
Securing AI agents and non-human identities in enterprises
In 2025, NHIs surged with the rise of AI agents, microservices, and distributed cloud systems. This ebook gives you a practical roadmap to secure NHIs in your stack, with Zero Trust principles at the core.
What's inside the ebook
Drawing from hands-on customer work, discussions with security & IAM teams, and
the latest OWASP research, we’ll cover:
-
Incident-driven threat insights
Learn from real-world security breaches at Okta, GitHub, and Microsoft to understand NHI-specific risks.
-
12 principles for NHI governance
Apply 35 actionable steps for adaptive, risk-informed permission and identity management.
-
Vendor landscape & evaluation toolkit
Navigate the ecosystem with a curated vendor map and checklist to guide your implementation strategy.

Created for modern security teams
50 pages
of in depth content
Opinions from
security leaders
Practical
frameworks
The technical framework you need to secure NHIs across your environments

NHI taxonomy
We’ll lay out a taxonomy of NHIs and explain why NHIs are becoming a major security and compliance concern for our clients and other tech companies. You’ll learn how the explosion of NHIs is creating new vulnerabilities and how agent-based AI is accelerating the risk.
Topics covered: Identity explosion, NHI-related data breaches, NHI terminology, taxonomy of AI agents, RAG, autonomous AI agents, and AI workflows
20 NHI and AI agent risk vectors you need to know
We’ll dive deep into the top 20 risk vectors affecting non-human identities and AI agents, spanning everything from orphaned credentials and secrets sprawl to prompt injection and insecure plugin integrations. You’ll learn how attackers exploit insecure defaults, over-scoped permissions, lateral movement, and weak isolation across services.
You’ll understand the major security risks, supported with examples from attacks, OWASP reports, and vulnerabilities discovered by security researchers.
Topics covered: Over-scoped permissions, orphaned NHIs, NHI authentication, secrets, 3rd party vulnerabilities, token reuse, lateral movement, multi-tenant data leaks


Strategies and principles for NHI governance
We’ll cover practical strategies for securing NHIs, starting with exposure assessment, setting measurable objectives, and aligning Zero Trust controls across architecture and teams. These are backed by 12 security principles and 35 implementation steps to drive NHI governance.
This section will provide you with the NHIs' security checklist, covering inventory management, credential isolation, least privilege, fine-grained access control, and externalized authorization, mapped to practical implementation steps.
Topics covered: Zero Trust Security, SPIFFE, WIMSE (IETF), SPICE (IETF), OpenID Connect M2M, FIDO Device Onboarding (FDO), NIST SP 800-207 Zero Trust Architecture
Vendor landscape and vendor evaluation checklist
Securing NHIs means aligning security controls across the entire identity lifecycle—from issuance to revocation. In this chapter, we break down how to evaluate vendors based on your architecture, maturity, and specific use cases. Rather than aiming for tool breadth, we show why depth, interoperability, and lifecycle fit matter most.
You’ll learn how to assess solutions for provisioning, rotation, access control, and policy enforcement in a way that supports scalable, Zero Trust NHI security.
Topics covered: NHI security architecture, automated identity issuance, scoped credential distribution, policy enforcement at scale, NHI security tool landscape


Bonus: A comprehensive list of NHI security vendors
We’ve compiled a thorough list of NHI security vendors that can help you close this security gap before attackers make use of it.

About the author
Emre Baran, co-founder of Cerbos, ex-Googler, entrepreneur & software executive with 20+ years of experience.


Secure non-human
identities at scale
Manage permissions for workloads, microservices, AI agents, and API clients with flexible, policy-driven authorization.
