Meet Aembit IAM for Agentic AI. See what’s possible →

TRY AEMBIT

<  BACK TO FULL GLOSSARY

NHI security threats

Non-Human Identity (NHI) security threats involve risks associated with machine-to-machine credentials such as API keys, service accounts, and automation bots. These identities can be exploited if not properly secured or rotated.

Categories:
AI/MCP Concepts
IAM concepts
Identity types
IT concepts
NHI security threats
Security concepts

Over-provisioned Account

NHI security threats
An over-provisioned account has more access privileges than necessary for its role or function. This creates a security risk, as the excess privileges could be exploited by attackers or lead to unintentional access to sensitive systems.

Kerberoasting

NHI security threats
Kerberoasting is a post-compromise attack that exploits Kerberos authentication in Active Directory. Attackers use a low-privilege account to request service tickets for accounts with Service Principal Names (SPNs), extract the encrypted ticket data, and attempt to crack the hash offline to obtain plaintext credentials. This technique is commonly used to escalate privileges in Windows environments.

Rogue Workload

NHI security threats
A rogue workload is an unauthorized or unmanaged workload that operates outside the governance or security policies of an organization. These workloads pose security risks, as they may lack proper identity, access controls, or monitoring, and could expose sensitive resources to threats.

Credential Harvesting

NHI security threats
A technique used by attackers to collect or steal credentials such as passwords, API keys, or access tokens. This can be done through phishing, malware, exposed secrets, or other attack vectors. In workload IAM, credential harvesting poses a major risk, as compromised non-human identities can be used for unauthorized access and lateral movement.

CORS (Cross-Origin Resource Sharing)

NHI security threats
A security mechanism that allows web browsers to request resources from a different origin domain. CORS policies, defined by HTTP headers, control which cross-origin requests are allowed and prevent unauthorized access to sensitive data.

Token Forging

NHI security threats
A technique where attackers create or manipulate authentication tokens to gain unauthorized access to systems or services. By forging tokens, attackers can impersonate legitimate non-human identities, bypass authentication controls, and escalate privileges within an environment. Proper validation, short token lifespans, and cryptographic integrity checks help mitigate this risk.