Skip to content
AM-134
← Back to ledger
Holding·last review5 May 2026

The 2026 implementation cut on non-human identity for AI agents resolves on three factors (existing IAM relationship, deployment topology, cross-platform integration burden) across six credible control planes: Okta NHI, Microsoft Entra ID Workload Identities, Auth0, Keycloak, SPIFFE/SPIRE for Kubernetes-native deployments, and AWS IAM Roles Anywhere for hybrid AWS-anchored deployments. The procurement-defensible audit substrate captures three event classes regardless of vendor: identity issuance, authentication, and authorisation.

Implementation extension of AM-029 (the conceptual case for NHI for AI agents). Decision-tree piece mapping deployment topology to control plane. Cadence 60-day. Trigger conditions: material vendor product release across the six options; EU AI Act / NIST AI RMF / ISO 42001 regulatory development imposing specific NHI requirements; industry-standards convergence on cross-platform NHI federation. Sister claims: AM-029, AM-126 (red-team), AM-043 (OWASP Agentic Top 10), AM-046 (Article 12 audit substrate).

Published
5 May 2026
Last reviewed
5 May 2026
Next review
+16d· 4 Jul 2026
Source piece
Agent identity at the IAM and Kubernetes layer: the 2026 control-plane decision tree for non-human identityRead piece →
Primary sources
Permalink/holding/AM-134/
Embed this claimiframe + oEmbed
HTML iframe
Paste-the-URL (Substack, Medium, Notion, WordPress)

The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.

Watch this claim

Email-me when AM-134's status, next review date, or correction log changes. One email per change. No newsletter subscription, no other mail.

The claim: The 2026 implementation cut on non-human identity for AI agents resolves on three factors (existing IAM relationship, deployment topology, cross-platform integration burden) across six credible control planes: Okta NHI, Microsoft Entra ID Workload Identities, Auth0, Keycloak, SPIFFE/SPIRE for Kubernetes-native deployments, and AWS IAM Roles Anywhere for hybrid AWS-anchored deployments. The procurement-defensible audit substrate captures three event classes regardless of vendor: identity issuance, authentication, and authorisation.

About this register

The Reporting register tracks claims published from articles addressed to senior enterprise IT leaders — CIOs, IT directors, heads of platform. Claims are reviewed on a 30–90 day cadence; each review either reaffirms the claim, marks one substantive part as Partial, or marks it Not holding once the underlying evidence has been overtaken.

Recent corrections in Reporting

  • AM-008 · Partial · 17 Jun 2026

    Source-text figure re-review: Google's 2024 Environmental Report reports a 28% year-over-year increase to 8.1 billion gallons, not the 33% (from a 6.1 billion 2023 base) asserted at publish. The 8.1B 2024 figure and the Microsoft WUE 0.30 L/kWh / 39%-improvement figure are unchanged and verified. Article corrected to 28% and the unsupported 6.1B base removed; the claim text retains the original figure with this correction per the Holding-up protocol.

  • AM-132 · Partial · 10 Jun 2026

    One of four legs unanchored on re-review. The claim text attributes '12% of deployments clearing 300%+ ROI with 88% at or below break-even at 12-18 months' to the Stanford DEL 2026 Enterprise AI Playbook. Full-text verification on 10 Jun 2026 found no such figure in that source: the playbook (Pereira, Graylin, Brynjolfsson, Apr 2026) studies 51 successful deployments by design and contains no ROI distribution, no 300%-plus cohort, and no break-even measurement point (full finding at AM-029, correction of 10 Jun 2026). The only verified figure carrying the same 12/88 numerals is IDC research with Lenovo (via CIO.com, Mar 2025): roughly 88% of AI proof-of-concepts never reach production and roughly 12% graduate — a pilot-to-production graduation metric, not an ROI distribution. The Gartner 28%, McKinsey 23%/17%, and MIT NANDA 95% legs verify; they support a small high-performing tail and a large struggling body, but none documents the two-peak bimodal shape the claim asserts. Status Up -> Partial.

  • AM-129 · Partial · 10 Jun 2026

    One of three read-against anchors unanchored on re-review. The claim text cites 'Stanford Digital Economy Lab Enterprise AI Playbook (12/88 bimodal ROI distribution at 12-18 months)' and frames the realistic ROI band around 'the highest-discipline 12% cohort'. Full-text verification on 10 Jun 2026 found the playbook contains no 12/88 distribution, no bimodal ROI shape, and no 12-18-month ROI measurement point (full finding at AM-029, correction of 10 Jun 2026). The claim's core negative finding — no mid-market enterprise has produced a documented +240% ROI in 90 days under audited conditions — is unaffected; the McKinsey State of AI 2025 and MIT NANDA legs verify and continue to support it. The '12% cohort' framing has no verifiable referent. The only verified figure carrying the 12/88 numerals is IDC's pilot-graduation finding (roughly 88% of AI proof-of-concepts never reach production; via CIO.com, Mar 2025), a different metric. Status Up -> Partial.

Reviews coming up in Reporting

  • AM-063 · Holding · next +9d (27 Jun 2026)

    AI agents executing financial transactions need a four-control bundle (action-approval gates by blast radius, kill-swit…

  • AM-061 · Holding · next +9d (27 Jun 2026)

    Production agentic-AI costs at scale routinely run multiples of POC projections, and a layered optimisation programme c…

  • AM-003 · Partial · next +9d (27 Jun 2026)

    GPT-5 Pro's tiered-subscription model forces enterprises to classify problems by computational difficulty — $200/month…