Ep # 12 - When AI Agents Inherit Risk: The NHI Problem Expands

Alexis Moyse is Mr NHI's Human Identity In The Hot Seat

Assuming NHI risk is under control while AI agents are already in production isn't a security strategy — it's a liability waiting to surface. Alexis Moyse, from Clarity Security, faces 10 rapid-fire questions on whether organisations are taking non-human identity risk seriously enough, whether the identity market consolidation is actually improving security outcomes, and whether traditional IGA platforms have any chance of keeping up with autonomous agents operating at scale. Can agentic AI truly be governed — or is control an illusion we're comfortable believing? Will AI agents eventually need to be fired? And is the industry drawing a sharp enough line between agentic AI security and NHI security, or collapsing two distinct problems into one? From market dynamics to vibe coding, this clip covers the ground most security conversations are still circling. 🔑 Key Takeaways: - NHI risk isn't being taken seriously — organisations are accepting breaches and moving on rather than making changes - Traditional IGA is compliance-first, not security-first — it won't adapt effectively to a world of autonomous agents - CISOs are aware the threat is coming but we've never handled service accounts, OAuth, or permissions at scale — what makes anyone think agents will be different In this clip, Alexis Moyse, from Clarity Security, delivers sharp, unfiltered answers on NHI governance, identity market consolidation, and why the assumption that CISOs are ready for autonomous agent fleets deserves serious scrutiny. From The Non-Human & AI Identity Podcast 🎙️ 00:00 Introduction 00:16 Are Organizations Taking NHI Risk Seriously Enough?01:16 Identity Market Consolidation & New Vendors 02:41 IAM for AI vs AI for IAM03:41 Can Agentic AI Really Be Governed? 05:01 Will AI Agents Need to Be Fired?06:31 Can Traditional IGA Adapt to AI Agents? 08:11 Is Agentic AI Security the Same as NHI Security? 09:36 Will Agentic AI Cause Mass Unemployment? 11:21 Are Agents Being Deployed Without Security Guardrails? 12:26 Are CISOs Ready for Autonomous Agents? 13:51 Vibe Coding: Opportunity or Risk? #CyberSecurity #NonHumanIdentity #IAM #AIAgents #IdentitySecurity #IGA #AgenticAI #shorts

Ep # 12 - When AI Agents Inherit Risk: The NHI Problem Expands

Most security teams are still retrofitting human identity frameworks onto AI agents. It won't hold. Agents that spawn sub-agents, inherit domain admin permissions through accidental OAuth consent, and operate non-deterministically aren't just a new identity type — they're a governance collapse waiting to happen, and the misconfiguration that triggers it is probably already in your environment. In this episode, Alexis Moyes, CEO of @ClaritySecurity, breaks down why static entitlements and upfront permission grants can't govern autonomous agent behaviour — and what real-time, intent-based authorisation actually requires in practice. What's covered: - Why organisations are repeating every mistake they made with machine identities — only faster and at scale - How agents inherit super-privileged access through a single accidental admin OAuth consent - The shift from posture management to real-time risk: why governance needs to operate alongside data flows, not after the fact - Agent lifecycle management: why "firing" an agent is a real security requirement and almost no one is doing it - Why IAM for AI is more urgent than AI for IAM — and what that distinction means for your security architecture - What Clarity Aperture 2.0 does differently: non-deterministic misconfiguration detection, attack path visibility, and one-click remediation. Essential listening for CISOs, IAM architects, and anyone building or governing agentic AI in production. Key MomentsIntroduction & Meet Alexis Moyse [00:00–01:00] Mr NHI's Human Identity in the Hot Seat [01:00–16:35] How AI Agents Inherit and Amplify Existing NHI Risks [16:35–20:20] Securing Autonomous Agents: Least Privilege, Segregation of Duties & Just-in-Time Access [20:20–25:35] The Future of Agent Identity: Real-Time Authorisation and Intent-Based Security [25:35–30:10] Governing AI Agents: Practical Strategies Organisations Can Implement Today [30:10–34:15] Clarity Security's Vision for Continuous Identity Governance [34:15–37:20] Risk Assessment, Attack Paths & Securing Humans, NHIs and Agents [37:20–39:50] Advice for CISOs: Preparing for Agentic AI and NHI Security Challenges [39:50–42:50] Identiverse, Industry Trends & Final Thoughts [42:50–45:25] 📚 NHI Knowledge Centre: nhimg.org 🔗 Learn more about Clarity Security: claritysecurity.com 📧 Contact: teamclarity@claritysecurity.com 🎟️ Non-Human & AI Identity Summit at Identiverse — June 15 Subscribe below and Follow Us On : LinkedIn – https://www.linkedin.com/company/non-human-identity-management-group TikTok – https://www.tiktok.com/@mr_non_human_identity #cybersecurity #ai #artificialintelligence #nonhumanidentity #iam #aiagents #zerotrust #airisks #agenticsecurity #claritysecurity

Neil McGlennon is Mr NHI's Human Identity In The Hot Seat

AI agents are evolving into powerful enterprise identities — yet most organisations still lack the governance frameworks needed to control them securely.Neil McGlennon, Global Field CTO at SailPoint, responds to 10 rapid-fire questions focused on AI identity governance, non-human identities, and the growing security risks tied to autonomous systems.As AI agents gain access to sensitive environments, the questions become harder to ignore: should they be governed like human employees or managed like software? Are businesses prioritising innovation speed over identity controls? And when an AI identity is breached, who is accountable for the consequences?🔑 Key Takeaways:• AI agents are creating a new class of identities that challenge traditional governance models• The way organisations classify AI agents impacts access control, auditing, and lifecycle governance• Many enterprises are accelerating AI adoption without fully addressing identity security risksIn this clip, Neil McGlennon explores the intersection of AI, identity governance, and enterprise security — and why organisations need to rethink how trust is established in the era of autonomous systems.#CyberSecurity #SailPoint #IdentityGovernance #AIAgents #ZeroTrust #IAM #NonHumanIdentity #IdentitySecurity

Michael Trites is Mr NHI's Human Identity In The Hot Seat

Enterprises are deploying AI agents at machine speed — but governance and identity security aren’t keeping pace.Michael Trites, Senior VP of Global Sales at Aembit, tackles 10 fast-paced questions on the rise of AI-driven identities, the expanding NHI threat landscape, and why organisations are repeating familiar security mistakes as autonomous systems scale.Should AI agents be governed like employees with assigned accountability, or treated purely as software identities? Are security teams giving AI systems privileged access too quickly? And when an AI agent is compromised, does anyone truly own the incident response?🔑 Key Takeaways:• AI agents are becoming highly privileged non-human identities with limited oversight• Existing IAM and PAM frameworks were not designed for autonomous AI access patterns• The rush to operationalise AI is creating governance gaps that attackers are beginning to exploitIn this short-form discussion, Michael Trites shares perspectives on identity-first security, machine access governance, and why AI agents are rapidly becoming one of the biggest emerging challenges in cybersecurity.#CyberSecurity #Aembit #IdentitySecurity #NHI #AIAgents #MachineIdentity #ZeroTrust #IAM

Stanislas Crépin is Mr NHI's Human Identity In The Hot Seat

AI agents are quickly becoming one of the largest unmanaged attack surfaces in enterprise environments — and most organisations still lack the controls to secure them effectively.Stanislas Crepin, Senior Global Director Sales Engineering at GitGuardian, answers 10 rapid-fire questions on the growing identity and secrets management risks surrounding AI agents and NHIs. From access governance to accountability, this discussion highlights where organisations are falling behind as agentic AI adoption accelerates.Do AI agents require the same trust validation as employees? Are companies unknowingly exposing sensitive systems in the rush to innovate? And as machine identities multiply, are security teams losing visibility over who — or what — has privileged access?🔑 Key Takeaways:• AI agents are introducing a new wave of non-human identities that traditional security models struggle to manage• Treating AI identities like software alone creates dangerous governance blind spots• Speed-to-deployment pressures are weakening security processes across agentic AI initiativesIn this clip, Stanislas Crepin breaks down the growing overlap between AI governance, identity security, and secrets exposure — and why organisations must rethink how they secure autonomous systems.#CyberSecurity #GitGuardian #NonHumanIdentity #SecretsManagement #AIAgents #IdentitySecurity #ZeroTrust #IAM