Concept  ·  Glossary

Non-human identity (NHI)

Any digital account or credential that belongs to software rather than a person — including AI agents, automated bots, CI/CD pipeline workers, and service accounts — each of which needs its own identity to access systems and data. Unlike human logins, NHIs typically don't have a person watching them, they rarely get their passwords changed, and they can accumulate far more access than they need over time. As AI agent deployments grow, NHIs can easily outnumber human accounts by orders of magnitude.
Compromising one NHI credential — such as an AI agent's API key or OAuth token — can give an attacker persistent, automated, and often unmonitored access to every system that agent touches, without triggering the alerts designed for human login anomalies.
NIST NCCoE — AI Agent Identity & Authorization Project
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →