Non-Human Identity

Any identity in an enterprise system that is not a human user — service accounts, API keys, OAuth tokens, machine certificates, and now agent-bound credentials. Outnumber human identities at typical enterprises by 10× to 50×.

Agent-mode deployments multiply the NHI count again. Each agent that calls a tool needs an identity; each cross-agent delegation creates a new credential boundary. Most enterprise IAM stacks were not designed for this volume or for the dynamic provisioning agents require. NHI hygiene is the procurement question vendors most often have no answer for.

Articles that analyse this term

• AI agent contract exit clauses: 8 provisions for 2026

Primary sources

• Permiso Security. The State of Non-Human Identity (annual report)
• OWASP. Non-Human Identity Top 10