Agentic systems need short-lived credentials as a baseline security control. That point is pretty clear . The harder part is when teams move from architecture diagrams to production systems and discover how much operational machinery underpins that decision. Security teams often frame credential lifetime as a clean principle. Short-lived good and long-lived bad. Production systems rarely live inside principles alone. In reality, they live inside retry logic, partial failures, identity providers, cloud platform quirks, third-party APIs, and on-call rotations. All this is made more difficult by the probabilistic nature of AI systems. Agents behave differently from traditional services. A narrow service usually connects to a known set of systems and follows a fairly stable path. An agent can work across tools, call external APIs, carry context from one step to the next, and continue work after the original trigger is gone. The runtime path is less predictable, and the permission model has to account for that.…