Non-Human Identities: Agentic AI’s New Frontier of Cybersecurity Risk
Read the original on World Economic Forum ↗The Summary
The WEF warns that non-human identities — AI agents, service accounts, tokens — are now the fastest-growing and least-governed part of the enterprise attack surface. It cites that 51% of organizations report no clear ownership of AI identities, and that a tiny fraction of NHIs control a disproportionate share of cloud permissions.
Why It Matters for AI Harness
"No clear ownership of AI identities" is a direct violation of the doctrine's first law: Agents Are Identities, Not Tools. An agent with no owner, no defined scope, and no revocation path is an ungoverned actor by definition. The fix starts at Agent Identity & Lifecycle — every agent provisioned, scoped, owned, and revocable with the same rigor as a human identity, and stricter constraints appropriate to its autonomy.
Maps to the doctrine
This story illustrates the following principles of the independent AI Harness Doctrine:
MissionHarness.ai curates third-party reporting and adds original doctrine analysis. The summary and commentary above are our own; the original article is the property of World Economic Forum and is linked, not reproduced. Doctrine terms link to the independent standard at aiharnessdoctrine.org.