Non-Human Identities and Permissions Sprawl in Enterprise Security
Enterprises are facing significant challenges in managing the rapidly expanding attack surface created by both human and non-human identities. Reports highlight that permissions and entitlements are growing at a pace that outstrips the ability of security teams to maintain oversight, with hundreds of millions of active entitlements and billions of permissions in large organizations. This complexity leads to persistent blind spots, including dormant and orphaned accounts that remain active and pose a risk for misuse, as well as the accumulation of 'identity debt' where excessive and unused access quietly increases risk over time.
Non-human identities (NHIs), such as machine accounts, tokens, and keys, are becoming increasingly critical in cloud environments. Effective management of these NHIs is essential for reducing risk, improving compliance, and increasing operational efficiency. Automation and centralized secrets management are emphasized as key strategies for maintaining visibility and control over both human and non-human identities, helping organizations address security gaps and reduce operational costs associated with manual oversight and credential management.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Story first reported
Initial story creation
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Enterprise Concerns Over Securing Non-Human Identities
Organizations are increasingly challenged by the rapid proliferation of non-human identities (NHIs), such as service accounts, API keys, digital certificates, access tokens, automated bots, IoT devices, and AI agents. More than half of enterprises surveyed express uncertainty about their ability to secure these NHIs, highlighting a significant gap between the adoption of automated digital identities and the maturity of tools and processes to protect them. The complexity and diversity of NHIs, which now form the backbone of modern digital infrastructure, have outpaced traditional identity and access management strategies, leaving organizations exposed to new risks. The exponential growth of NHIs, especially in cloud-native and automated environments, has led to a situation where non-human accounts vastly outnumber human users. This expansion, combined with issues like "secrets sprawl"—where credentials are scattered across codebases and pipelines—creates opportunities for account hijacking, privilege escalation, and lateral movement by threat actors. Security experts emphasize the need for unified visibility, consistent identity policies, and automated responses to address these risks, particularly as NHIs and AI agents become more integral to business operations and the attack surface continues to expand.
Apr 9, 2026
Identity Sprawl Driven by Non-Human and Ephemeral Cloud Identities
Security teams are reporting a growing loss of certainty in **identity and access management** as enterprises accumulate large numbers of poorly governed identities across cloud platforms, CI/CD pipelines, and automation frameworks. The reporting describes this as **identity sprawl**—a systemic drift where identity creation, usage, and governance fall out of sync with traditional lifecycle and access review models designed for predictable human users. A key driver is the rapid proliferation of **non-human identities** (service accounts, APIs, workloads, and increasingly autonomous/agentic systems) that can be created and discarded in seconds, outpacing visibility and privilege management controls. The articles cite investigations and threat analysis indicating attackers are **weaponizing exposed identity data at scale**, and report survey data that **72% of identity leaders** say the threat level of identity-related attacks increased or stayed the same over the past year.
Mar 21, 2026
Risks and Management of Non-Human Identities in Cloud Environments
Organizations are increasingly challenged by the proliferation of non-human identities (NHIs)—machine-generated credentials such as tokens, keys, and service accounts—that facilitate automated access and communication between cloud applications and services. Effective management of these NHIs is critical, as improper oversight can lead to vulnerabilities, data leaks, and compliance failures. Security experts emphasize the need for a holistic approach to NHI management, covering the entire lifecycle from discovery and classification to threat detection, remediation, and decommissioning. Automated solutions and centralized visibility are highlighted as essential for reducing risk, ensuring regulatory compliance, and optimizing operational efficiency. The importance of NHI management spans multiple sectors, including healthcare, finance, and development operations, where sensitive data and critical systems are at stake. By proactively identifying and mitigating risks associated with machine identities, organizations can strengthen their cloud-native security posture. Key benefits of comprehensive NHI management include reduced breach risk, improved compliance through consistent policy enforcement, enhanced operational efficiency via automation, and better governance through centralized access control. As cloud adoption accelerates, prioritizing NHI security is becoming a cornerstone of modern cybersecurity strategies.
Mar 21, 2026