By NHI Mgmt Group Editorial TeamDomain: Agentic AI & NHIsSource: ProofpointPublished February 25, 2026

TL;DR: 99% of organisations faced account takeover threats during the study period, with targeted attacks succeeding more than twice as often as non-targeted ones and 88% of impacted organisations showing post-access abuse, according to Proofpoint. In agentic workspaces, identity compromise extends into downstream agents, OAuth apps, and workflows, so login-only controls no longer contain the blast radius.


At a glance

What this is: This is Proofpoint's analysis of account takeover across cloud and collaboration environments, showing that ATO is pervasive and increasingly extends into downstream agents, workflows, and OAuth-connected applications.

Why it matters: It matters because IAM, PAM, and NHI programmes now have to treat identity compromise as a lifecycle event that can propagate through human accounts, service access, and AI-enabled automation.

By the numbers:

👉 Read Proofpoint's analysis of account takeover in the agentic workspace


Context

Account takeover is not just a login failure. In cloud-first environments, one compromised identity can open email, collaboration tools, identity providers, OAuth grants, and the agents or automations that operate under that account. That makes ATO a governance problem for IAM, NHI, and lifecycle controls, not only a detection problem.

Proofpoint's analysis is useful because it separates pre-takeover, takeover, and post-takeover behaviour. That matters to practitioners: the real failure is not always initial access. It is the way trusted identities become operational launch points for persistence, fraud, data access, and lateral abuse across connected systems.


Key questions

Q: How should security teams respond to account takeover in SaaS environments?

A: Prioritise containment over password changes alone. Revoke active sessions, invalidate refresh tokens, review delegated OAuth grants, and check for persistence such as forwarding rules or newly authorised apps. Then map what the compromised identity could reach through connected systems. In SaaS, the goal is to shrink the identity blast radius before the attacker uses it for fraud or lateral movement.

Q: Why do MFA controls still fail against account takeover?

A: MFA reduces password-only compromise, but it does not stop attackers who steal session tokens, hijack browsers, or obtain access through adversary-in-the-middle phishing. Once the token is issued, the service often trusts it until expiry or revocation. That means organisations need continuous session control and behavioural detection, not just stronger login prompts.

Q: What do organisations get wrong about post-compromise identity risk?

A: They often focus on entry control and underweight what happens after access is granted. In reality, attackers use the account to create mailbox rules, read messages, manipulate MFA settings, and pivot into trusted relationships. If you only measure login success, you miss the phase where the real damage happens.

Q: How can organisations reduce the blast radius of compromised agent identities?

A: Organisations reduce blast radius by shrinking scopes, separating high-risk permissions from routine tasks, and enforcing runtime controls on tool use. They should also rotate and revoke secrets, remove unnecessary admin consent, and tie every agent to a human owner who can act quickly when behavior changes. The goal is to make one compromised identity affect as little as possible.


Technical breakdown

Why account takeover becomes a lifecycle problem in cloud identity

Account takeover changes the security model because identity becomes the trust anchor for multiple connected services. A compromised mailbox, SSO session, or OAuth grant can outlive the original login event and give attackers legitimate-seeming access to adjacent systems. In practice, that means authentication, federation, token scope, and downstream app consent all become part of the same control plane. For IAM teams, the point is not just whether a user logged in. It is whether the compromised identity can still be trusted to act across tools that inherit that identity's permissions.

Practical implication: map each account's downstream entitlements, OAuth grants, and session dependencies so takeover response can follow the identity chain, not just the password reset.

Why MFA reduces but does not eliminate takeover risk

MFA helps at the point of login, but it does not fully address session hijacking, adversary-in-the-middle phishing, or token-based abuse. Once an attacker captures an active session or manipulates consented application access, MFA may never be challenged again. That is why organisations can have MFA enabled on compromised accounts and still see successful abuse. The control gap is not MFA itself. It is the assumption that MFA equals durable post-authentication trust.

Practical implication: pair MFA with session monitoring, token revocation, and consent governance so authenticated sessions do not become invisible persistence channels.

OAuth abuse and AI-enabled apps widen the post-takeover surface

OAuth grants create delegated access that can survive password changes and often bypass the usual user-login controls. As AI-enabled applications proliferate, attackers gain more places to hide malicious consent behind seemingly useful integrations. Proofpoint's data shows that consented app growth can scale very quickly, which means app review, consent policy, and lifecycle offboarding are now part of identity security. For NHI governance, OAuth apps behave like non-human identities with delegated authority and need the same scrutiny around scope, revocation, and persistence.

Practical implication: inventory consented apps, remove unused grants, and treat third-party app consent as an identity lifecycle control, not a one-time approval.


Threat narrative

Attacker objective: The attacker wants durable, trusted access that can be used to read messages, manipulate workflows, steal data, and launch further attacks without looking like a new intrusion.

  1. Entry begins with targeted phishing, supplier abuse, or credential theft aimed at a trusted user account or connected login flow.
  2. Escalation occurs when the attacker captures an active session, bypasses the login boundary, or adds OAuth-based access that survives the initial compromise.
  3. Impact follows through persistence, mailbox abuse, file access, fraud, and follow-on attacks launched from a trusted identity.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

Account takeover is now an identity lifecycle failure, not a point-in-time authentication event. Proofpoint's data shows that attackers are not stopping at login success. They are moving into post-access abuse, where identity becomes the control surface for persistence, fraud, and workflow abuse. That means joiner-mover-leaver, session control, and offboarding logic all belong in the ATO response model. Practitioners should treat every successful takeover as a lifecycle governance incident, not just a security alert.

Post-compromise abuse is where the governance assumption breaks. Access review processes were designed for privileges that persist long enough to be reviewed. That assumption fails when attackers use valid accounts, active sessions, or OAuth grants to operate inside trusted channels immediately after takeover. The implication is that review cadence alone cannot protect identities that can be used, hidden, and abandoned faster than governance cycles can observe them.

Agentic workspaces turn account compromise into delegated system compromise. When a human identity also authorises agents, collaboration tools, and automated workflows, the blast radius extends beyond the account itself. This is where IAM and NHI governance converge: the compromised user becomes a control point for non-human execution paths. Practitioners should reevaluate which identities can create, approve, or inherit machine-level access.

OAuth consent has become a persistence layer for attackers. The growth of consented apps means delegated access can remain even after password resets and MFA enforcement. That is a classic NHI problem because the grant behaves like a non-human credential with independent operational value. Teams should stop treating app consent as a side feature of SSO and manage it as part of the identity estate.

Targeted attacks expose the weakness in policy that assumes scale beats context. Proofpoint shows that spear phishing succeeds far more often than brute-force techniques because attackers exploit trusted relationships, project context, and user behaviour. The lesson for identity programmes is that risk is shaped by relationship awareness, not only by authentication strength. Security teams need to govern the trust fabric around identities, not just the login gate.

From our research:

  • Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, according to the 2024 Non-Human Identity Security Report.
  • From our research: 35.6% of organisations cite managing consistent access across hybrid and multi-cloud environments as their top NHI security challenge, according to the 2024 Non-Human Identity Security Report.
  • Forward pivot: The 52 NHI Breaches Analysis shows how credential and access failures turn into real-world compromise when lifecycle controls do not keep pace with usage.

What this signals

Account takeover is now a delegated-access problem as much as a human-login problem. In environments where users authorize apps, workflows, and agents, compromise can move from the person to the machine path in a single step. Teams should review whether their identity programme still stops at authentication, because the control gap now sits in post-authentication authority, not just in sign-in.

Post-authentication visibility will matter more than password policy. Proofpoint's findings reinforce a familiar pattern: once an attacker is inside, they exploit what the identity can already do. That means mailbox rules, consent grants, and session abuse are the signals to watch, while lifecycle offboarding and entitlement review become the controls that actually reduce dwell time.

Identity programmes need a named concept for this shift: identity blast radius. It is the total downstream scope an account can influence after compromise, including agents, apps, and workflows. With 88.5% of organisations saying their non-human IAM practices lag behind or merely match human IAM, according to the 2024 Non-Human Identity Security Report, the operational question is how far one account can now reach.


For practitioners

  • Model takeover as a lifecycle event Tie ATO detection, containment, and recovery into joiner-mover-leaver workflows so compromised identities can be revoked, isolated, and re-certified as part of one process. Include collaboration accounts, SSO sessions, and consented apps in the same incident playbook.
  • Instrument post-authentication abuse signals Monitor suspicious mailbox rules, unusual file activity, MFA setting changes, and token reuse because these are the behaviours that appear after initial compromise. Use them to separate login failure from active identity abuse.
  • Treat OAuth grants as governed entitlements Inventory consented applications, remove stale grants, and require review of app permissions that can survive password resets. Apply the same lifecycle discipline to third-party and AI-enabled apps that you apply to privileged service access.
  • Harden trusted relationships against targeted entry Prioritise controls that disrupt spear phishing paths, including supplier validation, user-context anomaly detection, and limits on externally initiated consent flows. The goal is to make trusted communication channels harder to weaponise.

Key takeaways

  • Account takeover is no longer just a user access issue. It is a lifecycle governance problem that can extend into agents, apps, and workflow automation.
  • Proofpoint's data shows the scale of the challenge: nearly universal targeting, high success for precision attacks, and widespread post-access abuse.
  • The control that changes outcomes is not login hardening alone. It is visibility and governance over sessions, grants, downstream entitlements, and offboarding.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and MITRE ATT&CK address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-01The article centers on identity compromise and delegated access across non-human and human-linked systems.
NIST CSF 2.0PR.AC-1Account and access control are central to containing takeover and delegated abuse.
NIST SP 800-53 Rev 5IA-5The article highlights credential, session, and authenticator abuse after compromise.
NIST Zero Trust (SP 800-207)Zero Trust is relevant because compromised identities are assumed untrusted after authentication.
MITRE ATT&CKTA0006 , Credential Access; TA0009 , Collection; TA0010 , ExfiltrationThe attack chain includes credential abuse, mailbox collection, and data theft after takeover.

Map takeover detections to credential access, collection, and exfiltration tactics to improve triage and hunting.


Key terms

  • Account Takeover: Account takeover is unauthorized use of a legitimate account after an attacker obtains valid access through stolen credentials, tokens, or trusted integrations. The key security problem is that the resulting activity often looks normal to logs and controls, which makes containment and attribution harder than in a forced-entry breach.
  • Post-Compromise Abuse: Post-compromise abuse is the use of a hijacked identity to perform actions that appear legitimate, such as reading mail, creating rules, changing MFA settings, or abusing OAuth grants. It is where the business impact of identity compromise usually becomes visible and where containment must be focused.
  • OAuth Consent: The approval that allows an application to access resources on behalf of a user or tenant. In practice, consent can create durable access paths that outlive the original interaction if permissions are broad, unmanaged, or never reviewed. For security teams, it is both an access decision and a lifecycle event.
  • Identity Blast Radius: The amount of damage a compromised identity can cause across systems, data, and infrastructure. In NHI environments, it is shaped by permissions, network reach, and administrative capability rather than by the credential alone. Reducing blast radius is a containment strategy that limits lateral movement and data exposure.

What's in the full report

Proofpoint's full analysis covers the operational detail this post intentionally leaves for the source:

  • The study's phase-by-phase ATO breakdown across pre-takeover, takeover, and post-takeover activity.
  • The per-activity detection patterns for mailbox rules, file access, MFA manipulation, and OAuth abuse.
  • The sector comparison data showing how compromise rates vary across financial services, education, and public sector environments.
  • The dataset description covering 50M+ accounts and the 12-month analysis window.

👉 The full Proofpoint analysis covers post-takeover abuse patterns, industry comparisons, and OAuth-related persistence.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 14, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org