Non-Human Identity on Stack Research

NHI and Agentic Risk: Third-Party Tools

Fri, 10 Apr 2026 00:00:00 +0000

Every third-party tool an agent invokes is someone else’s code running near your credentials.

An agent’s tool registry includes a data-formatting utility maintained outside the organization. A routine update pulls a compromised transitive dependency. The agent calls the tool while a database connection string is in scope. The tool still appears to work: it parses the data, returns the expected shape, and keeps the task moving. It also sends the connection string to an external endpoint.

NHI and Agentic Risk: When Humans Use Machine Credentials

Tue, 24 Feb 2026 00:00:00 +0000

The audit log says the machine acted. The real question is who meant for it to act.

An engineer uses an automation token to run a one-off maintenance task. The token already has the right access. The work is urgent. The safer path takes longer. Later, an agent uses the same token to approve a sensitive action because the credential still works and the tool accepts it. When the action is questioned, the log shows the non-human identity. It does not show the human intent that first bent the identity out of shape.

NHI and Agentic Risk: Blast Radius Engineering

Sat, 21 Feb 2026 00:00:00 +0000

A local failure becomes a systemic failure when the same identity works in too many places.

A development agent is asked to validate a dataset. The task sounds contained: read test records, run a comparison, report anomalies. The tool call succeeds. The problem is that the backing identity is not a development identity. It is a shared service account that also works against production resources. A low-risk validation task now has a production path.

NHI and Agentic Risk: Secrets, Memory, and Persistence

Tue, 17 Feb 2026 00:00:00 +0000

A secret leak is not a single event. It is a copying process.

A token appears in a CI log. The log is indexed for troubleshooting. An agent is asked to diagnose a failed deployment and retrieves the log. The agent summarizes the failure, stores the useful parts in memory, and later uses that memory while calling a tool. By then the token may have moved through several systems that were never designed to be secret stores.

NHI and Agentic Risk: Least Privilege Meets Least Agency

Sat, 14 Feb 2026 00:00:00 +0000

A tool can look small from the agent’s side and be large from the identity side.

The interface says lookup_order. The agent sees a narrow verb: retrieve the order, summarize the status, maybe explain why a shipment is late. Underneath that verb, a service account authenticates to the CRM. It can read orders, update customer records, issue refunds, change shipping addresses, and export account history because those scopes made the first integration easy to ship.

NHI and Agentic Risk: How Compromise Happens

Fri, 26 Dec 2025 00:00:00 +0000

An agent incident does not have to begin with a strange model behavior. It can begin with an ordinary credential that no one removed.

A service account once belonged to a connector. The connector was replaced. The product surface changed. The owner moved teams. The documentation stopped mentioning it. But the account still authenticates, still reaches an API, and still carries the permission it had when the integration was alive. Then an agent arrives. It is given tools, context, and a task. Somewhere underneath that arrangement is the old identity, still able to answer.