← All Insights
Agent Identity & TrustGovernance & Runtime

The Non-Human Identity Governance Vacuum

Read the original on Cloud Security Alliance ↗

The Summary

A CSA whitepaper argues that agentic AI introduces a qualitatively new identity-governance problem: unlike static service accounts, agents act autonomously, call external APIs, spawn sub-agents, and acquire permissions at runtime. Existing NHI tooling assumes static credentials and can't see or constrain this dynamic, delegated behavior.

Why It Matters for AI Harness

Spawning sub-agents and acquiring permissions at runtime is exactly the scenario the doctrine's fifth architectural plane — Multi-Agent Trust & Delegation — exists to govern. When an agent delegates to another agent, Trust Does Not Travel: the receiver inherits the task, not the authority, and every handoff is an independent trust boundary. Static-credential governance was never designed for actors that re-negotiate their own privileges mid-mission.

Maps to the doctrine

This story illustrates the following principles of the independent AI Harness Doctrine:

MissionHarness.ai curates third-party reporting and adds original doctrine analysis. The summary and commentary above are our own; the original article is the property of Cloud Security Alliance and is linked, not reproduced. Doctrine terms link to the independent standard at aiharnessdoctrine.org.