Briefing

connecting…

The point of view

Your non-human identity estate is exploding — and AI agents are the part nobody governs.

Tens of thousands of non-human identities — service accounts, keys, tokens, certificates, workload identities — already run your business. The fastest-growing and least-governed of them are AI agents: non-human identities that don't just authenticate, they act — calling tools, holding credentials, moving money, autonomously. Your IAM was built for humans logging in. When an agent is abused, "an agent did it" is not an incident response.

HI · Humansthe accountability anchor — every identity owned & approved by a person, through your existing IGA
NHI estate · discover & dispositionservice accounts · keys · tokens · certs · SSH · DB creds · K8s · IAM roles · SPIFFE · secrets
AI agents · govern at runtimethe apex subset — autonomous, fastest-growing, and the one your stack cannot control today

Why now

The agentic build-out is happening in every business unit at once. SAP Identity Management reaches end-of-maintenance 2027, forcing an IAM re-platform. The EU AI Act and SEC disclosure rules now expect demonstrable control over autonomous systems.

The gap

OAuth scopes and IAM roles decide which services an identity can reach — not what an agent does once connected. Prompt-level safety is a polite request to a stochastic system, not a control surface.

The KPMG position

An accelerator that extends your SailPoint / Saviynt / Entra baseline with the agent & NHI control plane it lacks: discover, score, enforce in deterministic code, prove with tamper-evident evidence. Assess → Govern → Operate.

What this accelerator governs

  • Discovers the full NHI estate and dispositions it — retire · vault · migrate · govern
  • Governs AI agents at runtime — lifecycle, fail-closed enforcement, automated containment
  • Secures NHI credentials — dual-control, JIT, rotation (CyberArk integration)
  • Anchors every identity to a human owner + approver; cascades containment on offboarding

Operate — the continuity moat

  • Post-breach IAL2 re-proofing (1Kosmos) — re-prove the workforce against a pre-breach, PQ-signed directory snapshot when device trust is blown
  • Portal into your IGA baseline — extend SailPoint / Saviynt, don't replace them

Operate — powered by Sovereign (the expand)

  • Full HI + NHI as one system of record — the accelerator anchors HI through your IGA; Sovereign owns the unified graph and deepens it
  • Post-breach IAL2 re-proofing (1Kosmos) against a pre-breach, PQ-signed snapshot — a Sovereign capability, not an AGT-accelerator feature
  • AGT → Sovereign engine swap when you want the deeper platform — same control plane, more robust engine

Out of the accelerator (by design)

  • Human workforce IGA for people — your IGA; the accelerator integrates
  • Full HI+NHI system of record, IAL2, identity fabric — Sovereign's domain, the expand
  • Not a secrets manager, CASB, or EDR

This console is the proof. Everything you see is real enforcement code on a synthetic estate — start with the Assessment.

Scores the discovered estate + live governance posture against the KPMG Agentic Governance Maturity Model and quantifies exposure in board terms. The executive findings open as a printable board-ready PDF.

Every agent gets an accountable human owner and an end date. Demo agent = deterministic separate OS process. Hero agent = a real reasoning process (Ollama / Haiku / scripted fallback) that decides its own tool calls — the gate still rules. Both die when you suspend them. Watch the Audit ledger.

Governed machine identities

IGA access requests and CyberArk privileged checkouts land in this same queue — one approval seam for everything.

Access requests

Fail-closed enforcement at the tool-call seam: unknown, suspended, or unentitled agents are denied. Engine seam = AGT govern() in integration mode, Sovereign later.

Privileged secrets fail closed until a dual-control checkout is approved in the Approvals queue. Rotation kills every outstanding lease.

Safe contents

Leases

Format: agent:capability, comma-separated. Anything granted but not listed as used is flagged REVOKE and applied.

Findings · auto-applied

Every agent is anchored to an accountable human owner (ADR-005). When that human's lifecycle changes, the non-human identities they own change with them — the HI↔NHI bridge that pure-NHI tools can't close. Pick an owner, fire the event.

Leaver — owner offboarded / compromised → every agent they own is suspended and its credentials revoked (no orphans, no standing access).   Mover — owner changes role → their agents' entitlements are reset for re-attestation under the new role (agents stay active; access does not carry over).

Human owners · accountable for the agents below

Synthetic, seeded, taxonomy-aligned (Tier 1 credentials · Tier 2 workloads · Tier 3 AI agents) with realistic dormancy, orphaning and privilege concentration. The bridge dispositions the whole estate into lanes and onboards the agents found in it as the governed fleet — discover → govern → remediate, one flow. In LIVE mode, Discover live estate reads your real tenant's existing non-human estate (read-only — directory READ permissions only).

By tier

By source system (top 8)

Highest-risk sample · privileged + dormant (the slide-stopper)

Hundreds of agents governed concurrently through the same enforcement path — compliant, greedy (over-request), rogue (hammer forbidden capabilities), dormant. Rogues trip server-side deny-burst detection and auto-quarantine. This is fleet scale, not one agent at a time.

By behavior profile

Lifecycle state

Auto-quarantined rogues · deny-burst detection → kill switch

SAP IDM 8.0 mainstream maintenance ends 2027-12-31 (extended 2030). Disposition lanes: retire · govern as agent · vault in PAM · migrate to Entra SP.

CloudEvents export

Decision ledger

The engagement

From assessment to assured — Assess · Govern · Operate.

The console proved governance works. This is what KPMG delivers to get there and stay there — a phased engagement that closes the maturity gap the assessment quantified.

The executive findings report is the client board leave-behind (live from the current estate). The investment case is the KPMG-internal deck. The methodology backs every figure — scoring rubric, sources, model-risk — for quality & risk.