Zero Trust for AI Agents — When Machines Get Their Own Identities

Agent-based AI is no longer science fiction. Cisco recently warned of a world where AI agents become our “coworkers.” The question is: Who controls the coworker once the boss has gone home?

TL;DR

Agent-based AI—autonomous systems that navigate, make decisions, and take action in your IT environments—will explode in 2026. Each agent becomes a “non-human identity” that requires authentication, authorization, and auditing. Today’s IAM systems are built for people, not machines. Zero Trust for AI agents isn’t a nice-to-have; it’s a necessity. And NIS2 has already begun to impose requirements for the control of autonomous systems.

AI agents don’t stop working at five. They don’t take lunch breaks. And they don’t ask for permission every time they need to open a database, send an email, or modify a configuration.

That’s the whole point of agent-based AI: a system that is given a goal, breaks it down into steps, and executes it—often across multiple systems, applications, and APIs—without human intervention at every stage.

But this is where the problem arises. When an AI agent logs into your systems, who is it? And what is it authorized to do?

What is a “non-human identity,” and why will the number skyrocket in 2026?

Traditionally, identity and access management (IAM) has been about people: user accounts, passwords, and role-based access control (RBAC). But in a world of AI agents, there is an entirely new type of identity.

A non-human identity (NHI) is any digital identity that does not represent a physical person. This includes:

• Service Accounts and API Keys
• CI/CD pipelines that deploy code to production
• IoT devices with built-in certificates
• And now: AI agents that autonomously navigate systems

The difference? A CI/CD pipeline follows a predefined, static schedule. An AI agent learns, explores, and improvises. It may decide to query a database it has never seen before, or write code that creates new API connections—all with the goal of completing a task.

And the number of NHIs is growing exponentially. According to industry reports, the number of non-human identities has already surpassed the number of human user accounts in the average company. With agent-based AI, this trend is accelerating.

The Difference Between Human and Machine Access: Why Traditional IAM Isn’t Enough

Today’s IAM models are designed around one assumption: the user is a person who logs in, does their work, and logs out. These models have two fundamental problems when they encounter AI agents:

1. Continuous Authentication

A human is authenticated once per session (SSO, MFA). But an AI agent can exist for weeks or months—and during that time, its behavior can change dramatically. An agent that was authenticated as a “customer support agent” may, after an update, start doing things it has never done before. Typical session-based authentication never captures this.

2. An access model that assumes predictability

RBAC (Role-Based Access Control) states: “An employee in role X is allowed to do Y.” But an AI agent has no role in the traditional sense. Its behavior cannot be mapped to a static matrix. Today, the agent might analyze support cases; tomorrow, it might write code to resolve them—and next week, it might deploy that code to production.

The Zero Trust model states, “Never trust, always verify”—but most organizations have not extended that principle to NHI. They still rely on an API key or a service account with the correct scope being sufficient.

It isn’t.

The NIS2 Perspective: How Does the Regulatory Framework Address Autonomous Systems?

NIS2, which entered into force in October 2024, requires operators of critical infrastructure and key sectors to implement risk-based security measures. The directive places particular emphasis on:

• Control of access to systems and data (who or WHAT has access)
• Incident Management and Reporting for Security Incidents
• Supply chain security — including the security of subcontractors’ technology

This is where it gets interesting: autonomous AI agents fall through the cracks. Is an AI agent operating within your systems a “user” that needs to be monitored? Or is it a “vendor” whose behavior you’re responsible for? Or something entirely new?

In its NIS2 guidance, the Swedish Civil Contingencies Agency (MSB) points out that operators need to maintain control over all devices and systems that can affect their IT environment. Logically, this also includes autonomous agents. The only question is: how?

In 2026, the industry is awaiting clearer guidance. But that doesn’t mean it can afford to wait. The organizations that start mapping out their NHIs now will be better prepared when the clarifications are issued.

A Practical Roadmap: 3 Steps Toward Zero Trust for AI Agents

Step 1: Inventory — What do you have today?

Before you can check anything, you need to know what’s there. This is the hardest step—and the most critical one.

• Identify all NHI in your environment: API keys, service accounts, tokens, certificates
• Identify which systems use or are likely to use AI agents
• Document the scope of each NHI and the systems it affects
• Classify by risk level: an agent who can read support emails does not pose the same risk as an agent who can deploy code to production

Rule: If you can’t answer the question “How many NHI do we have?”, you can’t implement Zero Trust for them.

Step 2: Dynamic Access Control

Once you know what you have, replace static RBAC with dynamic policies.

• Just-in-Time (JIT) Access: Grant agents temporary, time-limited permissions
• Contextual policies: Access depends on the context—the time of day, the agent’s previous behavior, and the system’s state
• Mandate limits: An agent may never escalate without explicit approval
• Continuous monitoring: Agents must log every step, every decision, and every access

Example:

Step 3: Ongoing governance and audit

Zero Trust isn’t a project you complete. It’s a state you maintain.

• Regular audits of all NHI activities—who did what, when, and why
• Automatic alerts when agents deviate from patterns
• Quarterly reviews in which the CISO reviews all new agents and their scope
• Incident response plan specifically for autonomous systems: What happens if an agent starts behaving strangely?

The Tool Landscape: Which Vendors Are Leading the Way, and What Does It Cost?

The market for NHI security is still in its infancy, but several providers are establishing themselves:

• CyberArk — a leader in PAM (Privileged Access Management) — expands into NHI protection
• Delinea (formerly Thycotic) — secret management with a focus on NHI
• HashiCorp Vault — popular for dynamic secrets and API key rotation
• Akeyless — SaaS-based vault with NHI support
• Okta, Entra ID — identity providers expanding into NHI and automated identity verification
• Vendia — Specializing in shared data and API governance
• ServiceNow — ITSM platforms with AI-powered agent discovery

Costs? A medium-sized Nordic company (500–2,000 employees) should expect investments in the range of:

• Tool licenses for NHI management: 150,000–500,000 SEK/year
• SIEM integration and logging: 100,000–300,000 SEK/year
• In-house expertise (CISO team/IT security): 0.5–1 FTE initially
• Implementation project: 3–6 months

It’s not cheap—but it’s significantly cheaper than dealing with an incident in which an autonomous agent escalated its privileges and accessed sensitive data for months without anyone noticing.

Aixia’s Perspective: Security as a Strategic Advantage

Zero Trust for AI agents is not just a technical issue—it is a business-critical framework for organizations that want to use agent-based AI productively.

At Aixia, we treat security as an integral part of our IT strategy, not an afterthought. Our experience in SOC (Security Operations Center) and threat detection, combined with our ISO 27001 certification, gives us the tools to help Nordic companies:

• Assess their current NHI exposure
• Design dynamic access policies tailored for agent-based environments
• Implement monitoring and auditing that detect abnormal agent behavior
• Prepare the organization for upcoming NIS2 guidance on autonomous systems

We view agent-based AI as a natural extension of the AI revolution that is already underway—and we see security as a prerequisite for its success, not an obstacle.

Summary: 3 Things to Do This Quarter

1. Take inventory of your non-human identities —API keys, tokens, service accounts, and all systems that could potentially host AI agents
2. Start replacing static RBAC with dynamic policies — JIT access, time-limited permissions, contextual limits
3. Schedule a security review with your CISO that explicitly covers agent risk and NHI governance

AI agents are already here. Get ready before they make preparations for you.

Sources and Further Reading

• Cisco Newsroom (2025): Cisco AI Agents — Preparing for the Future of Work — on how networking giants are preparing their infrastructure for agent-based AI.
• Beyond Identity (2025): Agentic AI Security: Why Zero Trust Is the Only Answer — an in-depth analysis of identity challenges in agent-based environments.
• Northverify (2026): NIS2 in Sweden — The Cybersecurity Act of 2026 — A Complete Guide to the Regulations.
• BG Institute (2026): The NIS2 Directive — Guide to the Cybersecurity Act — Legislative Text, Deadlines, and Requirements.
• CyberArk / Delinea / HashiCorp: Vendor documentation for NHI security.

Would you like an unbiased overview of how Zero Trust can be applied to your AI agent strategy? Contact Aixia’s security team to schedule a workshop tailored to your environment.