BeyondTrust has launched NHI Governance, a new module on its Pathfinder platform designed to govern non-human identities across cloud, SaaS, endpoint, and on-premises environments. The product is aimed at service accounts, API keys, OAuth clients, workload identities, and AI agents, which now carry access across many enterprise systems. NHI Governance is planned for U.S. general availability in fall 2026, with other regions to follow.The release extends BeyondTrust’s privileged access focus into a part of identity security that is becoming harder for organizations to control. Non-human identities often outnumber employees, and many are created for automation, application connections, cloud workloads, or AI-driven tasks. BeyondTrust’s Phantom Labs research found that enterprise AI agents grew more than 460% year over year. The issue for security teams is that many of these identities are not assigned an owner, reviewed regularly, rightsized, rotated, or retired.NHI Governance is built to move beyond basic inventory by giving organizations a way to assign ownership, enforce least privilege, decommission stale identities, and bring AI agents under access controls. That includes identifying which identities hold meaningful privilege, reducing what they can reach, and removing orphaned or abandoned accounts that continue to expand the attack surface. The product also connects to BeyondTrust’s existing Identity Security Insights and Password Safe capabilities, tying visibility, credential management, and lifecycle governance together.The launch comes as attackers increasingly abuse trusted application connections and tokens rather than relying only on human credentials. SaaS-to-SaaS attacks have shown how legitimate access can be used to move through environments and reach data without setting off traditional warning signs. For BeyondTrust customers, the new module gives security teams another way to apply privileged access controls to the machine and AI identities now running more of the enterprise stack.





