What is in for me?

The previous chapters established what AI agents are, where the risk concentrates, and why traditional controls don't cover it.

The AI Agent Adoption Blueprint showed how agents operate: autonomous, multi-step, acting across enterprise systems through Non-Human Identities that define their exact permissions and access rights.

What Is AI Agent Security? defined what AI Agent Security is as a discipline, covering the five pillars that a mature program requires.

Security Challenges of AI Adoption showed what happens when governance is absent: identity sprawl, orphaned credentials, and breach patterns that none of the traditional stack tools were positioned to catch.

MCP Server Security showed where access risk concentrates in agent infrastructure: MCP servers accumulate credentials across multiple systems, operate with over-permissioned tool access, and lack the runtime controls that would make their behavior auditable.

This chapter explains how Astrix addresses it: an identity-first approach built around the Discover-Secure-Deploy framework.

The Argument

Agents act through Non-Human Identities. API keys, service accounts, OAuth tokens, MCP credentials: these define exactly what an agent can reach and what damage it can cause. The agent inherits whatever permissions the NHI holds.

Prompt filtering and output monitoring don't change that. If the credential permits an action, a guardrail on the model's behavior doesn't prevent it. The risk is in the permissions, not the outputs.

Which means the starting point is access. Astrix's research shows a 100:1 NHI-to-human ratio across enterprise environments. Most of those credentials sit outside standard IAM review cycles: no clear owner, static long-lived secrets, permissions set at deployment and never revisited. Every new agent widens that surface.

Astrix's Approach: Identity-First, Threat-Driven

Most AI security vendors focus on the model: what it outputs, how it responds to prompts, what the AI layer does. Astrix focuses on access: what the agent can reach, what credentials it holds, and what happens when those credentials are misused.

This distinction has a practical consequence. An agent's blast radius is determined by its NHIs, not its outputs. Astrix secures the NHI chain first, then builds detection and deployment governance on top of that foundation.

The operational framework is Discover, Secure, Deploy. It covers the full agent lifecycle: finding what's already running, closing existing exposures, and ensuring every new agent arrives governed from day one. Since 2021, Astrix has applied this framework in Fortune 1,000 enterprises: first for NHI security, now extended to AI agents as those agents have become the primary way NHIs are created and used.

Discover

The first question most security teams can't answer is the simplest one: what AI agents are running in our environment?

Astrix provides continuous, real-time discovery across every environment where agents and NHIs operate: cloud, SaaS, on-prem, CI/CD, vaults, and MCP servers. Every agent type is in scope — custom-built, third-party, and shadow. Every associated NHI type: service accounts, OAuth apps, API keys, PATs, webhooks, and secrets.

The Identity Graph maps relationships between agents, NHIs, secrets, permissions, human owners, and accessed resources, including external integrations. Risk is scored automatically by access scope, usage patterns, and ownership gaps. Remediation focus goes to the highest blast radius first.

Secure

Discovery establishes the baseline. Secure addresses what that baseline reveals.

Posture management covers excessive privileges, configuration weaknesses, hardcoded credentials, and agents with no assigned human owner. Astrix's analysis of over 5,200 open-source MCP server implementations found that 88% require credentials, and over half rely on static API keys that are long-lived and rarely rotated.

Threat detection operates on behavioral drift, not static policy: baselines per agent and NHI, detecting deviation in access patterns, privilege escalation, and out-of-scope actions. No predefined IOCs. The ShinyHunters breach, where compromised OAuth tokens moved laterally across 200 customer Salesforce environments, is exactly the pattern behavioral detection is built to catch. Static posture checks wouldn't have stopped it.

Remediation workflows integrate with existing SIEM, SOAR, and ITSM tooling.

Deploy

Discover and Secure address the existing environment. Deploy governs what comes next.

The Agent Control Plane (ACP) provisions every new agent with just-in-time, least-privilege credentials scoped precisely to its function. Credentials are short-lived. Permissions are task-scoped. Owner attestation and a full activity trail are established at creation. When the agent's task is complete, the access expires. No standing permissions accumulate.

For developers: pre-approved access templates provide a fast path that doesn't bypass policy. For security teams: every agent enters your governance model from day one.

How It Fits Your Stack

Astrix extends the existing identity security perimeter to cover NHIs and agents. It connects across AI Platforms, IaaS, SaaS, PaaS, on-prem, CI/CD, vaults, and IDP. Deployment is agentless, non-proxy, and API-based.

Where to Start

Three questions your team should be able to answer today: How many agents are running in your environment? Who owns the NHIs they use? What access do those credentials hold?

If the answers aren't clear, that's where your journey to AI Agent Security begins.

See Astrix in action | Explore the product

Continue reading: The AI Agent Adoption Blueprint | What Is AI Agent Security? | Security Challenges of AI Adoption | MCP Server Security