Comprehensive definitions for identity security terminology.
A distinct identity assigned to an AI agent that can act autonomously on behalf of users or systems.
A security discipline focused on governing AI agent and automation access through intent-aware, just-in-time controls.
An autonomous AI system that can take actions on behalf of users or organizations.
Extending security posture management to cover AI systems and agents.
A secret token used to authenticate API requests, typically associated with a non-human identity.
Short-lived, just-in-time credentials issued to agents only when needed and immediately revoked after use.
The stages an identity goes through: creation, active use, modification, and eventual retirement.
The uncontrolled proliferation of identities across an organization.
Security discipline focused on detecting and responding to identity-based threats.
The ability to interpret an AI agent's intended action and validate it against security policies before execution.
The process of validating what an AI agent or automation intends to do before granting access.
Providing access only when needed and revoking it immediately after use.
Security principle of granting only the minimum permissions required for a task.
Automated interactions or workflows between software systems, services, or devices without direct human initiation.
Any non-human identity including service accounts, certificates, API keys, AI agents, and automated workflows.
Legacy term for any identity used by a machine, service, or software. See Machine Identity or Agent Identity for modern usage.
An identity that no longer has an owner or valid business purpose.
Defining and managing security policies using code and version control.
Continuous assessment of identity configurations against security best practices and policies.
The practice of regularly changing credentials to limit exposure from potential leaks.
A non-human identity used by applications or services to authenticate and access resources.
Unapproved or untracked use of AI tools or agents within an organization.
Security model that requires verification for every access request, regardless of source.
Explore our blog for in-depth articles on NHI security concepts.