Triage workload identities as agent candidates
Implementation Effort: Medium – Requires cross-team evaluation of inventoried workload identities against migration criteria, including risk level, permission scope, and operational autonomy.
User Impact: Low – Internal identity governance activity; end users are not affected.
Overview
Not every workload identity warrants migration to the agent identity framework. After inventorying workload identities with agent-like behavior, the organization must triage them — classifying each as a migration candidate, a workload identity that should remain under its current governance model, or an identity that should be decommissioned. Without this triage step, migration efforts either over-scope (attempting to migrate identities that do not benefit from agent governance) or under-scope (leaving high-risk autonomous workloads outside the agent identity framework).
Triage criteria should center on security risk: does the workload identity operate autonomously across trust boundaries, access sensitive data, hold privileged permissions, or lack lifecycle management controls? Workload identities that access production AI models, interact with external services, or operate with persistent elevated permissions are strong migration candidates. Identities tightly scoped to a single resource with minimal permissions and a well-defined lifecycle may be better served by remaining as managed identities. Identities that are no longer in active use should be flagged for decommissioning.
This supports Use least privilege access by forcing a reassessment of each workload identity's permission scope against its actual operational requirements, identifying opportunities to tighten access before or during migration. It supports Verify explicitly by establishing documented criteria for which identities qualify as agents, ensuring migration decisions are based on security-relevant attributes rather than convenience. Without this triage, the organization either migrates indiscriminately — increasing complexity without proportionate security benefit — or leaves its highest-risk autonomous workloads outside the agent governance perimeter where they cannot be monitored, managed, or controlled as agents.