NHI and Agentic Risk: Blast Radius Engineering

Fourth post in the series. Focus here: how compromise spreads when reused identities and weak isolation turn local incidents into systemic ones.

The OWASP overlap centers on boundaries. NHI8 (environment isolation) maps to ASI07 (insecure inter-agent communication) and ASI08 (cascading failures). NHI9 (NHI reuse) maps to ASI08 and ASI04 (supply chain). When the same identity spans environments or services, a single breach gains reach without any new exploit.

Convenience enables cascades. Shared NHIs across dev, test, and prod remove the last hard boundary. Broad network egress and tool access make it easy to hop between systems. Inter-agent workflows without clear trust boundaries let low-trust agents inherit high-trust paths.

A dev agent uses a shared service identity that also works in production. The agent is asked to validate a dataset and accidentally triggers a production tool call. The call is authorized, so it succeeds. The incident looks like a bad agent decision, but the root cause is identity reuse across environments.

The controls are straightforward: isolate identities by environment and by tool, default-deny egress for agent tool calls, and track provenance for tool supply chains and agent-to-agent links so you can see where trust is inherited.

Cascading failure is rarely surprising in hindsight. It starts with identity reuse and poor isolation.