Conversation

Notices

1. Embed this notice
   Dan Kennedy :verified: :verified: :verified: :verified: (danielkennedy74@infosec.exchange)'s status on Friday, 12-Sep-2025 06:16:31 JST Dan Kennedy :verified: :verified: :verified: :verified:

   Nonhuman identities (NHIs) — such as machine identities, service accounts and application credentials — have always been a distinctive part of identity management, where approaches focus on persistent credentials for human users rather than emphasizing ephemeral access for machine users. With some reports indicating that NHIs outnumber human identities 50 to one, managing the sprawl of these identities, including permissions that maintain the principle of least privilege and knowing who owns what, has always been a challenge for security teams. Yet, NHIs are a vital component of automation strategies. Some key challenges include a lack of visibility into their activity and related difficulties in auditing, over-permissioning, and even application security issues, such as secrets management. The rise of agentic AI, especially agents acting on behalf of users, promises to make an already complex issue even more complicated. In fact, agent behavior blurs the line between human users and NHIs. Two-fifths (41%) of organizations are already using third-party security tools to help manage NHIs, 18% are running proof-of-concept projects, and another 15% plan to implement them within the next six months.

   https://blog.451alliance.com/agentic-ai-complicates-an-already-complicated-picture-around-non-human-identities/

   • mark repeated this.
   • Embed this notice
     Greg Bell (ferrix@mastodon.online)'s status on Friday, 12-Sep-2025 06:16:31 JST Greg Bell

     in reply to

     • Wendy Nather

     @danielkennedy74 @wendynather security industry will come up with a whole new name for "service accounts" instead of going to therapy.

     Customers next: "It's not an NHI because I just told the service to use *my* account"