---
url: 'https://www.corbado.com/blog/agentic-non-human-identity-eic-2026'
title: 'Agentic and Non-Human Identity at EIC 2026'
description: 'Agentic AI identity at EIC 2026: the Laws of AIdentity, runtime authorization, OAuth 2.1, MCP, A2A and why non-human identities now outnumber humans.'
lang: 'en'
author: 'Vincent Delitz'
date: '2026-06-10T18:49:34.830Z'
lastModified: '2026-06-11T06:01:31.036Z'
keywords: 'agentic AI identity, non-human identity, AI agent authentication, NHI, OAuth 2.1 agents, AI agent governance'
category: 'Passkeys Strategy'
---

# Agentic and Non-Human Identity at EIC 2026

## Key Facts

- AI agents are becoming first-class actors in the enterprise, and EIC 2026's recurring
  question was: when software can plan, call tools and act, **who is it, what is it
  allowed to do and who is accountable**.
- **PwC** gave a **33% growth projection** for agentic AI through 2028 and named **OAuth
  2.1**, **MCP** and **A2A** as the building blocks.
- **EmpowerID** proposed six **Laws of AIdentity** and argued the missing layer is
  **runtime authorization** that checks every action, not just registration.
- **Non-human identities outnumber humans by 25 to 50 times** in common EIC framing,
  driving over-privileging and unclear accountability.
- The flip side is exposure: **GitGuardian** put **29 million leaked secrets** on the
  table as the scale of the credential sprawl agents now plug into.

## 1. Introduction: when Software becomes Staff

If you had to name the theme that ran through EIC 2026, it was this: AI agents are
becoming first-class actors in the enterprise, and the identity stack was not built for
them. Across two dozen sessions, the same question kept surfacing. When software can plan,
call tools and act on its own, who is it, what is it allowed to do and who is accountable
when it goes wrong.

Compared with the [passkey](https://www.corbado.com/blog/passkey-adoption-business-case) and EUDI themes we
covered, this one was lighter on adoption numbers and heavier on frameworks, though a few
hard figures still cut through. That is itself the signal: the industry is still defining
the primitives. The bridge to the rest of identity is direct, since the same
[phishing-resistant](https://www.corbado.com/blog/passkeys-passwordless-phishing-resistant-mfa) thinking that
secures humans now has to extend to machines. Here are the sessions that pushed the
thinking forward.

### 1.1 Sessions and Speakers covered

- **When Software Becomes Staff** - Nat Sakimura, OpenID Foundation
- **AIdentity framework session** - Martin Kuppinger, Jonathan Care, Matthias Reinwarth
  and Darran Rolls, KuppingerCole
- **Navigating the Agentic AI Landscape** - Jonathan Care, KuppingerCole
- **Setting Boundaries for Agentic AI** - Gal Helemski, PlainID
- **A Blueprint for IAM in the Age of AI Agents** - Adam Rusbridge, Ping Identity
- **Agentic AI control-plane keynote** - Alex Wilson, StrongDM / Delinea
- **AI identity economy keynote** - Bryant Nielson, Quantum Core Institute
- **Breaking down the Agentic AI AuthN and AuthZ challenges** - Rogério Rondini, PwC
- **The Laws of AIdentity** - Patrick Parker, EmpowerID
- **What 29 Million Leaked Secrets Mean for Your Identity Program** - Stanislas Crepin,
  GitGuardian
- **Non-Human identity sessions** - NHI Management Group, GitGuardian, Teleport, IKEA,
  ANZ, Rabobank and others
- **Orchestrating Non-Human Identity** - Okta, EnBW and DigiCert
- **When Regulation Meets Reality: Running Non-Human Identity at Scale** - DigiCert
- **When Your AI Agents Need Passports: The Non-Human Identity Crisis** - Jonathan Care,
  KuppingerCole
- **Delegating Digital Identity: Enabling Trusted AI Agents in Transactional Flows** -
  Queue-it, Dai Nippon Printing and Meeco
- **Artificial Counter Intelligence** - OWASP-related session
- **OWASP Agentic AI update** - Inbar Raz
- **Are You Ready for Mythos?** - Silverfort
- **Shaping AIdentity Standards: Beyond OAuth and OIDC?** - David Brossard, Martin
  Kuppinger, Alex Laurie, Eve Maler and Darran Rolls
- **On Beyond OAuth: Adapting Security to a Dynamic World** - Justin Richer

## 2. Framing: Software is now Staff

Nat Sakimura, chairman of the OpenID Foundation, set the tone with "When Software Becomes
Staff". His argument: AI agents behave like digital employees. They plan, they invoke
tools, and they act, but their identity boundaries are unstable. That breaks the
assumptions behind delegated authority, agent registration, ownership and accountability.
His prescription was to build an "evidence infrastructure" so that what an agent did and
on whose authority it acted can be reconstructed and trusted downstream.

The KuppingerCole analyst team (Martin Kuppinger, Jonathan Care, Matthias Reinwarth,
Darran Rolls) wrapped this into what they call "AIdentity", a framework describing roughly
ten shifts [AI brings to identity](https://www.corbado.com/blog/the-role-of-ai-in-cyber-threat-detection) and
security, from the rise of non-human identities to new trust, control and governance
requirements.

## 3. Mainstage Signal: Agentic AI everywhere

The clearest signal was placement. Agentic AI was not tucked into a side topic, it ran
right across the keynote stage on multiple days. Jonathan Care opened one morning with
"Navigating the Agentic AI Landscape", and a string of vendor keynotes circled the same
control problem from different angles:

- **PlainID** (Gal Helemski) on "Setting Boundaries for Agentic AI", framing data exposure
  as the enterprise-scale risk
- **Ping Identity** (Adam Rusbridge) with "A Blueprint for IAM in the Age of AI Agents"
- **StrongDM / Delinea** (Alex Wilson) arguing identity needs "a control plane, not just
  login" when authorization fails at cloud speed
- **Quantum Core Institute** (Bryant Nielson) on the new "AI identity economy" once
  models, not people, run the business

Read together, the message was that authorization, not authentication, is the part of the
stack that agentic AI breaks first.

## 4. Hard Numbers (the few that exist)

A handful of sessions actually quantified things.

**PwC** (Rogério Rondini), in "Breaking down the Agentic AI AuthN and AuthZ challenges",
gave the most concrete data and standards mapping:

- A **33% growth projection** for agentic AI through 2028
- **OAuth 2.1** as the baseline
- **MCP** and **A2A** as the emerging agent-to-agent and agent-to-tool protocols
- A pointed critique of using **Dynamic Client Registration** as the agent-registration
  mechanism

**EmpowerID** (Patrick Parker), in "The Laws of AIdentity", delivered the other memorable
session. His core point: today's agent governance only checks at registration time, which
leaves a runtime blind spot. The missing layer is runtime authorization, evaluating policy
per action. He proposed six "Laws of AIdentity" (split actor, generated intent, bounded
agency, authorization as a loop, least exposure, justifiable action), pointed to **OpenID
AuthZEN** as the runtime authorization primitive and cited what he described as the
"OpenClaw incident", a reported exposure of around **42,000 unprotected gateways**.

**GitGuardian** (Stanislas Crepin) added the number that lands with security teams: "What
29 Million Leaked Secrets Mean for Your Identity Program". That **29 million** figure is
the backdrop for everything agentic, because agents inherit and multiply exactly this kind
of secret sprawl.

## 5. Scale Problem: Machines already outnumber Humans

The non-human identity sessions made the structural case. Across sessions and EIC
materials, the recurring line was that service accounts, API keys, workloads and AI agents
vastly outnumber human users. The public EIC framing put the scale at **25 to 50 times
more machines acting like users**, with most still lacking proper governance. That is what
drives over-privileging and unclear accountability.

Crucially, this is now a compliance problem, not just hygiene. The "Orchestrating
Non-Human Identity" sessions (Okta, EnBW, DigiCert) mapped NHI management onto **NIS2,
DORA, CRA, GDPR and eIDAS 2.0** and argued for ephemeral, just-in-time access for AI
agents instead of long-lived credentials. "When Regulation Meets Reality: Running
Non-Human Identity at Scale" (DigiCert) made the same point from the operations side.

## 6. Agent Passports and Delegation

If agents are staff, they need credentials you can issue, scope and revoke. Jonathan
Care's "When Your AI Agents Need Passports: The Non-Human Identity Crisis" is where the
"agent passport" framing came from: a first-class, verifiable identity for each agent
rather than a borrowed service-account key.

The harder half is delegation. "Delegating
[Digital Identity](https://www.corbado.com/blog/digital-identity-guide): Enabling Trusted AI Agents in
Transactional Flows" (Queue-it, Dai Nippon Printing, Meeco) looked at how an agent acts on
a human's behalf in a real transaction, where the chain of "who authorized what" has to
survive into the [payment](https://www.corbado.com/passkeys-for-payment) or checkout step and stay auditable
afterwards.

## 7. Agents as an Attack Surface

The theme also had a sharp adversarial edge. The OWASP angle, including "Artificial
Counter Intelligence" and an OWASP Agentic AI update with Inbar Raz, treated agents as
both target and weapon: prompt-driven systems that can be manipulated into misusing their
own privileges. Silverfort's "Are You Ready for Mythos?" pushed the same theme of
protecting identities and access "at the speed of AI".

Put next to GitGuardian's 29 million leaked secrets, the conclusion is uncomfortable but
simple: an over-privileged agent sitting on top of sprawling secrets is a far larger blast
radius than any single human account.

## 8. Standards Debate: beyond OAuth and OIDC

A recurring open question was whether today's protocols are enough. The panel "Shaping
AIdentity Standards: Beyond OAuth and OIDC?" (David Brossard, Martin Kuppinger, Alex
Laurie, Eve Maler, Darran Rolls) put that tension on stage, and Justin Richer's "On Beyond
OAuth: Adapting Security to a Dynamic World" argued the bearer-token model strains once
agents act dynamically on their own. The consensus was not to discard OAuth but to extend
it, with **MCP**, **A2A** and **AuthZEN** filling the agent-to-tool, agent-to-agent and
runtime-authorization gaps that OAuth alone does not cover.

## 9. Recurring Proposals

Listen across these sessions and a rough consensus on what agents need starts to form:

1. **An identity, not a shared secret.** Agents need first-class, verifiable identities,
   the "agent passports" from Jonathan Care's session, not borrowed service-account
   credentials.
2. **Runtime authorization, not just registration.** Parker's point echoed widely: check
   every action, not just the sign-up. AuthZEN and per-action policy evaluation came up
   repeatedly.
3. **Delegation you can trace.** Sakimura's "evidence infrastructure" and the idea of
   signed, auditable receipts of what an agent did and why.
4. **Standards over bespoke glue.** OAuth 2.1, MCP, A2A and OpenID work were the named
   building blocks, with warnings against bending old primitives like Dynamic Client
   Registration to fit.

The diagram below condenses those proposals into the identity stack an AI agent actually
needs before it can act safely in production.

## 10. What to take away

The agentic identity conversation is roughly where passkeys were a few years ago: the
problem is clear, the standards are forming and the production case studies are not here
yet. For teams building consumer and [workforce identity](https://www.corbado.com/blog/passkeys-workforce), the
practical move is to start treating
[AI agents and non-human identities](https://www.corbado.com/blog/ai-agents-passkeys) as identities you must
govern, with their own lifecycle, least-privilege access and runtime authorization, rather
than as scripts that happen to hold a key.

The phrase that stuck from Berlin: when software becomes staff, it needs an identity, a
manager and a paper trail.

## 11. Conclusion

EIC 2026 showed that agentic and non-human identity is the next frontier the identity
stack has to absorb. The frameworks, the Laws of AIdentity, the OpenID work on evidence
infrastructure and the standards mapping around OAuth 2.1, MCP and A2A, are converging on
a clear message: agents need first-class identities, runtime authorization and traceable
delegation.

The teams that will be ready are the ones already running
[phishing](https://www.corbado.com/glossary/phishing)-resistant, well-governed
[human identity](https://www.corbado.com/blog/digital-identity-guide) today, because the same principles of
strong authentication, least privilege and auditability are what non-human identities will
demand at far greater scale.

## Frequently Asked Questions

### What is agentic AI identity?

Agentic AI identity is the practice of giving AI agents first-class, verifiable identities
so their actions can be authenticated, authorized and audited. At EIC 2026, OpenID
Foundation chairman Nat Sakimura framed agents as digital staff that plan, invoke tools
and act, which breaks existing assumptions about delegated authority, agent registration
and accountability.

### What are the Laws of AIdentity from EIC 2026?

EmpowerID's Patrick Parker proposed six Laws of AIdentity: split actor, generated intent,
bounded agency, authorization as a loop, least exposure and justifiable action. His core
point is that today's agent governance only checks at registration time and leaves a
runtime blind spot. Runtime authorization evaluating policy per action is the missing
layer, with OpenID AuthZEN named as the primitive.

### Which standards apply to AI agent authentication and authorization?

PwC's session named OAuth 2.1 as the baseline, with MCP and A2A as the emerging
agent-to-tool and agent-to-agent protocols. It also gave a 33% growth projection for
agentic AI through 2028 and warned against using Dynamic Client Registration as the
agent-registration mechanism, since it was not designed for that purpose.

### Why do non-human identities outnumber human identities?

Service accounts, API keys, workloads and now AI agents proliferate far faster than human
users. EIC 2026 materials framed the problem as 25 to 50 times more machines acting like
users, and the non-human identity sessions we focused on stressed that most lack proper
governance, leading to over-privileging and unclear accountability.

### What do AI agents need from an identity stack?

The recurring proposals at EIC 2026 were first-class verifiable identities rather than
shared secrets, runtime authorization that checks every action rather than just
registration, traceable delegation through an evidence infrastructure of signed receipts
and reliance on standards like OAuth 2.1, MCP and A2A instead of bending old primitives
such as Dynamic Client Registration.

### What is an agent passport?

An agent passport is a first-class, verifiable identity issued to an individual AI agent
so it can be authenticated, scoped and revoked like a member of staff, rather than reusing
a borrowed service-account key. The framing comes from Jonathan Care's EIC 2026 session
"When Your AI Agents Need Passports", and it pairs with traceable delegation so the chain
of who authorized what survives into the actual transaction.

### Which regulations apply to non-human identities?

At EIC 2026 the "Orchestrating Non-Human Identity" sessions mapped NHI and AI agent
governance onto NIS2, DORA, CRA, GDPR and eIDAS 2.0, treating machine identities as a
compliance problem rather than just hygiene. The recommended pattern was ephemeral,
just-in-time access for agents instead of long-lived credentials, so access can be granted
per action and audited afterwards.