I talked to a security team last year that had done everything right on paper. Six months of work cataloging non-human identities across their entire environment. Service accounts. API keys. Machine credentials. AI agent tokens. All of it organized in a spreadsheet that would make a compliance auditor weep with joy, color-coded risk tiers, rotation schedules, clear ownership lines. They were genuinely proud of the result.
Then an AI agent queried a production database full of customer records it had zero business accessing. The credentials were not stolen. Nothing was misconfigured in the way you would normally think about misconfiguration. Authentication worked exactly as designed. Nobody had ever defined what the agent was not permitted to do.
Security Boulevard recently ran a piece on why practitioners feel good about where AI security technologies are headed, and non-human identity management featured heavily in that optimism. Fair enough. Better tooling is shipping. Zero-trust thinking is finally extending to machines and not just people. But here is the catch: that optimism only makes sense if we are being honest about where the real exposure lives. And most organizations? They are focused on the wrong half of the equation.
NHIs Aren't New. The Scale Is.
Machine identities are older than most of us in this industry. Service accounts in Active Directory go back decades. SSH keys on jump boxes. API tokens wired into third-party integrations. Nothing new here.
What changed is the sheer volume. And more importantly, the autonomy.
CyberArk's Identity Security Threat Landscape Report pegs the ratio of non-human identities to humans in the enterprise at 45:1. Let that number register for a second. Forty-five machine identities for every single person on payroll. And these are not the static service accounts you used to throw in a vault and forget about. An increasing share of them are AI agents, entities that reason through multi-step workflows, chain API calls across systems, and execute actions with real downstream consequences. An agent running a RAG pipeline does not sit around waiting for instructions. It figures out what to do next, pulls data, invokes tools, and acts on conclusions. Usually faster than any human reviewer could keep up with.
So the optimism about NHI security is not unfounded. Discovery tooling has gotten better. Secrets management handles rotation. Zero-trust architectures are beginning to hold machines to the same standard as humans. All progress. But almost all of it falls into a single category: knowing what identities you have and making sure their credentials stay current.
Necessary? Absolutely. Sufficient? Not even close.
The Lifecycle Is Table Stakes
Give credit where it is earned. NHI lifecycle management has genuinely improved. Discovery, classification, rotation, decommissioning. The tooling is there, the frameworks exist, and if your organization has invested in this work, you are ahead of most peers.
But consider this. Knowing every employee who carries a badge tells you nothing about which rooms they can walk into. You could have a flawless employee directory with photo IDs, departments, start dates, and badge expiration dates, and still have absolutely no control over who wanders into the server room at midnight.
That is exactly where most NHI security programs stop.
Astrix Security reported that 60% of NHI credentials are either stale or carry far more privilege than the workload requires. Sixty percent. Organizations create these identities, sometimes even track them, and then never revisit what those identities are actually allowed to do. Broad access gets provisioned because it is the path of least resistance, and nobody circles back to tighten the scope because the agent "seems fine." We watched the exact same pattern play out with human IAM a decade ago. The difference now is that these identities operate at machine speed, around the clock, with no one monitoring their behavior.
Most conversations about NHI security end at "we know what we have, and we rotate our secrets." That is authentication hygiene. It is not authorization.
What Is the Authorization Gap for Machine Identities?
Take a look at most NHI frameworks and you will notice they orbit the identity itself. Does it exist in our inventory? Are its credentials up to date? Is someone listed as the owner? Important questions. Also the easy ones. The harder question, the one almost nobody is answering well: what is this identity allowed to do right now, given the specific context of this request?
Think about an AI agent inside a RAG pipeline. It holds read access to a document store. Okay. But which documents? Under what conditions? For what purpose? Can it pull customer financial records while processing a marketing query? Can it read PII from one dataset and write it into another? Can it do this at 3 AM on a Sunday when zero humans are reviewing output?
If your honest answer is "I'm not sure," then this is not a future problem. You have it right now.
Verizon's DBIR consistently reports that around 31% of breaches involve stolen credentials. As NHIs become a bigger and bigger share of the credential surface inside enterprise environments, that statistic starts to carry a very different weight. We are not just talking about a human password getting phished. We are talking about a machine identity with wide-open access getting compromised, or being used exactly as it was provisioned, which happens to include far more access than the workload ever needed.
Authentication answers the question of who is at the door. Authorization answers what they can touch once they walk through it. Most organizations solved the first question for their NHIs and moved on. The second question is where the actual risk sits.
Why Does Decision-Centric Security Matter for Non-Human Identities?
RBAC was built for humans. Someone gets a role. The role grants access to a set of resources. That access remains more or less static until somebody manually changes the role assignment. When you had a few thousand employees and the resources in question were SharePoint sites and file shares, this model worked fine.
It falls apart completely with 10,000 NHIs firing API calls at machine speed.
Roles are simply too blunt an instrument for machine identities. An AI agent's context shifts with every single request. Whether it should be permitted to take a particular action depends on what it is doing, what data it is accessing, what happened earlier in the session, and which policies apply to that exact combination of actor, action, and resource. You cannot capture that in a static role definition. You need policy evaluated at the moment of decision, not assigned once at provisioning time and never revisited.
We built EnforceAuth for exactly this problem. Policy-as-code covering both human and non-human identities, evaluated in real time with sub-50ms decision latency. We built on OPA with native Cedar and Zanzibar compatibility because large enterprises already carry policy investments in those ecosystems, and asking them to rip everything out is a nonstarter. Write policy once, enforce it everywhere. Applications, infrastructure, data, AI workloads. One fabric. Not four disconnected tools held together with hope.
The shift we are describing is fundamental. Move from role-centric security to decision-centric security. Stop asking "what role does this identity have?" and start asking "is this specific action, by this specific identity, authorized right now?"
What "We've Got NHI Covered" Actually Looks Like
Whenever someone tells me their NHI strategy is handled, I put five questions on the table:
- Can you discover and classify every non-human identity in your environment?
- Have you written fine-grained policies that define what each identity can do, not just which systems it can reach but which actions and which data it can touch?
- Are those policies enforced at runtime, at the point of each decision?
- Do you maintain a continuous audit trail for every action taken by every NHI?
- Is all of this managed through a single policy fabric, or scattered across a handful of tools that do not share context?
Most organizations answer "yes" to the first question without hesitation. The second, maybe partially. After that, the room goes quiet.
Covering NHIs for real means treating them as first-class entities in your authorization architecture. Not bolted-on identities crammed into an RBAC model designed for humans, but workloads with their own policy lifecycle: discovery, classification, fine-grained policy definition, runtime enforcement, and audit. Governed from a single control plane. Enforced consistently across every layer.
Common Questions About Non-Human Identity Authorization
What is the difference between NHI authentication and NHI authorization?
Authentication confirms a machine identity is who it claims to be, through credentials like API keys, certificates, or tokens. Authorization determines what that identity is permitted to do once authenticated. Most NHI security programs have invested heavily in the first and barely touched the second, which is where the actual risk exposure sits.
Why doesn't RBAC work well for non-human identities?
RBAC assigns static roles designed around human job functions. Non-human identities operate at machine speed, shift context with every request, and exist at ratios of 45:1 compared to human users. Static roles cannot account for what an AI agent is doing right now, what data it is accessing, or whether conditions have changed since the role was assigned.
How does policy-as-code improve NHI governance?
Policy-as-code means your authorization rules are versioned in git, tested in CI/CD, and reviewed in pull requests like any other infrastructure code. For NHIs, this approach scales to thousands of machine identities without the manual overhead of maintaining role assignments. It also creates an auditable trail of policy changes that maps directly to compliance requirements under frameworks like SOC 2 and DORA.
Can existing NHI discovery tools close the authorization gap?
Discovery tools tell you what identities exist and whether their credentials are current. They do not enforce what those identities can do at runtime. Closing the authorization gap requires fine-grained policy evaluated at the point of each decision, not just an accurate inventory. A perfect guest list does not tell you which rooms each guest is allowed to enter.
Discovery Is Not Governance
That security team from the opening of this piece? They did the hard part. Built the inventory. Cataloged everything. And they still got burned, because an inventory is not a control.
The practitioners quoted in that Security Boulevard article have good reason to feel optimistic. NHI security as a discipline is more mature than it was two years ago. Tooling is better. Awareness is real. But that optimism needs to be pointed at authorization, not just identity management. Knowing what you have is step one. Governing what those identities can actually do is the step most organizations have not taken yet.
If your NHI strategy ends at discovery, we should probably talk about what comes after.
About EnforceAuth
EnforceAuth is the AI Security Fabric for the agentic era. We provide decision-centric authorization across applications, infrastructure, data, and AI workloads. Write policy once. Enforce everywhere.