Governing AI Agents - An Agent-Aware IAM Framework

This technical report examines how agentic AI introduces Autonomous Non‑Human Identities (A‑NHIs) that act autonomously, make real‑time decisions, and interact across systems in ways that challenge traditional Identity and Access Management (IAM). Existing IAM frameworks—built for human‑centric or static workload identities—struggle with the scale, ephemerality, delegation, and cross‑domain trust requirements of autonomous agents.

The report outlines the need for Agent‑Aware IAM, which treats AI agents as a distinct identity class requiring full lifecycle governance and dynamic authentication, and extends the Identity Fabric model with decentralized identifiers, verifiable credentials, zero‑trust principles, and purpose‑based authorization.

A four‑layer deployment architecture—Identity Foundation, Trust & Federation, Security & Privacy Enforcement, and Lifecycle & Observability—translates these concepts into practical patterns for agentic environments, enabling dynamic identity issuance, real‑time trust establishment, and end‑to‑end provenance tracking.

The work highlights key gaps in current IAM approaches and provides guidance for building the trust frameworks necessary for accountable, secure, and interoperable multi‑agent ecosystems.