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
L
LINUX DO - 热门话题
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
量子位
博客园 - Franky
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
T
Troy Hunt's Blog
N
News | PayPal Newsroom
Google Online Security Blog
Google Online Security Blog
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
小众软件
小众软件
P
Palo Alto Networks Blog
Spread Privacy
Spread Privacy
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
WordPress大学
WordPress大学
L
Lohrmann on Cybersecurity
L
LINUX DO - 最新话题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Last Watchdog
The Last Watchdog
S
Security @ Cisco Blogs
P
Privacy International News Feed
Last Week in AI
Last Week in AI
Microsoft Security Blog
Microsoft Security Blog
T
Tailwind CSS Blog
博客园_首页
云风的 BLOG
云风的 BLOG
V
Vulnerabilities – Threatpost
D
DataBreaches.Net
Recent Announcements
Recent Announcements
酷 壳 – CoolShell
酷 壳 – CoolShell
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
罗磊的独立博客
Engineering at Meta
Engineering at Meta
Forbes - Security
Forbes - Security
T
Tenable Blog

informationweek

2026 tech company layoffs How Sedgwick scaled AI in legacy claims workflows InformationWeek Podcast: CTOs on using AI in regulated spaces How top CIOs are measuring the real ROI of IT automation What AI must learn from Roosevelt, conservation and 1929 Experian's chief innovation officer gleans AI gains with startup collab ETS CIO on competing with AI startups 'running with scissors' Before the next VMware: How CIOs prepare for vendor shocks The strategic alignment powering cyber-resilient organizations The AI infrastructure bottleneck is becoming a CIO problem InformationWeek Podcast: CTOs on reining in rogue AI agents Workplace equity in the age of AI Why and how to implement an AI asset rationalization strategy Why companies are shifting toward private AI models AI agents in automation: When to build, when to buy Navan CTO AI on trial: The Workday case that CIOs can The AI infrastructure boom is coming for enterprise budgets How CIOs can manage LLM costs: A practical guide What CIOs miss when buying vertical SaaS software InformationWeek Podcast: How CTOs balance AI and their teams Whirlpool, Duke Energy, Cleveland Clinic CIOs on scaling AI Where CIOs get stuck rebuilding the enterprise: What 'Rewired' reveals As AI makes projects harder to track, will CIOs need new controls? Why disaster recovery plans fail in geopolitical crises A silent erosion of enterprise AI by data poisoning Priceline CTO prioritizes engineers able to 'hold a room and a roadmap' InformationWeek Podcast: When CTOs need to restart IT projects Wayfair CTO maps agentic path across digital and brick-and-mortar commerce The AI contract gaps the Google-Pentagon deal just made visible Anthropic's Mythos forces a rethink of vulnerability management Outsourcing contracts weren't built for AI. CIOs are renegotiating now The AI spend hangover companies didn't plan for The power of CIO networking in the competitive AI world Why CIOs see AI projects stall: Speed without structure kills scale IT leaders should never let a good crisis go to waste SFO's digital twin maps airport operations from the curb to takeoff CIOs caught in the middle as AI startups disrupt vertical Saas Submit an IT Leadership column to InformationWeek Podcast: Rightsizing AI frameworks to avoid failure modes The invisible labor crisis inside IT: AI work the org chart can't see Why AI teams treat training data like capital Ask the Experts: How CIOs can identify and overcome cultural barriers to innovation Nobody told legal about your RAG pipeline -- why that's a problem Meta's new 'AI Zuckerberg' is a mirror for every C-suite Will the music stop for AI's funding dance? Rethink tech talent: Local is the smartest play for IT InformationWeek Podcast: Catching errors in AI-powered code CIOs can combat talent scarcity with AI-augmented leadership -- Gartner How Bellevue, Wash., is applying AI to streamline a broken permitting process Ignore the hype: Smarter tech bets at speed of change Who controls the fix? Colorado's repair fight tests CIO power Ask the Experts: The red flags that signal an AI project isn't worth pursuing The hidden high cost of training AI on AI Red Hat's Marco Bill: Resource control is key for AI sovereignty InformationWeek Podcast: New IT architecture, cloud, edge and AI Enterprises need Tier 1 provider relationships to deliver on AI How CIOs run and rebuild the business at the same time in the AI era It's not your tech stack, it's your structure -- fix it Confidential computing resurfaces as security priority for CIOs FinOps: Helpful tool, or a cloud control placebo for CIOs? Cleveland's open data overhaul: From sticky notes to public dashboards As Microsoft expands Copilot, CIOs face a new AI security gap Why build vs. buy doesn't fit modern IT systems InformationWeek Podcast: Is quantum computing slumbering? Your AI vendor is now a single point of failure Vibe coding: Speed without security is a liability A practical guide to controlling AI agent costs before they spiral AI fuels a new wave of technical debt The sunsetting of Sora: A hard lesson in AI portfolio resilience HP pushes broad internal AI use after early productivity gains Why value-based pricing is inevitable InformationWeek Podcast: Safeguarding ecosystems from outsiders Why AI scaling is so hard -- and what CIOs say works Humans are the North Star for AI-native workplaces -- Gartner How IT leaders build a culture for what comes next Compliance costs risk widening the AI gap AI-driven layoffs add new demands on CIOs to prove value AI transformation: Early wins are not enough for CIOs Why CIOs can't let users wait on IT Memory shortage doesn't have to spell disaster for IT budgets Accelerate AI adoption: 3 reasons for adopting MCP How techno-nationalism is complicating IT resilience and supply chains for CIOs InformationWeek Podcast: Compliance crackdown on AI and BYOD Workday’s AI reset: Agents and the race to remake SaaS Why enterprise AI initiatives keep dying before production Metrics of meaning: What do we really measure in AI? Techno-nationalism is reshaping CIO infrastructure strategy Using AI to pick team leaders -- without crossing legal or ethical lines What Oracle's layoffs reveal about running IT with fewer people Chief AI Officer on course-correcting when AI moves too fast Large enterprises need high-performing networks to scale AI InformationWeek Podcast: When do smaller AI models make sense? The future belongs to AI-driven IT Ways AI supercharges risk awareness and data insights for CIOs How automation prepares you for agentic NetOps Should the CIO, CFO or CEO hold the kill switch on AI? The CIO's new mandate: Redesign work itself Ask the Experts: CIOs say they wouldn’t pull workloads back from the cloud How AI is Reshaping the Enterprise
Non-human identity sprawl is agentic AI's real risk
Nick Nikols · 2026-05-01 · via informationweek

Enterprises have long depended on non-human identities such as service accounts, API keys, OAuth tokens and other credentials that allow services to interoperate inside digital environments. In modern cloud architectures and continuous development pipelines, these identities consistently outnumber human users, yet their governance rarely reflects the scale and authority they now hold.

A recent NIST request is telling. Just weeks into 2026, the organization issued a request for public input on how organizations should securely develop and deploy AI agent systems. The notice comes at a moment when many enterprises are beginning to operationalize agentic AI, embedding systems designed to not just generate outputs, but also interpret instructions, make determinations and carry out actions across applications and infrastructure.

Agentic systems are beginning to be used in production, while the security and governance models intended to provide their guardrails are still being defined. In too many cases, controls are added to these systems after the authority to use them has already been granted, creating an avoidable yet immense risk as agentic AI is adopted within organizations.

Related:AI and connected systems are forcing CIOs and COOs to rethink OT security

Traditional identity programs were built around people. They incorporate structured onboarding, defined roles, periodic reviews and clear accountability to manage human users through the cycle of their access and responsibilities within the enterprise.

But non-human identities (NHIs) are often overlooked by these governance processes. They persist quietly in the background, often are provisioned as part of administrative activities to keep systems running, and are often granted long-term credentials with elevated permissions -- providing rich targets for attackers. As with human identities, there are best practices, such as least-privilege permission assignments and frequent credential rotation, that can help better secure the use of these NHIs. Applying appropriate governance processes to the creation, daily use and ongoing maintenance of NHIs can help ensure secure automation and more effective control.

When automation within enterprises was limited and tightly scoped, this gap may have carried less consequence. Today, it holds far more weight as AI agents are instantiated, execute processes and interact across systems, coordinating workflows and advancing tasks without an integral human role.

When NHIs act, weak controls scale fast

Agentic systems are designed to take action, retrieve data, interact with internal systems and move workstreams forward within the permissions they are granted. A recent report from Deloitte found that nearly three-quarters of 3,325 leaders surveyed plan to deploy agentic AI within two years. As those systems interact across applications and data sets, the scope of their authority matters even more.

When permissions are overly broad or poorly governed, AI agents amplify those weaknesses at machine speed. Sensitive data may have greater exposure than intended, workflows may extend beyond their original design assumptions, and minor configuration gaps can cascade into larger operational risk. The issue is not simply the risk of breach; it's the scale at which unintended outcomes may occur.

The measures needed to secure AI agents are not conceptually new. Many of the principles applied to human users -- least privilege, defined ownership, periodic review -- remain directly applicable to NHIs. What changes is the consistency and coordination required when those principles are extended to non-human actors operating continuously and at scale.

In practice, that includes:

  • Define: Assigning each agent a unique identifier and establishing tightly scoped, purpose-driven permissions for both human and non-human actors supporting agent workflows.

  • Assess: Assigning clear ownership and ongoing review processes for NHIs to prevent orphaned identities, stale credentials and permission sprawl.

  • Enforce: Protecting sensitive data through encryption and persistent policy controls that remain enforced, regardless of how or where the data is accessed.

  • Detect: Monitoring access patterns and behavioral access changes to surface unusual activity or drift from expected norms.

  • Automate: Enabling automated response capabilities that can restrict access or suspend credentials when risk thresholds are met, without disrupting essential operations.

For security leaders, this is less about inventing new frameworks and more about extending existing governance disciplines to a class of actors that operates continuously at scale. Identity defines what an agent is allowed to do, making disciplined permissions and constant visibility into these identities essential to maintaining control as automation expands.

Security that doesn't tax velocity

Enterprises are investing in agentic systems to streamline operations, reduce manual effort and accelerate decision-making. The objective of identity and access management strategies for agents is not to slow that momentum, but to ensure that expansion happens in a controlled and sustainable way to not scale risk.

When agents are securely developed, provisioned with clearly bounded authority and monitored alongside the data they access, organizations gain confidence to expand deployment and scale automation innovation with their business. Risk doesn't disappear, but it becomes more visible and governable, rather than compounding quietly over time until it becomes too significant to easily contain.

NIST's request for input reflects an industry still formalizing standards around agentic systems, but organizations can't afford to wait for finalized frameworks before acting. Agentic AI is already advancing into core business processes. How successfully it scales will depend on whether governance evolves in parallel -- ensuring agents operate within defined identity boundaries, with data protection intentionally integrated at every stage.

About the Author

Nick Nikols

OpenText Cybersecurity

Nick Nikols is vice president of identity and access management products at OpenText Cybersecurity. He has more than 25 years of experience in the software industry, both in developing industry-leading identity and cybersecurity solutions and as an industry analyst conducting research and helping clients with issues ranging from consumer identity and securing cloud environments to access governance and secure DevOps.

Nick has held leadership positions at companies including CA Technologies, Quest Software and Novell. He also served as a research director at Gartner and held research roles at TechVision Research and Burton Group.