SAIL 2.0

/

Code/ No Code - AI Asset Discovery

/

Untracked Agent Identities

2.6

.

Untracked Agent Identities

sail
2.6
Risk

Untracked Agent Identities

Description

Agents run with shared, inherited, or undocumented identities and the inventory of non-human agent identities is incomplete.

Example

A team's coding agent operates under a developer's personal SSH key and AWS credentials rather than a scoped workload identity, with no record in the identity inventory.

Assets Affected

Agent Identity

AI Agent

AI Provider Access Credentials

Mitigation
  • Inventory all non-human agent identities
  • require workload identities for service-side agents and scoped tokens for endpoint agents
  • eliminate shared or inherited identities
  • periodic review of identity-to-agent mappings.
Standards Mapping
  • ISO: A.4.5, A.4.6
  • OWASP agentic: ASI03
  • OWASP LLM: LLM06:2025
  • EU AI Act: Art. 15(5)
  • DASF: Agents-Core 13.9, Agents-Core 13.3
  • AIUC-1: B007, E004