The world is awash with machine identities, outnumbering humans by a factor of 109 to 1. This staggering statistic highlights the growing importance of managing these digital entities, especially as AI agents continue to proliferate. Organizations are grappling with the challenge of securing these machine identities, which are projected to increase by 77% in the next year, while human identities grow by a more modest 56%.
The issue is not just about the sheer number of identities but also the complexity of managing them. Most organizations can articulate the purpose of their AI agents, but far fewer can define their access, control their permissions, or revoke them when necessary. This lack of control is particularly concerning as AI agents and machine identities already have access to sensitive areas like financial records, personally identifiable information, operational technology, and core business systems.
The situation is further complicated by the fact that organizations often rely on permanent privileged access rather than just-in-time controls. This means that AI agents, workloads, connectors, and service accounts continue to add identities and permissions across cloud and on-premises systems, creating a web of interconnected access points that can be difficult to manage and secure.
The gap between leadership's perception of security controls and the reality on the ground is significant. C-suite executives believe their companies successfully enforce least privilege, focusing primarily on human access and overlooking non-human identities. However, security practitioners disagree, citing the growing share of operations managed by machines and automated systems.
This disparity highlights the need for detailed, real-time control across identities, sessions, and systems. Without this capability, organizations often leave broad access rights in place for machines and rely on human oversight to reduce risk. This approach, however, can be risky, as human identities represent a smaller share of total identities, and individual accounts can control a growing number of workflows, applications, and systems.
The consequences of this fragmented control are evident in the continued exposure of identity-related breaches. Security teams often struggle to correlate evidence across multiple consoles with incomplete context during investigations, leading to delays in detection and response. Unit 42's analysis of over 750 cyber incidents in 2025 revealed that investigators needed evidence from two or more distinct sources in 87% of cases, and complex incidents required as many as 10 evidence sources.
The issue extends beyond authentication, as service accounts and machine identities already manage trusted access across systems. However, organizations lack visibility into their permissions and activity, and more than half of participants reported difficulty enforcing least privilege access for service accounts across cloud, SaaS, and on-premises systems. This lack of control is further exacerbated by the management of stale accounts, unmanaged service accounts, and excessive permissions across cloud and on-premises infrastructure.
The situation is made worse by the fact that attackers are using AI to collect open-source intelligence from social media platforms and corporate directories, creating synthetic identities and convincing access activity. Hard-coded secrets, OAuth tokens, certificates, and machine credentials remain distributed across enterprise environments, with overexposed or overtrusted credentials remaining active long after their operational need expires.
TLS certificate management continues to create operational strain, with certificate renewal and monitoring requiring centralized visibility, automation, and crypto agility. Firms rely on manual processes for certificate operations and continue to report PKI security challenges. The regulatory landscape, with NIS2 and DORA, further underscores the importance of identity security practices, influencing identity security investments and compliance.
In conclusion, the proliferation of machine identities and the challenges of managing them are significant concerns for organizations. The need for detailed, real-time control across identities, sessions, and systems is paramount, and organizations must address the gaps in their security controls to mitigate the risks associated with machine-driven environments. As AI continues to evolve, so must our approach to securing these digital entities.
