OWASP NHI Top 10 – Vulnerable Third-Party NHI
Overview
Vulnerable Third-Party NHIs are non-human identities—like API tokens, service credentials, or OAuth apps—issued to external vendors, services, or development tools that interact with internal systems. When these third-party connections lack proper oversight or become compromised, they present a potent supply chain risk, enabling attackers to exploit trusted integrations to access sensitive systems.
What Is a Vulnerable Third-Party NHI?
Third-party NHIs are commonly used to facilitate integrations with SaaS platforms, IDE extensions, CI/CD pipelines, and cloud services. Developers often authorize these third parties to access internal APIs, databases, and service accounts. Unfortunately, many third-party tools come from vendors or open-source developers who may not follow rigorous security standards.
If these external NHIs are misconfigured, overprivileged, or linked to a compromised app, attackers can exfiltrate secrets, move laterally within environments, or access sensitive data—often without detection. This blind spot is especially dangerous because organizations frequently lack visibility into the behavior and hygiene of their connected suppliers and tools.
How Does a Vulnerable Third-Party NHI Work?
Vulnerabilities arise when:
- OAuth apps or IDE extensions are granted excessive permissions
- Credentials are hardcoded or shared insecurely with third-party vendors
- External tools are not regularly audited or monitored
- Malicious or compromised plugins exfiltrate data silently
Examples include OAuth token abuse by third-party apps, or attacks like the Sisense breach where stolen credentials were used to access customer environments.
Why Do Vulnerable Third-Party NHIs Matter?
Supply chain attacks via third-party NHIs are difficult to detect and often high-impact. According to the CSA NHI Report, 29% of NHI incidents were linked to compromised external integrations, and 38% of organizations reported little to no visibility into third-party vendors.
These NHIs often connect directly to source code, cloud consoles, or secrets governance layers, making them an ideal target for attackers seeking stealthy access to non-human identities.
Astrix’s Solution for Vulnerable Third-Party NHIs
Astrix empowers security teams to gain full control and oversight over external NHIs:
- Discover Non-Human Identities including all third-party tokens and API connections
- Detect suspicious non-human activity like anomalous behavior from integrated vendors or apps
- Reduce your non-human attack surface by automatically flagging unused or risky third-party credentials
- Enforce NHI governance, ensuring vendors only have access to what they need, and nothing more
With Astrix, teams can identify which vendors are connected, what they can access, and whether they present a risk—closing critical supply chain blind spots.
Want visibility into every third-party connection in your environment? Reduce your non-human attack surface with Astrix and block the next supply chain breach before it happens.
Learn more about the OWASP NHI Top 10 framework in Astrix’s introduction to the standard → Introducing the OWASP NHI Top 10.