← All Insights
Agent Identity & Trust

Non-Human Identities: Agentic AI’s New Frontier of Cybersecurity Risk

Read the original on World Economic Forum ↗

The Summary

The WEF warns that non-human identities — AI agents, service accounts, tokens — are now the fastest-growing and least-governed part of the enterprise attack surface. It cites that 51% of organizations report no clear ownership of AI identities, and that a tiny fraction of NHIs control a disproportionate share of cloud permissions.

Why It Matters for AI Harness

"No clear ownership of AI identities" is a direct violation of the doctrine's first law: Agents Are Identities, Not Tools. An agent with no owner, no defined scope, and no revocation path is an ungoverned actor by definition. The fix starts at Agent Identity & Lifecycle — every agent provisioned, scoped, owned, and revocable with the same rigor as a human identity, and stricter constraints appropriate to its autonomy.

Maps to the doctrine

This story illustrates the following principles of the independent AI Harness Doctrine:

MissionHarness.ai curates third-party reporting and adds original doctrine analysis. The summary and commentary above are our own; the original article is the property of World Economic Forum and is linked, not reproduced. Doctrine terms link to the independent standard at aiharnessdoctrine.org.