NHI glossary
The non-human identity category moves fast and overloads terms. Here's how we use them.
Non-human identity (NHI)
Any identity that isn't a person — service accounts, API keys, OAuth apps, secrets, certificates, cloud workloads, service principals, and AI agents — used to authenticate and access systems.
ITDR
Identity Threat Detection and Response. The discipline of detecting and responding to identity-based attacks. 'Non-human ITDR' applies this to machine identities.
Kill switch
An enforcement action that instantly revokes a compromised identity's access at scope, containing an incident in milliseconds rather than hours.
Creation governance
Enforcing policy on a non-human identity at the moment it is created, so ungoverned, orphaned identities never accumulate.
Blast radius
Everything an identity can reach if compromised. GraphDefend ranks risk by blast radius so teams fix what an attacker could actually exploit.
Secret sprawl
The uncontrolled proliferation of secrets — keys, tokens, credentials — across code, pipelines, and systems, often unrotated and unowned.
Service principal
A non-human identity in a cloud or identity platform that represents an application or service rather than a user.
Attack path
The sequence of relationships an attacker traverses from an initial foothold to a target asset. Graph analysis surfaces these paths before they're walked.