Operationalizing AI Security: How To Govern AI Agent Identities Before Attackers Exploit Them

In our recent blog, Closing the Agentic AI Security Gap, we explained why identity-first security is critical for safely adopting agentic AI. In this follow-up blog, we explore what that security looks like in practice. By examining real-world product innovations and integrations with AWS, ServiceNow & Azure AI Foundry, we’ll demonstrate how BeyondTrust is securing the privileged credentials and non-human identities AI agents depend on before attackers can exploit them.

Agentic AI agents aren’t just active in many of today’s organizations; they are central to how operational systems run, as they enable task automation across cloud APIs, ITSM workflows, and RPA bots. Both knowledge workers and technical staff are creating agents and sharing them, which is contributing to the rapid proliferation. Recent studies by the GitGuardian and the Cloud Security Alliance, among others, have shown non-human identities (NHIs) to outnumber human accounts by more than 90:1. Yet, organizations often lack oversight into these NHIs, in large part because most compliance programs still focus on managing human access. This lack of NHI security leaves behind critical gaps that attackers can exploit.

Agentic AI agents introduce the following security challenges that teams must govern day-to-day:

• Non-Human Identities and Secrets – AI agents rely on the same kinds of tokens, API keys, and service account credentials that human administrators use for authentication and access to resources, and these secrets often have a long lifespan, significantly increasing their vulnerability to exploitation. Without proper governance, these identities become a silent attack surface waiting to be exploited.

• Privilege Without Boundaries – When broadly scoped, credentials allow agents to unintentionally escalate privileges or misuse access.

• Opaque Automation – AI agents don’t pause to reflect; they act instantly. To secure this near-instantaneous automation, organizations must have proactive security and preventative controls in place.

• High-Value for Attackers – Orphaned / stale credentials can easily become stealthy entry points, giving adversaries pathways to move laterally and persist.

CISOs and security leaders urgently need to prioritize remediation efforts and address these identity security risks, but how do we govern AI agent identities with the same discipline we apply to human identities?

Next, we’ll delve into some specific examples where these key identity security principles come into play for better securing the privileged credentials, secrets, and permissions associated with agentic AI.

AI agents are increasingly embedded in core DevOps, cloud management, SaaS, and IT operations, causing agents to rely on privileged credentials that, if left unmanaged, could become high-value attack targets.

Here are a few examples of this risk:

• DevOps Automation – When AI agents deploy infrastructure as code via cloud APIs, it becomes more possible for hardcoded or broadly scoped secrets to be stolen and misused. BeyondTrust Identity Security Insights® discovers these credentials, while Password Safe vaults and rotates them, enforcing just-in-time access.

• Cloud Resource Management – As AI agents scale cloud workloads dynamically, overly permissive roles can open security gaps or disable controls. BeyondTrust Identity Security Insights maps risky entitlements, while Password Safe enforces least privileged access.

• SaaS Workflow Automation – Agents often use static API tokens embedded in workflows to integrate with Salesforce, ServiceNow, GitHub, etc. This can expose credentials and bypass MFA controls. Identity Security Insights flags unmanaged tokens and Password Safe automates token rotation and revocation.

• IT Operations & Incident Response – When AI agents are used to detect anomalies and take remediative actions, unscoped privileges or missing audit trails can lead to service disruptions or create blind spots. Password Safe ties agent actions to accountable owners, while Identity Security Insights provides visibility into Paths to Privilege™ and offers intelligent recommendations to prevent exploitation.

When combined, Identity Security Insights and Password Safe create a dual defense for agentic AI identities.

First, Identity Security Insights discovers hidden agent credentials, maps risky access, and prioritizes which identities pose the highest risk. It collates risk data from Active Directory, Entra, AWS, Okta, GitHub, and more, identifying hidden privilege paths before attackers exploit them. With these contextual discovery and remediation capabilities, Identity Security Insights brings critical visibility into unmanaged secrets—the very credentials AI agents depend upon.

Identity Security Insights allows users to:

• Understand the privileges and risks of agents created by knowledge workers and developers in Azure, AWS, Copilot, Salesforce, etc.
• Understand which users have access to agents.
• Understand the privileges that agents make accessible to users.

Password Safe then complements these activities, enforcing lifecycle controls and tying them back to human owners and audit trails. It also delivers secure vaulting, rotation, and lifecycle governance for privileged accounts and secrets across hybrid and multicloud environments.

Password Safe allows users to:

• Vault and rotate secrets securely on schedule.
• Automate access controls, ensuring AI agents only retrieve credentials when needed.
• Manage lifecycle, retiring or rotating credentials as agents evolve.
• Enforce just-in-time privilege, minimizing exposure by only allowing time-bound access.

Together, these capabilities help organizations discover, map, and govern AI agents and their identities, ensuring they remain within defined security guardrails.

AWS Bedrock + Password Safe

When an AI agent built on AWS Bedrock assumes roles or calls APIs, it requires privileged credentials to access data or perform actions. However, if the agent’s AWS IAM role is broad or static keys are embedded in code, attackers can steal those credentials and escalate privileges.

BeyondTrust Password Safe secures these privileged credentials by vaulting, rotating, and managing them to enforce controlled access. For example, when AI agents need to assume AWS roles or call Bedrock APIs, Password Safe’s custom plugins and workflows integrate seamless credential retrieval, rotation, and just-in-time access, reducing risk and increasing auditability. As a result, organizations can:

• Prevent stale or orphaned AWS keys from being exploited

• Automate rotation through Secrets Manager and ServiceNow plugins

• Connect credentials to privilege paths in Identity Security Insights for full visibility

Want the technical playbook? Click here to explore our BeeKeepers guide to governing AWS Bedrock agent credentials with BeyondTrust Password Safe for step-by-step instructions, code samples, and plugin configuration details.

ServiceNow + Password Safe + Identity Security Insights

AI agents can execute IT operations by closing incidents, generating reports, and updating records in ServiceNow. Because these workflows often require access to other systems, such as Entra ID, the agent must handle privileged credentials. This interaction can become risky if static tokens or service account credentials are embedded directly into ServiceNow workflow. The agent can then bypass MFA, persist indefinitely, and expose sensitive systems to threat actors.

Identity Security Insights flags unmanaged or hardcoded ServiceNow tokens by mapping potential privilege paths and auditing ownership. Additionally, with the Password Safe spoke for ServiceNow Integration Hub, these credentials can be replaced with scoped, time-bound tokens that AI agents check out at runtime. This credential rotation ensures scoped, time-bound access instead of static credentials. For example, an AI agent would use Password Safe to check out Entra ID credentials, generate a user registration report, and even visualize authentication and MFA status for admins. As a result, organizations can automate the following key security activities:

• Removing static or embedded tokens from ServiceNow workflows
• Issuing just-in-time credentials for agents, reducing exposure windows
• Creating visibility into privilege paths between ServiceNow and Entra ID

Want the technical playbook? Click here to see our BeeKeepers guide to securing AI-driven ServiceNow workflows with Password Safe and Identity Security Insights for step-by-step configuration, sample code, and plugin setup.

Azure AI Foundry + Password Safe

Azure AI Foundry enables organizations to build and deploy AI agents that automate complex business and IT tasks. In many cases, these agents need additional privileged credentials to access systems or perform secure operations. But without governance, credentials required by AI Foundry agents may be stored insecurely or hardcoded into workflows. Static secrets or bearer tokens can then be leaked or reused, exposing sensitive services to attackers.

Using the Password Safe toolkit for Azure AI Foundry, agents can securely check out privileged credentials at runtime. The toolkit includes a Python project for creating Azure Functions that expose Password Safe to AI Foundry as callable tools, as well as Open API-based examples that do not require functions. These features ensure AI agents can retrieve, rotate, and retire credentials under BeyondTrust’s security model while maintaining seamless automation. As a result, teams can:

• Eliminate static credentials from Azure AI Foundry workflows
• Support both function-based and Open API-based integrations
• Enforce lifecycle management and auditability

Want the technical playbook? Click here to see our BeeKeepers guide to securing Azure AI Foundry agent credentials with BeyondTrust Password Safe for toolkit downloads, code samples, and step-by-step implementation details.

Today, attackers target identities—not just firewalls. These identity-related risks have only multiplied as new technologies, such as agentic AI, enter the scene. The organizations that embrace identity-first security for AI have a better chance of outpacing adversaries and future-proofing their businesses as innovation continues.

With the dual defense of BeyondTrust Identity Security Insights and Password Safe, your security team can take practical steps to deliver the visibility, control, and automation necessary to confidently adopt Agentic AI, while closing any AI identity security gaps attackers could be targeting.

Ready to secure your AI future by making identity security the foundation, not the afterthought?

• Learn how Password Safe secures AI agent credentials:
  https://www.beyondtrust.com/products/password-safe
• Discover how Identity Security Insights brings visibility to AI-driven secrets:
  https://www.beyondtrust.com/products/identity-security-insights