HashiCorp Vault Gets Native AI Agent Identity Controls
HashiCorp has announced native AI agent support in HashiCorp Vault. The update addresses a critical security gap that traditional identity and access management (IAM) tools cannot close on their own.
Traditional IAM works well for predictable human users. AI agents, however, are different. They act autonomously, behave non-deterministically, and often operate on behalf of humans. As a result, they inherit broad access scopes and can trigger long-lived permissions across multiple workflows. Static secrets and wide API tokens simply cannot enforce least privilege for these kinds of actors. HashiCorp Vault AI agent identity management is built specifically to solve this problem.
To do that, HashiCorp introduced three new capabilities inside Vault.
The first is an agent registry. It lets teams register and manage AI agent identities separately from human users and traditional non-human identities (NHIs). This matters most in delegation flows, where an agent acts on behalf of a human using an on-behalf-of (OBO) pattern. By explicitly tracking that delegation, the registry becomes the starting point for a complete governance framework covering registration, authorization, credential management, and observability.
The second capability is granular identity-based policies. Because agents behave unpredictably, Vault applies deterministic guardrails through a layered policy model. An action is permitted only when it falls inside the intersection of three policy layers: the human owner’s policies, the agent’s baseline access policies, and a set of ceiling policies. Those ceiling policies set an absolute upper limit on what an agent can ever do when acting for a human, regardless of any other setting. This is what makes HashiCorp Vault AI agent identity management enforce least privilege consistently, at every level.
The third capability is ephemeral authorization, and it may be the most important of the three. Rather than granting standing permissions, Vault now evaluates access on a per-request basis. This per-request authorization is built directly into the authorization token, based on the OAuth 2.0 Rich Authorization Request specification. When the token expires, access ends immediately. There is no residual scope, no inherited permission, and no need for a separate token exchange. That last point also reduces operational complexity.
Taken together, these three controls ensure every agent action is tied to a specific identity, bounded by transaction context, and fully auditable at runtime. This shifts Vault’s role beyond secrets management into full runtime trust governance for autonomous systems.
Currently, native AI agent support in HashiCorp Vault is available to select customers through an early access program. A broader public beta is expected later this summer.
