What Is a Non-Human Identity?
A Non-Human Identity (NHI) is any identity that authenticates and takes action without a human directly behind each individual action: service accounts, API keys, workload identities, certificates, and increasingly AI agents. Where a human identity logs in and acts deliberately, an NHI runs continuously or on a trigger, often executing thousands of actions a day without anyone reviewing them individually.
Machine identities now outnumber human identities by roughly 50 to 1 across a typical enterprise, and the gap is widening as cloud infrastructure, SaaS integrations, and AI agents multiply the number of things that need credentials to talk to each other. Most of that growth happens without a corresponding increase in oversight.
NHIs are harder to govern than human identities for a structural reason: a human identity is usually created through a known process, HR onboarding, an access request, and that process leaves a record. An NHI is frequently created by an engineer solving an immediate problem, with no equivalent record and no obvious owner once that engineer moves on. Nobody is assigned to notice when it should have been decommissioned.