The 2026 implementation cut on non-human identity for AI agents resolves on three factors (existing IAM relationship, deployment topology, cross-platform integration burden) across six credible control planes: Okta NHI, Microsoft Entra ID Workload Identities, Auth0, Keycloak, SPIFFE/SPIRE for Kubernetes-native deployments, and AWS IAM Roles Anywhere for hybrid AWS-anchored deployments. The procurement-defensible audit substrate captures three event classes regardless of vendor: identity issuance, authentication, and authorisation.

Implementation extension of AM-029 (the conceptual case for NHI for AI agents). Decision-tree piece mapping deployment topology to control plane. Cadence 60-day. Trigger conditions: material vendor product release across the six options; EU AI Act / NIST AI RMF / ISO 42001 regulatory development imposing specific NHI requirements; industry-standards convergence on cross-platform NHI federation. Sister claims: AM-029, AM-126 (red-team), AM-043 (OWASP Agentic Top 10), AM-046 (Article 12 audit substrate).