AI and Non-Human Identity Sprawl Expands IAM Attack Surface
Reporting and commentary warn that AI-driven non-human identities (NHIs) are rapidly increasing the number and turnover of credentials inside enterprise IAM programs, amplifying long-standing weaknesses such as credential sprawl, unclear ownership, and inconsistent lifecycle controls. The Cloud Security Alliance’s findings highlight that many organizations treat AI identities like traditional service accounts or API keys, causing them to inherit existing governance gaps while adding new scale and speed pressures as identities are created programmatically, distributed across environments, and used continuously.
CSO Online describes the operational drivers behind the surge—microservices, Kubernetes auto-scaling, CI/CD pipelines (e.g., GitHub Actions), and infrastructure-as-code (e.g., Terraform) generating large volumes of short-lived tokens and service principals—then argues that agentic AI further accelerates risk because these identities may be authorized to execute commands, move data, and change configurations autonomously. The net risk emphasized is that over-privileged AI agents and other NHIs can create breach conditions that may not resemble traditional intrusion, instead appearing as “normal” automated activity due to excessive permissions and weak visibility into post-authentication behavior.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Palo Alto report says machine identities outnumber humans 109 to 1
Palo Alto Networks’ 2026 Identity Security Landscape report said organizations now manage an average of 109 machine identities for every human identity and projected AI agent growth of 85% over the next year. The report also said weak lifecycle and privilege controls are leaving enterprises exposed, while Unit 42 found fragmented identity investigations across more than 750 incidents in 2025 slowed response efforts.
Anthropic withholds Mythos model after it finds thousands of vulnerabilities
Anthropic reportedly decided not to publicly release its Mythos model after the system discovered thousands of previously unknown vulnerabilities in major operating systems and web browsers. The decision was cited as an example of the dual-use security risks posed by advanced AI agents.
Report says rapid AI agent adoption is creating an identity security crisis
Reporting on the CSA findings, outlets said organizations are deploying autonomous AI agents without sufficient governance, creating many agentic identities with access to sensitive data and little oversight. The coverage emphasized a widening preparedness gap around AI identity threats and the risks posed by these poorly governed non-human identities.
Cloud Security Alliance report highlights AI identity governance weaknesses
The Cloud Security Alliance published findings in "The State of Non-Human Identity and AI Security" showing that organizations often manage AI identities like other non-human identities, causing them to inherit weaknesses such as credential sprawl, unclear ownership, and inconsistent lifecycle controls. The report said AI systems continuously create and use identities across environments, outpacing legacy IAM tools and leaving security teams with poor visibility and slow revocation processes.
One Identity predicts a major breach tied to an over-privileged AI agent by 2026
CSO Online cited a One Identity prediction that by 2026 a major breach would be traced to an over-privileged AI agent. The warning framed agentic AI as a growing identity risk because its actions may appear to be normal authorized system behavior.
Obsidian reports breaches tied to compromised machine identities
Obsidian Security reported in February 2026 that many organizations had already suffered breaches linked to compromised machine identities such as service accounts, API keys, certificates, bots, and AI agents. The research also found that only a small minority had fully automated lifecycle management for these identities, underscoring operational security gaps.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
12 references tracked. Mallory keeps watching after this page renders.
How to Govern AI Agents Using Non-Human Identity Principles | program-guide | SC Media
scworld.com
Open sourceNon-Human Identities Are Outgrowing Your Governance Model | analysis | SC Media
scworld.com
Open sourceThe Invisible Workforce: Why Your Household Apps Now Have Their Own Digital IDs - IT Security Guru
itsecurityguru.org
Open sourceHow Agentic AI made org charts obsolete | perspective | SC Media
scworld.com
Open sourceReport exposes gap in AI identity threat preparedness | SC Media
scworld.com
Open sourceAI is flooding IAM systems with new identities - Help Net Security
helpnetsecurity.com
Open sourceWhy non-human identities are your biggest security blind spot in 2026 | CSO Online
csoonline.com
Open sourceNon-human identities: Agentic AI's new frontier of cybersecurity risk | World Economic Forum
weforum.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI Agents and Non-Human Identities as Emerging Cybersecurity Risks
The rapid adoption of AI agents, bots, and other non-human identities (NHIs) is fundamentally reshaping the cybersecurity landscape, introducing new attack surfaces and operational challenges for enterprises. As organizations increasingly rely on automation and AI-driven processes, NHIs are being granted broad access to critical systems, often without the same oversight or security controls applied to human users. This shift has led to heightened risks such as over-permissioned accounts, static credentials, and insufficient monitoring, making NHIs attractive targets for cybercriminals seeking to exploit gaps in identity and access management (IAM). Security leaders are urged to implement zero-trust principles, least-privilege access, automated credential rotation, and robust secrets management to mitigate these risks and prevent privileged account compromise. The complexity of managing AI agents is further compounded by the need for effective governance and the challenge of balancing control with operational simplicity in security operations centers (SOCs). Experts emphasize that adversaries are increasingly "logging in, not breaking in," leveraging weaknesses in identity controls—especially those related to AI agents—to gain unauthorized access. The cybersecurity workforce must adapt, as AI-driven automation is expected to take over high-volume, repetitive tasks, requiring new skills in AI security and orchestration. Organizations are advised to treat every human, workload, and agent as a managed identity, enforce phishing-resistant multi-factor authentication, and continuously monitor for anomalous permission changes or session hijacking to stay ahead of evolving threats.
Mar 21, 2026
AI-Driven Risks and Identity Abuse in Modern Enterprise Security
Recent analyses highlight that the most significant cybersecurity losses in 2025 stemmed from identity and OAuth token abuse, rather than high-profile zero-day vulnerabilities. Attackers leveraged AI to scale social engineering, phishing, and OAuth consent abuse, leading to widespread incidents across logistics, manufacturing, and other sectors. The rapid adoption of AI in enterprise environments has expanded the attack surface, with 99% of surveyed organizations experiencing at least one attack on their AI systems in the past year. The proliferation of GenAI-assisted coding has further outpaced security teams’ ability to secure production environments, compounding risk. Security leaders are increasingly concerned about the misalignment between teams, tools, and workflows, which exacerbates the impact of these AI-driven threats. Effective management of non-human identities (NHIs), such as machine credentials and tokens, is now critical, especially in cloud and SaaS environments. The need for robust governance, visibility, and context-aware controls is underscored by the growing sophistication of attacks targeting both human and machine identities. Organizations are urged to prioritize identity and secrets management, as well as to adapt their security strategies to address the evolving risks introduced by AI and automation.
Mar 21, 2026
Enterprise Concerns Over Securing Non-Human Identities
Organizations are increasingly challenged by the rapid proliferation of non-human identities (NHIs), such as service accounts, API keys, digital certificates, access tokens, automated bots, IoT devices, and AI agents. More than half of enterprises surveyed express uncertainty about their ability to secure these NHIs, highlighting a significant gap between the adoption of automated digital identities and the maturity of tools and processes to protect them. The complexity and diversity of NHIs, which now form the backbone of modern digital infrastructure, have outpaced traditional identity and access management strategies, leaving organizations exposed to new risks. The exponential growth of NHIs, especially in cloud-native and automated environments, has led to a situation where non-human accounts vastly outnumber human users. This expansion, combined with issues like "secrets sprawl"—where credentials are scattered across codebases and pipelines—creates opportunities for account hijacking, privilege escalation, and lateral movement by threat actors. Security experts emphasize the need for unified visibility, consistent identity policies, and automated responses to address these risks, particularly as NHIs and AI agents become more integral to business operations and the attack surface continues to expand.
Apr 9, 2026