People are people, and why should it be that non-person entities (NPEs) are treated the same? The girl is NOT the robot.
Non-static
In a June 30 LinkedIn post, Eric Olden of Strata caused me to realize that my approach to NPEs is too uniform and needs to be more nuanced.
“Agentic identity isn’t just a new type of NHI. AI agents might functionally fall under the “non-human identity” umbrella—but that label doesn’t really cut it since we’re not talking about static service accounts or API keys.”
In a table published in the original post, Olden semantically defines NHIs as the persistent entities with unchanging privileges. Agentic identities, in Olden’s cosmos, are ephemeral.
But Olden identifies one additional distinction that has nothing to do with lifespan.
“AI agents are digital actors that can reason and make decisions across systems.”
Olden notes that the characteristics of agentic AI offer both power and risk.
Impermanent
ConductorOne shares Olden’s observations on agentic AI:
“Often ephemeral, existing for just seconds or minutes depending on the task.
“Requires role-based or task-specific access, rather than broad or persistent permissions.
“Capable of autonomous decision-making and executing actions in real-time.
“Built to integrate with existing systems and interact securely with other agents.
“Expands the potential for AI solutions by enabling action—not just insight or content.”
Unaccountable
So how do you set up individual accounts for these extremely powerful non-person entities that appear and disappear?
According to Juan Ignacio Torres Durán, you don’t.
“Modern architectures — cloud-native, ephemeral workloads, APIs, containers, robotic processes — don’t fit neatly into the account model. They’re fast, dynamic, and short-lived. They need access right now, based on who or what they are, where they run, and what they do.
“And here’s the shift: We don’t need to create an account for each of them. We just need to recognize the entity, validate it, and project a governed identity that can be used for access decisions.”
So no distinct individuality for NPEs. That’s an interesting…um…world.
Bredemarket 