Ebook_Cover

Securing AI agents and non-human identities in enterprises

In 2025, NHIs surged with the rise of AI agents, microservices, and distributed cloud systems. This ebook gives you a practical roadmap to secure NHIs in your stack, with Zero Trust principles at the core.

What's inside the ebook

Drawing from hands-on customer work, discussions with security & IAM teams, and
the latest OWASP research, we’ll cover:

  • Incident-driven threat insights

    Learn from real-world security breaches at Okta, GitHub, and Microsoft to understand NHI-specific risks.

  • 12 principles for NHI governance

    Apply 35 actionable steps for adaptive, risk-informed permission and identity management.

  • Vendor landscape & evaluation toolkit

    Navigate the ecosystem with a curated vendor map and checklist to guide your implementation strategy.

Magnifying glass_Icon-2

Created for modern security teams

50 pages
of in depth content

Opinions from
security leaders

Practical
frameworks

The technical framework you need to secure NHIs across your environments

Asset 2@2x

NHI taxonomy

We’ll lay out a taxonomy of NHIs and explain why NHIs are becoming a major security and compliance concern for our clients and other tech companies. You’ll learn how the explosion of NHIs is creating new vulnerabilities and how agent-based AI is accelerating the risk.

Topics covered: Identity explosion, NHI-related data breaches, NHI terminology,  taxonomy of AI agents, RAG, autonomous AI agents, and AI workflows

20 NHI and AI agent risk vectors you need to know

We’ll dive deep into the top 20 risk vectors affecting non-human identities and AI agents, spanning everything from orphaned credentials and secrets sprawl to prompt injection and insecure plugin integrations. You’ll learn how attackers exploit insecure defaults, over-scoped permissions, lateral movement, and weak isolation across services.

You’ll understand the major security risks, supported with examples from attacks, OWASP reports, and vulnerabilities discovered by security researchers.

Topics covered: Over-scoped permissions, orphaned NHIs, NHI authentication, secrets, 3rd party vulnerabilities, token reuse, lateral movement, multi-tenant data leaks

Asset 3@2x
Asset 4@2x

Strategies and principles for NHI governance

We’ll cover practical strategies for securing NHIs, starting with exposure assessment, setting measurable objectives, and aligning Zero Trust controls across architecture and teams. These are backed by 12 security principles and 35 implementation steps to drive NHI governance.

This section will provide you with the NHIs' security checklist, covering inventory management, credential isolation, least privilege, fine-grained access control, and externalized authorization, mapped to practical implementation steps.

Topics covered: Zero Trust Security, SPIFFE, WIMSE (IETF), SPICE (IETF), OpenID Connect M2M, FIDO Device Onboarding (FDO), NIST SP 800-207 Zero Trust Architecture

Vendor landscape and vendor evaluation checklist

Securing NHIs means aligning security controls across the entire identity lifecycle—from issuance to revocation. In this chapter, we break down how to evaluate vendors based on your architecture, maturity, and specific use cases. Rather than aiming for tool breadth, we show why depth, interoperability, and lifecycle fit matter most.

You’ll learn how to assess solutions for provisioning, rotation, access control, and policy enforcement in a way that supports scalable, Zero Trust NHI security.

Topics covered: NHI security architecture, automated identity issuance, scoped credential distribution,  policy enforcement at scale, NHI security tool landscape

Asset 5@2x
Extensibility

Bonus: A comprehensive list of NHI security vendors

We’ve compiled a thorough list of NHI security vendors that can help you close this security gap before attackers make use of it.

Emre

About the author

Emre Baran, co-founder of Cerbos, ex-Googler, entrepreneur & software executive with 20+ years of experience.

Google 2015 Logo

What's inside the ebook

Asset 1@2x-2
Asset 2@2x-1
Cerbos logotype

Secure non-human
identities at scale

Manage permissions for workloads, microservices, AI agents, and API clients with flexible, policy-driven authorization.

image-3