Non-Human Identity (NHI) Security

Service accounts, API keys, tokens, and now AI agents outnumber your human users many times over - and most of them have no owner, never rotate, and are wildly over-permissioned. Here's how to get NHI under control, built on the identity foundations.

· · Identity · View source on GitHub

For every human who logs into your cloud, there are dozens - often hundreds - of identities that are not people. Service accounts, API keys, OAuth tokens, database logins, certificates, cloud roles, workload identities, and now AI agents all authenticate on their own. Most of them have no owner, never rotate, and can do far more than they need to. This guide is the practitioner's map of non-human identity (NHI) security: what it is, why it exploded, and a concrete path to getting it under control.

It is for cloud security engineers, IAM architects, detection engineers, and platform teams. It builds on the identity fundamentals in the IAM and cloud identity guide and pairs with CIEM and CNAPP for the entitlement side of the problem.

On this page

  1. What a non-human identity actually is
  2. Why NHI exploded
  3. The core problems: sprawl, ownership, over-permissioning, secrets
  4. What NHI failure looks like in real breaches
  5. Discovery and inventory
  6. Where CIEM, secrets management, and ITDR fit
  7. Workload identity federation and secretless access
  8. The AI-agent wrinkle
  9. Detecting NHI abuse
  10. A practical maturity path
  11. The NHI tooling market

What a non-human identity actually is

A non-human identity is any principal or credential that authenticates without a person behind it at the moment of use. That is a wide tent, and deliberately so. In a typical cloud and SaaS estate, NHIs include:

The common thread is that a machine, script, pipeline, or model is using the credential, so the usual human guardrails - a login prompt, MFA, a manager who offboards you, an annual access review - either do not apply or are quietly skipped. That gap is the entire subject of this page.

Why NHI exploded

NHIs are not new. What changed is the sheer count and the rate of creation. Four forces stacked on top of each other:

The practical result is that in most environments NHIs outnumber human identities many times over, and unlike employees, they are created constantly and deprovisioned almost never.

The core problems: sprawl, ownership, over-permissioning, secrets

NHI risk is not one problem. It is five that reinforce each other.

Sprawl

You cannot secure what you cannot count, and almost no one can count their NHIs. They are created by developers, automation, and self-service SaaS connections, spread across clouds and hundreds of apps, with no central registry.

No ownership

A service account created for a migration three years ago is still there, still privileged, and the person who made it has left. When no human owns an identity, no one rotates its secret, questions its permissions, or deletes it. Ownership is the single most under-appreciated NHI control.

Over-permissioning

NHIs are routinely granted far more than they use, because scoping is hard and broad grants "just work." Wildcard IAM policies and admin-equivalent service accounts are common. This is the same least-privilege problem covered in IAM, amplified because there is no human to notice the excess.

Long-lived secrets

Static keys that never expire are the defining NHI risk. A key committed to a repo, baked into an image, or pasted into a config file can sit valid for years. When it leaks, there is no MFA and no session timeout to save you. Secret handling is covered further in data security.

No lifecycle

Human identities have a lifecycle: joiner, mover, leaver. NHIs usually have only "created." No rotation cadence, no re-certification, no offboarding. The fix for every problem above starts with giving NHIs a real lifecycle.

What NHI failure looks like in real breaches

These are not hypotheticals. Several of the most instructive cloud breaches are, at their core, NHI failures.

The pattern repeats: a credential that outlived its purpose, was scoped too broadly, or was never protected by a second factor. Browse the full breach timeline and you will see identity, human and non-human, at the root of most of it.

Discovery and inventory

Every NHI program starts with an inventory, and the good news is you can build a useful first pass from native APIs before buying anything. Work source by source:

Then correlate. The two highest-value derived attributes are last used (dormant credentials are cleanup candidates and stealthy risk) and owner (map each NHI to a human or team). Anything you cannot attribute an owner to goes on a remediation list. Dedicated NHI tools exist largely because this correlation across clouds and SaaS is tedious to do by hand and needs to stay current, but do not let tooling gate the first inventory.

Where CIEM, secrets management, and ITDR fit

NHI security overlaps three adjacent categories, and it helps to be precise about the boundaries.

CIEM answers "is this over-permissioned?"

Cloud Infrastructure Entitlement Management analyzes effective permissions and right-sizes them toward least privilege. It is the entitlement lens on your NHIs and is usually delivered as part of a CNAPP. NHI security uses CIEM findings but adds the questions CIEM does not: who owns this identity, is its secret rotated, and should it exist at all. See CSPM vs CNAPP.

Secrets management answers "where does the secret live and how does it rotate?"

A secrets manager stores credentials securely, brokers access to them, and can rotate them. It is essential plumbing, but a secrets manager full of long-lived keys is still a pile of long-lived keys. NHI security asks whether that secret needs to exist at all, which is where secretless approaches come in below.

ITDR answers "is this identity being abused right now?"

Identity Threat Detection and Response watches identity behavior for signs of compromise: impossible travel, anomalous API usage, a dormant service account suddenly active. For NHIs this is where detection lives, and it is covered more in the detection section.

None of these replaces the others. A mature program uses CIEM to right-size, a secrets manager (or federation) to handle credentials, and ITDR to catch abuse, all sitting on top of a current NHI inventory.

Workload identity federation and secretless access

If long-lived static secrets are the root NHI risk, the strongest fix is to stop having them. That is the idea behind secretless access: a workload proves its identity with a short-lived, verifiable token and exchanges it for access, so there is no standing key to leak.

OIDC-based workload identity federation

The most widely deployed pattern uses OpenID Connect. A workload gets a short-lived OIDC identity token from a trusted issuer, and the cloud is configured to trust that issuer for specific subjects. Common examples:

A conceptual GitHub-to-AWS trust looks like this: the workflow requests an OIDC token, and AWS STS exchanges it for temporary role credentials.

# GitHub Actions requests an OIDC token, then:
aws sts assume-role-with-web-identity \
  --role-arn arn:aws:iam::ACCOUNT:role/deploy \
  --web-identity-token "$OIDC_TOKEN" \
  --role-session-name ci-run
# No static AWS key ever stored in the repo.

SPIFFE and SPIRE

For workload-to-workload trust that is not tied to a single cloud, SPIFFE (Secure Production Identity Framework For Everyone) defines a standard identity format, the SPIFFE ID, and short-lived SVID credentials, and SPIRE is its reference implementation that attests workloads and issues those identities. The concept is the same as OIDC federation - a strongly attested, short-lived identity instead of a shared secret - applied uniformly across a fleet. It pairs naturally with service mesh mTLS and with zero trust, where every workload connection is authenticated rather than assumed-safe by network location.

Brokered access

A third pattern puts a broker in the middle: the workload authenticates to a broker with its attested identity, and the broker mints just-in-time, short-lived credentials to the target. This is the model some NHI vendors lead with, and it extends secretless access to targets that do not natively speak OIDC.

The point is not any single technology. It is a direction: move NHIs from long-lived shared secrets toward short-lived, attested, verifiable identities.

The AI-agent wrinkle

AI agents are the fastest-growing new class of NHI, and they break several assumptions at once. An agent that reads tickets, queries a database, and files a change needs credentials to do all three, so it is an NHI - but an unusual one:

The governance answer is to treat every agent, and ideally every tool connection an agent uses, as a first-class NHI: its own scoped, short-lived credential (via federation or a broker, not a shared static key), a named human or team owner, least-privilege scopes per tool, and monitoring on its actions. Do not let an agent silently inherit a human's session or reuse one over-privileged service account. The AI and ML security guide goes deeper on prompt injection and agent-specific threats, and the Promptware case is worth reading for how agent manipulation plays out.

Detecting NHI abuse

Prevention reduces the surface; detection catches what slips through. NHIs are actually easier to baseline than humans because their behavior is narrow and repetitive - a pipeline calls the same handful of APIs from the same places every day. Deviations stand out. High-value signals for a cloud SOC and detection engineering team:

This is the NHI-flavored view of ITDR, and it feeds directly into incident response. Two things make NHI detection actionable: rich last-used and source telemetry (so you can baseline), and the ownership mapping from your inventory (so an alert has someone to route to). Without an owner, even a perfect detection produces an alert no one can action.

A practical maturity path

You do not fix NHI in one quarter. A workable progression:

  1. Inventory. Build the cross-cloud and SaaS NHI inventory from native APIs. Capture last-used for every credential. This alone surfaces the worst dormant and unowned identities.
  2. Assign ownership. Map every NHI to a human or team. Anything unattributable becomes a remediation candidate. Ownership is what makes every later step possible.
  3. Kill the obvious risk. Delete dormant identities, remove committed and embedded secrets, and revoke unused OAuth grants. This is the fastest blast-radius reduction available.
  4. Right-size permissions. Use CIEM and last-used data to trim over-privileged NHIs toward least privilege.
  5. Rotate and manage secrets. Put remaining static secrets behind a secrets manager with automated rotation, so nothing is long-lived by default.
  6. Go secretless where it matters. Replace the highest-value keys with OIDC federation or a broker. Make secretless the default for new workloads and pipelines.
  7. Continuous detection and lifecycle. Stand up ITDR-style monitoring, and give NHIs a real lifecycle: creation standards, periodic re-certification, and deprovisioning.

Most organizations are stuck between steps one and two. If you do nothing else this quarter, get the inventory and assign owners; every other control gets easier once you can name who is responsible for each identity.

The NHI tooling market

A dedicated NHI-security category has emerged, and it is consolidating quickly. The category is listed in the vendor landscape; treat this as a map of approaches, not a ranking, and evaluate against your own environment.

The market is actively consolidating - as of mid-2026 there have been reports of larger security and networking vendors moving to acquire NHI startups - so validate a vendor's independence and roadmap during evaluation. And the usual caveat applies: no single tool is "the best." The CNAPP platforms increasingly fold NHI features in alongside CIEM (disclosure: the site's author works at Wiz), while the specialists go deeper on SaaS and OAuth. Match the tool to where your NHI risk actually concentrates, which your inventory will tell you.

Where next

Start with the identity foundations in IAM and cloud identity, then look at the entitlement side in CSPM vs CNAPP. For the agent angle read AI and ML security, for pipeline credentials see CI/CD security, and study the Microsoft SAS token leak for a real NHI failure. Compare tools in the vendor landscape.

Quick answers

What is a non-human identity?

A non-human identity (NHI) is any credential or principal that authenticates without a person behind it at the moment of use: service accounts, API keys, OAuth tokens and grants, database logins, TLS and signing certificates, cloud IAM roles, workload identities, and increasingly AI agents. NHIs authenticate machine-to-machine and machine-to-SaaS, and in most cloud environments they outnumber human identities many times over.

How is NHI security different from CIEM?

CIEM (Cloud Infrastructure Entitlement Management) focuses on entitlements: who and what can do which actions on which cloud resources, and how to right-size those permissions toward least privilege. NHI security is broader in scope. It covers the full lifecycle of the identity itself, including discovery, ownership, secret rotation, and deprovisioning, and it reaches beyond the cloud control plane into SaaS-to-SaaS OAuth grants, third-party integrations, and API keys. In practice CIEM answers 'is this identity over-permissioned?' while NHI security also answers 'should this identity still exist, who owns it, and is its secret safe?'

How do I discover non-human identities?

Start where the identities live rather than trying to boil the ocean. Pull IAM users, roles, and service accounts from each cloud via the provider APIs; enumerate OAuth grants and connected apps in your major SaaS platforms; scan source control, CI/CD systems, and secret stores for keys and tokens; and correlate by last-used timestamps to find dormant credentials. Dedicated NHI tools automate this correlation across clouds and SaaS, but a first-pass inventory built from native APIs is enough to expose the worst sprawl.

What is workload identity federation and why does it matter for NHI?

Workload identity federation lets a workload prove who it is using a short-lived, verifiable token from a trusted issuer (often an OIDC identity token) and exchange it for cloud access, instead of holding a long-lived key. GitHub Actions to AWS via OIDC, GKE Workload Identity, EKS Pod Identity, and Azure Workload Identity are common examples. It matters because the single biggest NHI risk is long-lived static secrets, and federation removes them: there is no key to leak, steal, or forget to rotate.

Are AI agents a new kind of non-human identity?

Yes. An AI agent that calls tools, queries data, and takes actions needs credentials to do so, which makes it an NHI, but with awkward properties: agents can act at machine speed, their behavior is non-deterministic, and they are often granted broad access so they can be 'helpful.' Treat each agent and each tool connection as a first-class identity with its own scoped, short-lived credential, an owner, and monitoring, rather than letting agents inherit a human's session or share one over-privileged key.

What long-lived secrets should I get rid of first?

Prioritize by blast radius and exposure. Cloud provider access keys (especially long-lived IAM user keys), tokens and keys committed to source control or embedded in container images, OAuth grants to third-party SaaS apps you no longer use, and any credential that has never rotated or has no known owner. Replace the highest-value ones with federation or a broker for secretless access, and put the rest behind a secrets manager with automated rotation.