From a recent Identity Jedi post.
“NHI visibility and AI agent visibility feel like the same problem. They’re not. A service account is relatively static. It was created for a purpose, it has credentials, it authenticates to something. You can find it, document it, rotate its credentials, put it in a vault. That’s a solvable problem with existing tooling.
“An AI agent is different in almost every dimension that matters. It’s dynamic. It’s often ephemeral. It doesn’t have a fixed identity. It borrows one, or several. It makes decisions at runtime about what it needs to access. And it operates at machine speed, which means by the time your SIEM fires an alert, the transaction is already done.”
Bredemarket 