Developers or admins log in with service account credentials, run scripts manually using NHIs, or share API tokens—activities that attribute actions to the NHI, not the individual.

Home » Glossary » OWASP NHI Top 10 – Human Use of NHI

OWASP NHI Top 10 – Human Use of NHI

Q: What Is Human Use of NHI?

Human Use of NHI occurs when people use non-human identities like service accounts or API tokens for manual tasks, compromising accountability and blurring audit trails.

Q: Why Does Human Use of NHI Matter?

Misusing NHIs erodes security controls and auditing: 75% of organizations mismanage service accounts, and 32% find service account misuse a top management challenge.

Overview

Human Use of NHI occurs when humans—developers, admins, or attackers—use non-human identities (NHIs) like service accounts or API tokens for manual tasks. This misuse compromises accountability, blurs audit trails, and bypasses security controls designed for individual identities.

What Is Human Use of NHI?

NHIs are built for automated system access, not human interaction. Yet, teams often repurpose them to expedite maintenance or debugging, leading to issues like:

Elevated privileges beyond personal roles
Logging that attributes actions to the NHI, not the user
Difficulty tracing activities back to individuals
Attackers exploiting NHIs for persistent, stealthy access

This impairs auditability and can weaken governance policies like NHI governance and secrets governance.

How Does It Work?

Human use of NHIs typically unfolds through:

Human users logging in with service account credentials
Developers running scripts or deployments manually using NHIs
Shared API tokens among team members for convenience
Attackers taking over NHIs post-compromise to evade detection

Activities performed under NHIs negate human identity tracking and make incident investigation significantly harder.

Why Does Human Use of NHI Matter?

Misusing NHIs erodes security controls and auditing:

75% of organizations mismanage service accounts, per Anetac
32% find service account misuse a top management challenge
26% estimate over half of their service accounts are overprivileged

These behaviors enable bypass of MFA, policy enforcement, and accountability, while simplifying attackers’ persistence.

Astrix’s Solution for Human Use of NHI

Astrix helps enforce safe NHI usage and separation from human identities:

Discover Non-Human Identities and flag service accounts used for manual logins
Detect Suspicious Non-Human Activity, distinguishing between automation and human behavior
NHI Governance to enforce policies blocking human-origin sessions under NHIs
Detect Suspicious Non-Human Activity that identifies context-aware anomalies when NHIs behave like humans

This enables secure access without sacrificing automation or operational efficiency, while maintaining audit clarity.

Want to prevent humans from hiding behind machine identities? Discover how Astrix supports governance and separation of duties and protect your audit integrity.

Learn more about the OWASP NHI Top 10 framework in Astrix’s introduction to the standard → Introducing the OWASP NHI Top 10.

Product Overview

CAPABILITIES

Supported environments

USE CASES

Security Programs

COMPANY

Customer Stories

Resources

NHI Glossary