Home/OWASP NHI Top 10
Non-Human Identity · OWASP NHI Top 10 · AGPL-3.0

AI agents are non-human identities. All ten risks, covered.

An AI agent is a non-human identity that authenticates, holds permissions, and acts. The OWASP Non-Human Identities Top 10 catalogs how those identities get abused. Kakunin was built for exactly this surface — here is how it maps to every one of the ten risks.

10 / 10NHI Top 10 risks addressed
X.509Real certificate identity, not static keys
Short-livedExpiring, revocable, per-agent
AGPL-3.0Every control is auditable source
01 — RISK MAPPING

OWASP NHI Top 10 → Kakunin controls

Risk identifiers and titles are from the OWASP NHI Top 10 (2025 release). For each, the concrete control Kakunin provides — all open source under AGPL-3.0.

OWASP NHI riskThe threatKakunin control
NHI1
Improper Offboarding
An identity stays active after it should have been retired — a stale agent that can still act.Certificates are short-lived and revocable. When an agent is retired or its risk crosses threshold, its certificate is revoked and hits the CRL within seconds — no lingering credential.
NHI2
Secret Leakage
API keys, tokens, or certificates end up in logs, repos, or unsanctioned stores.Agent private keys live in AWS KMS HSMs and never leave. Bring-your-own credentials are encrypted at rest (AES-256-GCM) and released only within scoped, audited access.
NHI3
Vulnerable Third-Party NHI
A compromised third-party agent or integration is trusted implicitly.Any counterparty verifies an agent’s identity and scope against the canonical CA — keylessly — before extending trust, instead of assuming it.
NHI4
Insecure Authentication
Deprecated or weak auth — static bearer keys that never rotate and can’t be attested.X.509 certificate-based identity replaces static API keys: cryptographic verification of who the agent is, backed by a public verification endpoint.
NHI5
Overprivileged NHI
An identity holds far more permission than its function needs.Each agent’s certificate is scoped to an explicit permitted_actions set, and verify_agent_scope enforces it before any action runs — least privilege, checked at execution.
NHI6
Insecure Cloud Deployment Configurations
Credentials mishandled in CI/CD — long-lived secrets baked into pipelines.Kakunin’s own artifacts publish with npm provenance and PyPI attestations traceable to a public commit and CI run; short-lived agent certificates replace long-lived pipeline secrets.
NHI7
Long-Lived Secrets
Secrets with far-future or no expiry — a permanent key waiting to be stolen.Certificates are issued short-lived with explicit expiry and rotation. A leaked credential is useful for a bounded window, not forever.
NHI8
Environment Isolation
The same identity is reused across development, testing, and production.Sandbox (kak_test_) and production (kak_live_) hit distinct certificate authorities and issue distinct identities — environments don’t share credentials.
NHI9
NHI Reuse
One identity is shared across multiple applications or services, blurring accountability.Every agent gets its own certificate. Identities are per-agent by construction, so actions are always attributable to a single agent.
NHI10
Human Use of NHI
A developer manually uses an application’s identity for individual tasks, erasing the audit trail.A distinct per-agent identity plus an immutable audit trail attributes every action to the agent that holds the certificate — human use stands out rather than hiding.

Kakunin is not affiliated with or endorsed by OWASP. This is our own mapping of Kakunin’s controls to the open OWASP NHI Top 10, offered as a worked reference for securing agentic non-human identities.

02 — WHY IT MATTERS

Agents are the fastest-growing class of NHI

The NHI Top 10 grew out of service accounts, API keys, and machine credentials. Autonomous agents are the same problem with more autonomy — they decide, then act.

1

Identity you can verify

A static API key says nothing about which agent holds it. An X.509 certificate is a verifiable identity a counterparty can check independently — the foundation the rest of the Top 10 controls build on.

2

Least privilege, enforced early

Overprivileged and reused identities (NHI5, NHI9) are the common thread in NHI breaches. Per-agent, scoped certificates checked before execution close that gap by construction.

3

Short-lived beats long-lived

Long-lived secrets (NHI7) and improper offboarding (NHI1) are two sides of one coin. A credential that expires and can be revoked in seconds shrinks the blast radius of any leak.

03 — GET INVOLVED

Securing agentic identities in the open

The NHI Top 10 is a community project, and so is Kakunin. If you are securing non-human identities, the mapping above is a starting point.

The NHI Top 10 →

Read the full risk catalogue at owasp.org.

Contribute upstream →

The project welcomes real-world examples and case studies via GitHub (CC BY-SA 4.0).

Read Kakunin’s source →

Every control mapped above is open at github.com/nqzai/kakunin-core (AGPL-3.0).

Give your agents an identity worth trusting.

Start in the sandbox — real X.509 certificates, 100 free per day, no card. Scope an agent, then watch a risk breach revoke it.