The Identity Problem (Yours and Your Agent's)

There’s a moment in Fight Club where Tyler Durden looks at the Narrator and asks, “Do you know what you’re doing?” The Narrator realizes he’s been someone else the entire time. His whole story belongs to another person. He’s been acting out a script written by a identity he doesn’t recognize.

Your agents might have the same problem.

---

Answer-First Summary

Non-human identities now vastly outnumber human users in enterprise systems, yet credential management for agents receives almost no governance attention. An agent without clear identity boundaries becomes useless for safety purposes. Three identity hygiene checks this week can materially reduce your agent credential exposure.

---

The Math That Should Terrify You

Industry research consistently shows non-human identities outnumber human users by at least 45 to 1 in enterprise environments, with some estimates reaching much higher. That’s not theoretical. That’s your organization right now. Service accounts, API keys, deployment tokens, agent credentials. Hundreds of non-human identities for every person in your company.

And they’re managed like someone’s leaving a spare house key under the mat.

Here’s what that looks like in practice. An agent gets an API key. Maybe it’s in an environment variable. Maybe it’s in a config file. Maybe it’s passed at runtime. The key grants access to a database. The agent uses the database. Good. The agent also has permissions to modify records. Also good. The agent can create new users. Also fine. The agent can delete all users. That’s… still there. That’s still true.

The agent is now an identity with unlimited authority. You made it useful for one thing. You made it dangerous for everything.

People who haven’t defined their identity end up overcommitting and burning out. Same pattern at machine speed. An agent without clear identity boundaries will say yes to every tool request, every permission escalation, every operation that passes a basic syntax check. That makes it useful for nothing safely.

The Gap Between Human and Non-Human Identity

The security industry built identity frameworks for humans. Humans log in. Humans request permission. Humans carry credentials that prove who they are. There’s friction at every step. You can’t accidentally be someone else for six months.

Agents don’t work that way. An agent doesn’t log in once and retire at 65. An agent spins up, does work, and is gone. An agent doesn’t “request permission” in the human sense. An agent either has the capability or it doesn’t. An agent can’t accidentally be someone else because it can be multiple someones simultaneously.

The identity frameworks don’t fit.

So what do teams do. They improvise. They give the agent the same access level as a human in a similar role. That’s the most generous interpretation. The worst interpretation is “we gave it an API key and hoped for the best.”

Neither works. Neither is honest about what the agent actually needs.

What Honest Identity Hygiene Looks Like

You don’t ask “how do we secure this agent’s credentials?” You ask “what is this agent actually allowed to do?” That’s the foundation. Everything else is enforcement.

Your agent needs to call Tool A, Tool B, and Tool C. Nothing else. Read from Database X only. Access secrets vault only for Credential Y. That’s your identity boundary.

Implement it three ways. First: least privilege. Your agent gets exactly what it needs. Not what a similar human has. The minimum viable access. Every operation not on your list gets denied.

Second: credential rotation. A static API key is a stolen key eventually. Rotate on schedule. Daily if possible. The agent should never know its own password. It requests fresh credentials from a secrets manager each time.

Third: decision scope. Your agent reads databases. Can’t modify. Can’t create. Can’t delete. Can’t access different databases. The boundaries are restrictive. That’s the point.

This is where teams resist. “We might need flexibility.” Maybe. But you’re betting no attacker finds your agent and no employee deliberately misuses it. Bad bets.

The Three Checks You Run This Week

1. Credential Inventory. List every credential your agent has. Be specific.

2. Access Verification. Does the agent actually use this credential? If no, revoke it.

3. Rotation Audit. When was it last rotated? If never, rotate it now.

This takes one hour. You’ll find unused permissions and tightening opportunities.

The Principle That Holds

This is the inversion of how most teams think about agents. You don’t start by asking “how permissive can we make this agent?” You start by asking “what’s the smallest set of capabilities this agent could possibly need?” Then you grant that. Then you add monitoring to catch when it tries to exceed that scope.

An agent with clear identity boundaries is an agent you can debug. An agent without them is an agent you’re trusting on faith.

The Thread

This series started with runtime safety. Now we’re talking about identity as the foundation of that safety. The next post is about threat surface. Most teams are defending against prompt injection while ignoring six other attack vectors that cause more damage. Read Prompt Injection is the Easy Problem.

---

Sources

• CyberArk: Identity Security Threat Landscape Report, 2024. cyberark.com
• Astrix Security: State of Non-Human Identity Security, 2024. [Research on NHI:human ratios in enterprise]
• NIST SP 800-63B: Digital Identity Guidelines, Authentication and Lifecycle Management. nist.gov