Securing NHIs: Service Accounts, RPA and Agentic AI Considerations

Securing NHIs: Service Accounts, RPA and Agentic AI Considerations

Most organizations now grapple with explosive growth in privileged non-human identities (NHIs)—from OS-scoped service accounts and SaaS tokens to RPA bots and agentic AI. Recent incidents show attackers bypassing humans entirely by abusing OAuth and app-to-app integrations to siphon data and cloud keys, underscoring how NHI compromise fuels supply-chain style breaches. This session reframes NHI security around practical lifecycle management and hard-won field lessons. We’ll cut through hype on AI agents to the real work: securing emerging protocols like MCP, tightening SaaS-to-SaaS grants, and balancing priorities between the emerging and legacy pain that still drives risk. Attendees leave with actionable architectures, governance patterns, and controls that reduce NHI blast radius in imperfect, real-world conditions.

• Governance and lifecycle management considerations for NHI accounts, including discovery, provisioning, and monitoring strategies
• Fitting security principles like least privilege and separation of duties to NHIs, particularly those for RPA and AI agents
• Reference architectures and where (and how) to implement controls to secure NHIs
• Adapting and applying identity tooling for NHI, such as ISPM and ITDR

Audience

This event is for IANS clients and invited guests — there is no vendor sponsorship or presence.