Agentic AI and Non‑Human Identities Demand a Paradigm Shift In Security: Lessons from NHIcon 2026

The second annual NHIcon conference highlighted the inadequacies of traditional identity and access management (IAM) systems in the age of agentic AI and non-human identities (NHIs), emphasizing the need for new security models that accommodate the autonomy and complexity of AI agents. The conference featured keynotes from experts like David Goldschlag and Ken Huang, who advocated for a shift from static roles and long-lived credentials to dynamic, context-aware identity systems that blend agent and human contexts, use ephemeral credentials, and ensure actions are auditable and attributable. Speakers underscored the exponential growth of non-human identities and the risks posed by identity drift, urging continuous validation and real-time identity governance as solutions. The talks also stressed the importance of understanding agents' intent and behavior to secure systems effectively, suggesting that current technologies like verifiable credentials and decentralized identifiers offer pathways to replace outdated security models.