ATLANTA, July 09, 2026 (GLOBE NEWSWIRE) -- BeyondTrust, the global leader in privilege-centric identity security protecting Paths to Privilege™, today announced NHI Governance, a new solution on the BeyondTrust Pathfinder platform that governs non-human identities operating across cloud, SaaS, endpoints, and on-premises environments. As service accounts, API keys, OAuth clients, workload identities, and AI agents continue to proliferate across enterprise environments, NHI Governance extends the privileged access discipline BeyondTrust has applied to human access for more than two decades to the identities that now outnumber employees in nearly every organization and remain largely ungoverned.
The Problem: The Privileged Surface Changed. Controls Didn’t Keep Up.
Service accounts, API keys, OAuth clients, workload identities, and AI agents now hold most of the standing privilege in the enterprise, and they outnumber the people. BeyondTrust Phantom Labs™ research found that non-human identities already vastly outnumber human ones, with enterprise AI agents growing more than 460% year over year. Almost none are ever assigned an owner; their privileges are rarely reviewed, attested, or rightsized; and their credentials are seldom rotated or retired. They are granted access on the day they are created and often retain that access indefinitely.
The industry’s response has been to inventory them. But a longer list is not a control. The risk was never just that an identity exists; it is also, and especially, the privilege that identity holds and everything that privilege can reach.
The recent wave of SaaS-to-SaaS software supply chain attacks made that abundantly clear. Attackers increasingly compromise the OAuth tokens trusted between applications, allowing legitimate access to data at scale. No malware, no escalation, no human in the loop. Every action reads as authorized because it was. Discovery and visibility alone do not stop an attack. Stopping the exfiltration requires controls to be executed ahead of the incident: access already scoped down, the token already rotated, or the unused identity already retired before the attacker arrived.
"Seeing non-human identities was only half the equation,” said Marc Maiffret, Chief Technology Officer, BeyondTrust. “The other half is doing something about the privilege they carry at scale: deciding who owns each one, pulling back the privilege they aren't using, and retiring the ones that should not exist. And doing so without requiring teams to address them one by one with the limited time they have. That's not paperwork you bolt onto a tool built for employee onboarding. That's managing non-human identities at machine scale."
Helping Customers Move from an Inventory List to Real Control
NHI Governance is built to execute the non-human equivalent of joiner, mover, leaver actions that actually reduce risk, in the right order:
Built on Two Decades of Privilege Enforcement
For more than two decades, BeyondTrust has helped organizations reduce identity-based risk by governing privileged access across their most critical systems. Non-human identities are no exception. Identity Security Insights® already provides industry-leading visibility and intelligence across non-human identities and the privileges they hold, while BeyondTrust Password Safe® secures, manages, and rotates the credentials behind them. NHI Governance builds on that foundation by turning visibility and credential management into lifecycle governance that establishes ownership, enforces least privilege, and reduces identity-based risk.
Part of the BeyondTrust Pathfinder platform, NHI Governance builds on the recent introduction of AI Agent Security, further unifying discovery, governance, and enforcement within a single platform to secure privilege consistently across every identity capable of privileged action.
Availability
NHI Governance is planned for US general availability in Fall 2026, with other global regions to follow.
For more information or to request early access, visit beyondtrust.com/products/nhi-governance. Existing BeyondTrust customers can contact their account team.
Learn how BeyondTrust helps organizations discover, govern, and secure AI agents and non-human identities with AI Security Posture Management at beyondtrust.com/solutions/ai-security-posture-management.
About BeyondTrust
BeyondTrust is the global leader in privilege-centric identity security protecting Paths to Privilege™. Identity alone doesn’t create risk. Privilege does. As human, machine, and AI agent identities explode across every environment, BeyondTrust is the only company built to discover, control, and secure privilege across all of them from a single platform. Trusted by 20,000+ customers, including 75 of the Fortune 100, and recognized as a multi-category leader by top industry analysts, BeyondTrust reframes identity security from a management problem into a strategic advantage.
Learn more at www.beyondtrust.com.
Follow BeyondTrust:
X: https://twitter.com/beyondtrust
Blog: https://www.beyondtrust.com/blog
LinkedIn: https://www.linkedin.com/company/beyondtrust
Facebook: https://www.facebook.com/beyondtrust
For BeyondTrust:
BeyondTrust Public Relations
P: (516)-521-5582
E: BeyondTrust@icrinc.com