Non-human identity sprawl is now the enterprise security blind spot

At a glance

What this is: This is JumpCloud’s analysis of why non-human identities, including emerging AI agents, are becoming a major enterprise security risk as machine credentials outnumber human accounts and remain poorly governed.

Why it matters: It matters because IAM, PAM, and lifecycle processes built for people do not adequately cover service accounts, tokens, certificates, or agent-driven access that can persist, sprawl, and evade detection.

By the numbers:

• For every person in an organisation, there are about 92 non-human identities.
• 69% of organisations are concerned about attacks from non-human identities.
• Only 15% feel confident in their ability to prevent them.

👉 Read JumpCloud’s analysis of non-human identity risk and AI agent exposure

Context

Non-human identity sprawl is the governance gap that sits beneath modern automation. Service accounts, API keys, certificates, tokens, and workload identities are not background utilities. They are identities with access rights, lifecycle risks, and attack paths, which means they need the same discipline that enterprises apply to human access.

The article argues that the problem is getting harder because AI agents can act on their own while still relying on machine credentials underneath. That combination widens the control surface for IAM, PAM, and identity lifecycle programmes, especially where ownership, rotation, and monitoring are already inconsistent.

Key questions

Q: How should security teams govern non-human identities across cloud and DevOps environments?

A: Start with inventory, ownership, lifecycle control, and monitoring. Service accounts, tokens, certificates, and workload identities should each have a named steward, a documented purpose, and a rotation or offboarding process. If an NHI cannot be mapped to a service and owner, it is already a governance gap, not an exception.

Q: Why do non-human identities increase lateral movement risk?

A: Because they often carry standing access into APIs, databases, pipelines, and cloud services. If a credential is stolen, the attacker can use the same trusted path the workload uses, which makes misuse harder to spot than a human login. The risk rises sharply when permissions are broad, shared, or long-lived.

Q: What breaks when machine identities have no formal owner?

A: Rotation slows, decommissioning is missed, and privileges accumulate over time. Unowned machine identities tend to outlive the application or workflow that created them, which leaves dormant access in production. That creates an enduring exposure window that attackers can exploit if the credential is discovered or reused.

Q: Who should be accountable for AI agent access decisions?

A: The organisation should assign accountability to the team that governs the agent’s intent, tool scope, and revocation path, not just the team that stores the credential. If an agent can make independent decisions, someone must own the behavioural boundary as well as the secret. Without that, governance stops at the token.

Technical breakdown

Why non-human identities become high-value access paths

Non-human identities often sit in automation, DevOps, and cloud workflows because they allow systems to authenticate without a person present. That makes them efficient, but it also means they frequently carry privileged access, long-lived credentials, and weak ownership. Once embedded in pipelines or applications, they are easy to forget and hard to inventory. The security problem is not the existence of machine identities, but the way they accumulate trust faster than governance can track it. Practical implication: treat machine accounts as governed identities, not implementation details.

Practical implication: treat machine accounts as governed identities, not implementation details.

How NHI visibility breaks down across tools and teams

Traditional IAM and PAM controls were designed around human login events, MFA prompts, and HR-driven lifecycle changes. NHIs rarely fit that model because they may authenticate without interactive sessions, exist outside HR processes, and belong to no single owner. That creates shadow access, orphaned credentials, and policy gaps that monitoring tools often miss because machine activity can look normal at the protocol level. Practical implication: build a complete inventory of machine identities, where they are used, and who is accountable for each one.

Practical implication: build a complete inventory of machine identities, where they are used, and who is accountable for each one.

What changes when AI agents use non-human identities

AI agents add a higher-order governance problem because they can make independent decisions while relying on underlying credentials to act. The identity risk is not only token exposure, but the combination of runtime discretion and machine access. That shifts the question from whether a credential is valid to whether the actor using it can change its own behaviour, expand scope, or invoke actions outside the original assumption set. Practical implication: separate the governance of the credential from the governance of the acting entity.

Practical implication: separate the governance of the credential from the governance of the acting entity.

Threat narrative

Attacker objective: The attacker aims to convert one exposed machine credential into durable, difficult-to-detect access across connected enterprise systems.

1. Entry occurs when attackers target exposed machine credentials such as API keys, tokens, or hardcoded secrets in automation and code repositories.
2. Escalation follows when the compromised non-human identity already has standing privilege, allowing the attacker to reach additional systems without needing a human login.
3. Impact comes from lateral movement through integrated APIs and workflows, which can turn one compromised identity into broader system compromise, malware placement, or backdoor creation.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Sisense breach — unauthorized GitLab access led to exfiltration of access tokens, API keys and certificates.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Non-human identity sprawl is now a governance failure, not just an inventory problem. The article’s most important point is that machine identities outnumber people by a wide margin and are often created faster than security teams can catalogue them. That is not merely operational noise. It is a structural weakness in IAM programme design, because unmanaged identities always become unmanaged access. Practitioners should treat discovery and ownership as core controls, not housekeeping.

Persistent machine access exposes the assumption that credentials can be reviewed before they are abused. Access review processes were designed for access that persists long enough to be seen, assigned, and certified. That assumption fails when service accounts, tokens, and certificates live invisibly inside automation and can be used continuously without human interaction. The implication is that governance must be built around machine lifecycle and usage state, not just periodic review.

AI agents sharpen the identity problem because the credential is no longer the whole actor. The article draws the right distinction between static machine identities and agents that make independent decisions while using those credentials. That means privilege analysis cannot stop at the secret or account level. It must account for runtime behaviour, delegated intent, and the possibility that a system can change how it acts after access is provisioned. Practitioners should separate identity control from behavioural control.

Unclear ownership is the failure mode that turns NHI risk into chronic exposure. When no team is clearly accountable for a service account, token, or certificate, rotation slips, offboarding never happens, and privilege creep becomes normal. This is why identity governance for NHIs cannot be delegated to tooling alone. The control gap is ownership, and the practitioner response is to assign accountable stewardship for every non-human credential.

Ephemeral credential trust debt: modern enterprises rely on temporary machine access while still assuming the trust can be managed later through human-style governance. That assumption is already failing in environments where automation is continuous and agentic behaviour can shift at runtime. The implication for practitioners is to rethink whether current IAM and PAM models still describe the real access graph.

From our research:

• Only 15% feel confident in their ability to prevent them, according to The State of Non-Human Identity Security.
• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
• For a broader breach lens, see 52 NHI Breaches Analysis, which compiles real incidents and root-cause patterns across machine identity compromise.

What this signals

Ephemeral credential trust debt: enterprises are layering automation on top of identity controls that still assume human-paced administration. That gap will keep widening as AI agents, cloud workloads, and service accounts expand the number of identities that security teams must own, review, and revoke.

The immediate programme signal is clear: inventory without lifecycle ownership will not keep pace with machine identity sprawl. Teams should expect more pressure to prove who owns each credential, how quickly it can be rotated, and whether the access path still exists for a valid business reason.

As machine identities become more autonomous in practice, the governance model has to distinguish between the credential and the actor using it. That is where IAM, PAM, and lifecycle discipline converge, and it is also where most current programmes remain underbuilt.

For practitioners

• Inventory every machine identity Map service accounts, API keys, certificates, tokens, workload identities, and automation scripts to a named owner and a business service. Include where each credential is stored, where it is used, and whether it still has an operational purpose.
• Separate machine lifecycle from human lifecycle Create joiner-mover-leaver processes for non-human identities so provisioning, rotation, review, and offboarding are explicit steps rather than side effects of application changes.
• Reduce standing privilege on automated access paths Replace broad or permanent machine permissions with scoped entitlements tied to the minimum systems required, and revalidate access whenever the workload or integration changes.
• Monitor machine activity for behavioural drift Alert on unusual API call patterns, credential reuse across services, and access from unexpected workloads, because machine traffic often looks normal until the account is abused.
• Apply explicit stewardship to AI agents When agents are present, distinguish the credential from the acting entity and define who approves tool scope, revocation, and behavioural changes before deployment.

Key takeaways

• Non-human identities now create a governance problem because they are numerous, persistent, and often outside normal ownership models.
• The article’s core evidence is the confidence gap: organisations recognise the risk, but few believe they can prevent it reliably.
• The practical response is to inventory, assign ownership, and govern machine access with lifecycle discipline that matches the scale of automation.

Key terms

• Non-Human Identity: A non-human identity is any credentialed digital entity that is not a person but still needs access to systems or data. This includes service accounts, API keys, tokens, certificates, workload identities, bots, and, in some cases, AI agents that act through those credentials.
• Identity Sprawl: Identity sprawl is the uncontrolled growth of credentials and accounts across systems, teams, and automation layers. In NHI environments, it usually appears as unmanaged service accounts, duplicated keys, and forgotten tokens that persist long after the original use case has changed.
• Standing Privilege: Standing privilege is access that remains active by default rather than being granted only when needed. For non-human identities, it often shows up as broad, long-lived permissions attached to automation, which increases the blast radius if the credential is exposed or reused.
• Workload Identity: A workload identity is a machine identity assigned to a container, virtual machine, cloud function, or similar runtime component. It lets the workload authenticate without a human user, but it also creates governance demand around ownership, rotation, and scope control.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM, PAM, or identity security programme, it is worth exploring.

This post draws on content published by JumpCloud: non-human identity risk, AI agents, and the governance gap. Read the original.