SecurityQuick Answer. Non-human identities (NHIs) already outnumber human users 82-to-1 in the average enterprise and reach 500-to-1 in some sectors. NHI volume grew 44% between H1 2024 and H1 2025. Agentic AI is now adding a new class of NHI to that environment, one that mints credentials autonomously, at machine speed, in workflows the security organization was never asked to approve. The pre-existing governance gap and the new acceleration arrive at the same target at the same time.
In this Unite.AI piece, I argue that the NHI sprawl problem is not a future concern about agentic AI. It is a present operational reality that agentic AI is making structurally worse. Service accounts, API keys, OAuth tokens, and similar non-human credentials quietly authenticate application behavior across modern cloud environments, yet are poorly inventoried, rarely rotated, and difficult to govern. Only 18% of security leaders report high confidence that their IAM tooling can manage agent identities. Only 28% can trace agent actions back to a human sponsor across all their environments. Only 29% consider themselves prepared to secure agentic AI deployments. These are not aspirational gaps. These are the conditions agentic systems are being deployed into right now.
The article walks through three incidents that demonstrate the operational shape of the risk: CVE-2025-12420 in ServiceNow Virtual Agent (which allowed unauthenticated impersonation), the OpenClaw vulnerabilities that affected 135,000-plus GitHub-starred AI agent framework instances, and the UNC6395 OAuth token theft campaign that touched 700-plus organizations through a single SaaS vendor compromise. The common thread is that each incident exploited a credential boundary the defender had not actively scoped. Agentic AI is generating those boundaries faster than human-paced governance can name them.
The core argument is that organizations need to treat AI agents as security principals. Any autonomous or semi-autonomous AI system with access to sensitive systems, data, or workflows needs the governance posture applied to privileged users: identity, access control, behavior monitoring, audit. Calling it a tool absolves no one. The NIST AI Agent Standards Initiative, the NCCoE concept paper on AI agent identity, and the first-class agent identity primitives now shipping from Okta, Microsoft, and Google all signal that the consensus is forming. The question is whether organizations cross that line proactively or after an incident forces it.
Read the full article on Unite.AI Agentic AI Turns NHI Sprawl Into an Ungovernable Attack Surface →