Teleport Named an Overall Leader in Zero Trust Platforms by KuppingerCole Analysts
Read now

What are Non-Human Identities?

Non-human identities (NHIs) are the digital identities used by software rather than people: service accounts, API keys and tokens, CI/CD (continuous integration and continuous delivery) credentials, workloads and containers, and the new class of autonomous AI agents. Every one of them authenticates to systems, holds permissions, and can be attacked. On most modern networks they outnumber human identities by a wide margin, and most go untracked. This guide explains what counts as a non-human identity, why the category is growing so fast, where the real risks are, how AI agents fit in, and how to bring machines, workloads, and agents under one secure identity model.

Travis Swientek

AUTHOR:

Travis Swientek

Software Engineer, Teleport

What are Non-Human Identities?

A non-human identity is any identity that a machine, workload, or automation process uses to prove what it is and gain access. It is the machine equivalent of a user account. Just as a human user logs in with a username and a second factor, software authenticates with credentials of its own and then acts with the permissions it has been granted. But because there is no human attached, these identities are easy to create, forget, and over-permission.

There are several distinct types of non-human identities:

  • Service accounts: Long-lived accounts that applications, daemons, and scheduled jobs use to talk to databases, cloud APIs, and each other. They are the oldest and most numerous form of NHI.
  • API keys and tokens: Static strings that authenticate one service to another, such as cloud provider keys, OAuth tokens, personal access tokens, webhook secrets.
  • CI/CD credentials: The keys and tokens CI/CD build pipelines use to pull code, push images to registries, and deploy to production.
  • Workloads and containers: Kubernetes pods, microservices, serverless functions, and virtual machines that need to authenticate to other services to do their jobs. In a microservices architecture, service-to-service (machine-to-machine, or m2m) calls happen constantly.
  • AI agents: Autonomous and semi-autonomous systems that call tools, query data, and take actions on a user's or an organization's behalf. 

These examples of non-human identity are often grouped under the term machine identity or workload identity. Machine identity and workload identity name the cryptographic identity of a specific machine or running workload, while non-human identity is the broader umbrella that also covers service accounts, keys, and agents. In practice, securing NHIs means giving every one of them a strong, verifiable identity rather than a static secret.

Why non-human identities are growing

Non-human identities are growing faster than human ones because everything modern infrastructure does is automated. Cloud-native architecture can replace a handful of servers with hundreds of services, each needing to authenticate. Microservices can transform one application into dozens of independently deployed components that call each other constantly. CI/CD pipelines can automate the path from commit to production, and each step needs credentials. And now AI agents are adding an entirely new population of identities that act on their own.

The Cloud Security Alliance's research on non-human identity security has found that NHIs already outnumber human identities by a wide margin in most organizations and even more dramatically in cloud-heavy environments. This ratio continues to climb as automation matures. 

The security risks of non-human identities

The core problem is that most non-human identities authenticate with static secrets. These are API keys, tokens, and passwords that sit in config files, environment variables, and pipelines. Static secrets create four compounding risks.

Secrets leak and seldom change: A static key works the same on day one and day five hundred. It gets committed to a Git repository, pasted into a ticket, baked into a container image, or shared between teams for convenience. Once it leaks, it stays valid until someone notices, and over 80% of breaches involve stolen credentials, according to CrowdStrike. The standard advice is to rotate these secrets on a schedule, but rotation only reduces the window of exposure without removing the thing being exposed. The more durable answer is to stop issuing long-lived secrets at all.

Service accounts are over-permissioned: Because it is easier to grant broad access than to scope it precisely, service accounts accumulate permissions far beyond what they use. A pipeline that only needs to read one bucket ends up with write access to the whole account. When that identity is compromised, the attacker inherits everything it can reach.

There is no inventory: Few organizations can answer a simple question: which machine, workload, or agent can reach what, and why? NHIs are created by developers in the course of building, not provisioned through a central process, so they never make it into a single source of truth. You cannot govern what you cannot see.

Audit trails are weak: When several services share a key, or an agent acts through a generic service account, the audit log shows the account rather than which workload or which action actually did the thing. That breaks accountability exactly when you need it most, during an incident.

The way out of all four is the same. Replace static credentials with verifiable, short-lived cryptographic identity, so that every machine, workload, and agent proves who it is rather than presenting a shared secret.
 

Non-human identities and AI agents

AI agents are a distinct type of non-human identity. While a service account is predictable, running a known job against known systems, an autonomous agent is non-deterministic. This means that it can freely decide what task it will perform at runtime, can call tools dynamically, chain actions together, and may spawn sub-tasks that were not explicitly scripted. Equipping an agent with a static API key and broad permissions, like how  teams have long treated service accounts, hands an unpredictable actor a powerful, reusable credential.

So how does an AI agent get an identity? The right approach gives the agent a short-lived, cryptographically verifiable identity that is issued just in time, scoped to the specific task, and recorded in an audit trail, rather than a long-lived key it carries around. The agent should be able to prove what it is, on whose behalf it is acting, and what it is allowed to do, on every call. That is what separates an agent identity from a service account. The agent's identity is ephemeral, attributable, and least-privileged by design, because the actor behind it is autonomous.

As the OWASP Top 10 for agentic applications describes, eexcessive agency, identity spoofing, and over-broad tool permissions all trace back to weak agent identity. Much of the agent ecosystem now connects through the Model Context Protocol (MCP), an open standard for how agents reach tools and data. An MCP server is a high-value access point that needs the same identity discipline as any other piece of infrastructure.

Teleport's research identifies the stakes. Organizations that grant AI systems least-privileged access see roughly 4.5x fewer incidents than those that do not, a 17% incident rate versus 76%. With 92% of organizations deploying or planning to deploy AI in production infrastructure, agent identity is not a future problem. 

How to secure non-human identities

Securing non-human identities means giving each one a strong identity instead of a shared secret, granting it only what it needs, and being able to prove what it did. Four practices make that real.

Replace static secrets with cryptographic identity: Instead of distributing API keys, issue each machine, workload, and agent a short-lived certificate tied to its verified identity. This secretless approach ensures there are no long-lived credentials to leak, commit, or steal, because the credential expires in minutes and is reissued on demand. Standards like SPIFFE (Secure Production Identity Framework for Everyone) define how workloads receive these verifiable identities. (What does cryptographic identity mean?)

Use short-lived certificates with zero standing privileges: A credential that lives for minutes and is scoped to one task removes the standing access attackers depend on, leaving nothing behind to compromise.

Enforce least privilege. Every NHI should hold the narrowest permissions its job requires, granted just in time rather than standing. Limit a pipeline's identity to the one registry it deploys to, and restrict agents to the specific tools their task requires.

Govern and audit every identity. Bring non-human identities into the same governance model as people, with a single inventory of what each can reach, regular access review, and an immutable audit log that attributes every action to a specific workload or agent. 

 Static secrets (API keys, tokens)Cryptographic machine identity
RotationManual or scheduledNone needed, because certificates are short-lived and reissued automatically, with nothing to rotate
LeakageHigh: committed to repos, baked into images, shared between teams; valid until revokedLow: a leaked certificate expires in minutes and cannot be reused
ScopeTends toward over-permissioned for convenienceLeast-privilege by default; scoped to the workload and task
AuditShared keys break attribution; logs show the account, not the actorEvery action attributed to a specific, verified workload or agent in an immutable log

Conclusion: one identity model for humans, machines, and agents

Non-human identities are no longer a side category. They are the majority of identities in most environments, and they are the fastest-growing one as agentic AI moves into production. The organizations that handle this well will not bolt on another secrets store. They will stop issuing standing secrets altogether and give every human, machine, workload, and agent a short-lived, verifiable cryptographic identity, governed and audited under one model. That is the foundation Teleport is built on. Explore Teleport Machine & Workload Identity to secure your service accounts, pipelines, and workloads, and to extend that same model to the AI agents now joining your infrastructure.
 

Frequently Asked Questions

How does Teleport govern non-human identities such as service accounts, bots, and pipelines?

Teleport governs non-human identities by giving each service account, bot, and pipeline an attested cryptographic identity with short-lived certificates, then applying least-privileged access and full audit through Teleport Machine & Workload Identity and Teleport Identity Governance. Non-human identities now outnumber human ones, and treating them as verifiable identities rather than shared secrets removes the credential sprawl that drives breaches.

A non-human identity (NHI) is any identity that software uses to authenticate and access systems, rather than a person. The category includes service accounts, API keys and tokens, CI/CD credentials, workloads and containers, and AI agents. Each one holds permissions and can be attacked, and on most networks they outnumber human identities.

Machine identity refers specifically to the cryptographic identity of a machine or running workload. Non-human identity is the broader umbrella term that also covers service accounts, API keys, and AI agents. All machine identities are non-human identities, but not every NHI is a machine in the narrow sense.

Most NHIs authenticate with static secrets that leak, get committed to code, and rarely change. They are frequently over-permissioned, there is usually no central inventory of what each can reach, and shared credentials make audit trails unreliable. Because they vastly outnumber human identities, they form a large and largely invisible attack surface.

Replace static secrets with short-lived cryptographic identities, enforce least privilege with just-in-time access, maintain a single inventory of every NHI, and keep an immutable audit log that attributes each action to a specific workload. This brings machines, workloads, and agents under the same governance model used for people.

Yes. An AI agent is a non-human identity, but a distinct one. Because it acts autonomously and calls tools at runtime, it needs an ephemeral, attributable, least-privileged identity issued just in time rather than a static service-account key.