Cover_Ebook-2

Securing AI agents and non-human identities in enterprises

In 2025, NHIs surged with the rise of AI agents, microservices, and distributed cloud systems. This ebook gives you a practical roadmap to secure NHIs in your stack, with Zero Trust principles at the core. 

Drawing from hands-on customer work, discussions with security & IAM teams, and the latest OWASP research, we’ll cover:

  • Real-world examples of AI and NHI specific security threats, illustrated by incidents from Okta, GitHub, Microsoft
  • 12 security principles with 35 practical steps for adaptive, risk-informed NHI governance
  • A vendor landscape and evaluation checklist to help you build out your defense

The technical framework you need to secure NHIs across your environments

Asset 2@2x

NHI taxonomy

We’ll lay out a taxonomy of NHIs and explain why NHIs are becoming a major security and compliance concern for our clients and other tech companies. You’ll learn how the explosion of NHIs is creating new vulnerabilities and how agent-based AI is accelerating the risk.

Topics covered: Identity explosion, NHI-related data breaches, NHI terminology,  taxonomy of AI agents, RAG, autonomous AI agents, and AI workflows

20 NHI and AI agent risk vectors you need to know

We’ll dive deep into the top 20 risk vectors affecting non-human identities and AI agents, spanning everything from orphaned credentials and secrets sprawl to prompt injection and insecure plugin integrations. You’ll learn how attackers exploit insecure defaults, over-scoped permissions, lateral movement, and weak isolation across services.

You’ll understand the major security risks, supported with examples from attacks, OWASP reports, and vulnerabilities discovered by security researchers.

Topics covered: Over-scoped permissions, orphaned NHIs, NHI authentication, secrets, 3rd party vulnerabilities, token reuse, lateral movement, multi-tenant data leaks

Asset 3@2x
Asset 4@2x

Strategies and principles for NHI governance

We’ll cover practical strategies for securing NHIs, starting with exposure assessment, setting measurable objectives, and aligning Zero Trust controls across architecture and teams. These are backed by 12 security principles and 35 implementation steps to drive NHI governance.

This section will provide you with the NHIs' security checklist, covering inventory management, credential isolation, least privilege, fine-grained access control, and externalized authorization, mapped to practical implementation steps.

Topics covered: Zero Trust Security, SPIFFE, WIMSE (IETF), SPICE (IETF), OpenID Connect M2M, FIDO Device Onboarding (FDO), NIST SP 800-207 Zero Trust Architecture

Vendor landscape and vendor evaluation checklist

Securing NHIs means aligning security controls across the entire identity lifecycle—from issuance to revocation. In this chapter, we break down how to evaluate vendors based on your architecture, maturity, and specific use cases. Rather than aiming for tool breadth, we show why depth, interoperability, and lifecycle fit matter most.

You’ll learn how to assess solutions for provisioning, rotation, access control, and policy enforcement in a way that supports scalable, Zero Trust NHI security.

Topics covered: NHI security architecture, automated identity issuance, scoped credential distribution,  policy enforcement at scale, NHI security tool landscape

Asset 5@2x
Extensibility

Bonus: A comprehensive list of NHI security vendors

We’ve compiled a thorough list of NHI security vendors that can help you close this security gap before attackers make use of it.

Emre_Portrait-3

About the author

Emre Baran, co-founder of Cerbos, ex-Googler, entrepreneur & software executive with 20+ years of experience.

What’s inside the ebook

Asset 1@2x-2
Asset 2@2x-1
Cerbos_symbol_black

About Cerbos

Authorization management solution for authoring, testing, and deploying access control policies. Implement scalable, secure, fine-grained authorization for both human and non-human identities.