AI agentsidentitysecurityIAMgovernance

Non-Human Identity for AI Agents

May 21, 2026 3 min readBy Mo Discussion

Non-Human Identity for AI Agents#

An AI agent should not borrow a human's password and wander through your stack.

That sounds obvious. It still happens.

As agents move from demos to real workflows, identity becomes one of the most important pieces of architecture. The agent needs to act on behalf of a user, workspace, team, or service without becoming an invisible super-admin.

The identity question#

For every agent action, you should be able to answer:

Who requested this?
Which agent executed it?
Which workflow allowed it?
Which credential was used?
What scope did it have?
Was a human approval required?
What did the agent actually do?

If you cannot answer those questions, the agent is not ready for production work.

User-delegated access is useful, but it needs limits.

The agent should not inherit every permission the user has. It should receive a narrowed scope for the specific workflow step.

Example:

User can manage billing.
Billing agent can read invoices.
Refund preview is allowed.
Refund execution requires approval.
The approval event grants one narrow action.

That is safer than handing the agent the user's full billing token.

Agent identity is not service account identity#

A service account says, "this backend can call Stripe."

An agent identity should say, "this specific workflow, on behalf of this user or workspace, can preview this billing action under these rules."

That is more precise.

The difference matters when something goes wrong.

Credential vaulting#

Keep secrets server-side.

The agent should call tools. Tools should use credentials. The model should not see raw tokens.

Use:

Scoped tokens.
Short-lived grants.
Approval-bound execution.
Tool-side redaction.
Audit logs.
Rotation.

The best secret handling is boring and invisible.

Identity for subagents#

Multi-agent systems make this harder.

If the planner delegates to a support agent, and that support agent delegates to a billing agent, your trace should still be readable.

Every subagent needs:

Name.
Role.
Scope.
Parent run.
Allowed tools.
Approval state.

Otherwise delegation becomes a place where accountability disappears.

Build it in Codelit#

Try this:

Design non-human identity for AI agents in a SaaS product. Include agent identities, delegated user scopes, credential vaulting, short-lived grants, subagent traces, approval-bound actions, and audit logs.

Design the agent identity architecture

Agents need identities because production systems need blame, trust, and rollback.

Try it on Codelit

Agent Workflow Builder

Map agents, tools, model routing, approvals, evals, and deployment before wiring connectors

Build this agent workflow →

Comments

AI agents

AgentOps Observability for AI Agents

3 min read

AI agents

Context Engineering for Agentic Systems

2 min read

AI agents

AI Agent Memory Architecture

2 min read

Try these templates

Identity Provider & SSO Platform

Okta/Auth0-like identity platform with SSO, MFA, user management, and enterprise directory sync.

8 components

Build this agent workflow

Generate a production workflow for Non in seconds.

Try it in Codelit →

AI agentsidentitysecurityIAMgovernance

Non-Human Identity for AI Agents

May 21, 2026 3 min readBy Mo Discussion

Non-Human Identity for AI Agents#

An AI agent should not borrow a human's password and wander through your stack.

That sounds obvious. It still happens.

The identity question#

For every agent action, you should be able to answer:

Who requested this?
Which agent executed it?
Which workflow allowed it?
Which credential was used?
What scope did it have?
Was a human approval required?
What did the agent actually do?

If you cannot answer those questions, the agent is not ready for production work.

User-delegated access is useful, but it needs limits.

The agent should not inherit every permission the user has. It should receive a narrowed scope for the specific workflow step.

Example:

User can manage billing.
Billing agent can read invoices.
Refund preview is allowed.
Refund execution requires approval.
The approval event grants one narrow action.

That is safer than handing the agent the user's full billing token.

Agent identity is not service account identity#

A service account says, "this backend can call Stripe."

An agent identity should say, "this specific workflow, on behalf of this user or workspace, can preview this billing action under these rules."

That is more precise.

The difference matters when something goes wrong.

Credential vaulting#

Keep secrets server-side.

The agent should call tools. Tools should use credentials. The model should not see raw tokens.

Use:

Scoped tokens.
Short-lived grants.
Approval-bound execution.
Tool-side redaction.
Audit logs.
Rotation.

The best secret handling is boring and invisible.

Identity for subagents#

Multi-agent systems make this harder.

If the planner delegates to a support agent, and that support agent delegates to a billing agent, your trace should still be readable.

Every subagent needs:

Name.
Role.
Scope.
Parent run.
Allowed tools.
Approval state.

Otherwise delegation becomes a place where accountability disappears.

Build it in Codelit#

Try this:

Design non-human identity for AI agents in a SaaS product. Include agent identities, delegated user scopes, credential vaulting, short-lived grants, subagent traces, approval-bound actions, and audit logs.

Design the agent identity architecture

Agents need identities because production systems need blame, trust, and rollback.

Try it on Codelit

Agent Workflow Builder

Map agents, tools, model routing, approvals, evals, and deployment before wiring connectors

Build this agent workflow →

Comments

AI agents

Try these templates

Identity Provider & SSO Platform

Okta/Auth0-like identity platform with SSO, MFA, user management, and enterprise directory sync.

8 components

Build this agent workflow

Generate a production workflow for Non in seconds.

Try it in Codelit →

Non-Human Identity for AI Agents

Non-Human Identity for AI Agents#

The identity question#

Agent identity is not service account identity#

Credential vaulting#

Identity for subagents#

Build it in Codelit#

Comments

Related articles

AgentOps Observability for AI Agents

Context Engineering for Agentic Systems

AI Agent Memory Architecture

Try these templates

Identity Provider & SSO Platform

Build this agent workflow

Non-Human Identity for AI Agents

Non-Human Identity for AI Agents#

The identity question#

Agent identity is not service account identity#

Credential vaulting#

Identity for subagents#

Build it in Codelit#

Comments

Related articles

AgentOps Observability for AI Agents

Context Engineering for Agentic Systems

AI Agent Memory Architecture

Try these templates

Identity Provider & SSO Platform

Build this agent workflow

Non-Human Identity for AI Agents

Non-Human Identity for AI Agents#

The identity question#

Do not share user tokens blindly#

Agent identity is not service account identity#

Credential vaulting#

Identity for subagents#

Build it in Codelit#

Comments

Related articles

AgentOps Observability for AI Agents

Context Engineering for Agentic Systems

AI Agent Memory Architecture

Try these templates

Identity Provider & SSO Platform

Build this agent workflow

Non-Human Identity for AI Agents

Non-Human Identity for AI Agents#

The identity question#

Do not share user tokens blindly#

Agent identity is not service account identity#

Credential vaulting#

Identity for subagents#

Build it in Codelit#

Comments

Related articles

AgentOps Observability for AI Agents

Context Engineering for Agentic Systems

AI Agent Memory Architecture

Try these templates

Identity Provider & SSO Platform

Build this agent workflow