Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities
Intermediate
There’s a new breed of “users” sneaking into your cloud and they’re not people. API keys, service accounts, CI/CD bots, Kubernetes workloads, and suddenly… AI agents making decisions and calling APIs with zero oversight. At most organisations, these non-human identities (NHIs) now outnumber humans by 50:1, yet still get monitored and governed as an afterthought.
And when a machine identity gets admin access?
There’s no phishing required. It just… does things. Silently. At scale.
In this session, we’ll expose the hidden attack surface in modern cloud infrastructure, how autonomous systems gradually accumulate dangerous permissions, why IAM only solves the human half of identity, and how attackers exploit long-lived secrets and blind automation in cloud environments. Drawing from real-world incident response and the emerging Identity Security Fabric (ISF) architecture, you'll learn why traditional IAM fails for machines and how to fix it.
What we’ll do in this session
The Scale of the Problem: Why 80% of breaches involve compromised non-human credentials
The AI Agent Blind Spot: How autonomous systems silently accumulate dangerous permissions
The ISF Solution: A unified architectural approach that secures all identity types at scale
Through three high-impact demos using open-source tools (Wazuh, cloud APIs, Python automation), we will:
• Discover hundreds of hidden and overprivileged machine accounts across cloud and pipelines
• Detect behavioural anomalies when a compromised agent starts exfiltrating data
• Fix identity lifecycle chaos through automated rotation, governance, and least-privilege enforcement
Why It Matters
Machine identities now drive:
• Deployments
• Data access
• AI agent decisions
• Cross-cloud automation
But unlike humans, they don’t log in, hence don’t show up in your dashboards. This is how breaches go undetected for months.
Attendee Takeaways
You’ll leave with:
• A practical blueprint for governing machine identity sprawl
• Detection rules & code you can implement immediately
• A playbook for securing AI agents before they go rogue
• A roadmap to modernise IAM into Identity Security Fabric (ISF) for all identities
Session Flow:
1. The Crisis
Scale of non-human identities and why traditional IAM fails
OWASP NHI Top 10 with real-world attack scenarios
Cost and compliance implications
2. ISF Architecture
Unified identity security framework
Three-layer model and lifecycle protection
Zero Trust principles for non-human identities
3. Live Demonstrations
• NHI Discovery: Revealing hundreds of hidden service accounts, API keys, and workload identities in a hybrid cloud environment (Wazuh, cloud APIs)
• Behavioural Anomaly Detection: Simulating a compromised service account and detecting exfiltration through pattern analysis and machine learning
• Lifecycle Automation: Automated provisioning, rotation, and secure off-boarding of credentials with audit trails
4. Practical Implementation
Quick-start assessment checklist
Open-source and commercial tools
Roadmap for your organisation
5. Q&A Session
And when a machine identity gets admin access?
There’s no phishing required. It just… does things. Silently. At scale.
In this session, we’ll expose the hidden attack surface in modern cloud infrastructure, how autonomous systems gradually accumulate dangerous permissions, why IAM only solves the human half of identity, and how attackers exploit long-lived secrets and blind automation in cloud environments. Drawing from real-world incident response and the emerging Identity Security Fabric (ISF) architecture, you'll learn why traditional IAM fails for machines and how to fix it.
What we’ll do in this session
The Scale of the Problem: Why 80% of breaches involve compromised non-human credentials
The AI Agent Blind Spot: How autonomous systems silently accumulate dangerous permissions
The ISF Solution: A unified architectural approach that secures all identity types at scale
Through three high-impact demos using open-source tools (Wazuh, cloud APIs, Python automation), we will:
• Discover hundreds of hidden and overprivileged machine accounts across cloud and pipelines
• Detect behavioural anomalies when a compromised agent starts exfiltrating data
• Fix identity lifecycle chaos through automated rotation, governance, and least-privilege enforcement
Why It Matters
Machine identities now drive:
• Deployments
• Data access
• AI agent decisions
• Cross-cloud automation
But unlike humans, they don’t log in, hence don’t show up in your dashboards. This is how breaches go undetected for months.
Attendee Takeaways
You’ll leave with:
• A practical blueprint for governing machine identity sprawl
• Detection rules & code you can implement immediately
• A playbook for securing AI agents before they go rogue
• A roadmap to modernise IAM into Identity Security Fabric (ISF) for all identities
Session Flow:
1. The Crisis
Scale of non-human identities and why traditional IAM fails
OWASP NHI Top 10 with real-world attack scenarios
Cost and compliance implications
2. ISF Architecture
Unified identity security framework
Three-layer model and lifecycle protection
Zero Trust principles for non-human identities
3. Live Demonstrations
• NHI Discovery: Revealing hundreds of hidden service accounts, API keys, and workload identities in a hybrid cloud environment (Wazuh, cloud APIs)
• Behavioural Anomaly Detection: Simulating a compromised service account and detecting exfiltration through pattern analysis and machine learning
• Lifecycle Automation: Automated provisioning, rotation, and secure off-boarding of credentials with audit trails
4. Practical Implementation
Quick-start assessment checklist
Open-source and commercial tools
Roadmap for your organisation
5. Q&A Session
Session prerequisites and resources may be available.
Sign in to access
Speaker
Bodhisattva Das
Security Engineer - RUDRA Cybersecurity
RUDRA Cybersecurity
ISC2 Subject Matter Expert
Bodhisattva Das is a Security Engineer at Rudra Cybersecurity, focused on securing non-human identities, AI agents, and automated workloads across cloud environments. He specialises in open-source threat detection using Wazuh, and builds practical solutions for identity governance and AI-driven secu...
View Full Profile