The explosion of Non-Human Identities (NHIs) – from APIs to the autonomous Agentic AI systems – creates a critical, underestimated attack surface. This talk, tailored for OWASP, will show you how to build a robust NHI security program that not only tackles these risks but also securely supports the integration of Agentic AI.

We'll dive into the OWASP Top 10 for Non-Human Identities (NHI:2025), covering risks like improper offboarding, secret leakage, overprivileged NHIs, and insecure cloud configurations. As AI agents become your digital workforce, their security directly hinges on their underlying NHIs. We'll demonstrate how attackers exploit these OWASP NHI vulnerabilities to escalate privileges, move laterally, and orchestrate supply chain attacks, ultimately weaponizing your AI agents for malicious operations and data exfiltration.

We'll also illustrate how NHI compromises directly map to familiar MITRE ATT&CK framework tactics, drawing parallels to attacks on human identities. This includes Initial Access, Persistence, Privilege Escalation, Credential Access, Lateral Movement, and Exfiltration, helping you align your NHI defenses with existing threat intelligence.

The session will conclude with actionable strategies for building your NHI security program. Learn best practices for robust lifecycle management, least privilege enforcement, secure authentication, and continuous monitoring. These foundational defenses are crucial for securing both traditional systems and ensuring the trustworthiness of your burgeoning Agentic AI deployments, preventing them from becoming unforeseen attack vectors.