PKI and workload identities are now mandatory for AI-driven attacks

At a glance

What this is: This is Keyfactor’s analysis of why AI-driven attacks expose the limits of passwords and MFA and push infrastructure security toward PKI, x.509 certificates, and workload identity.

Why it matters: It matters because identity teams have to govern machine-to-machine trust, not just human login flows, if they want to contain AI-speed lateral movement and credential abuse.

By the numbers:

• The September 2025 China Agentic AI attack scaled across more than two dozen organizations.

👉 Read Keyfactor’s analysis of PKI, x.509 certificates, and AI-driven attacks

Context

AI-driven attacks change the problem from password compromise to internal trust abuse. The real issue is not whether a human can be stopped at login, but whether machine identities, service credentials, and internal communication channels can be trusted once an adversary begins operating at machine speed.

That shift is central to NHI governance because service accounts, API keys, bearer tokens, and certificates now sit on the front line of identity security. Passwords and MFA still matter for people, but they do not control the identity surface that modern infrastructure and agentic workflows actually use.

Key questions

Q: How should security teams secure machine-to-machine trust against AI-driven attacks?

A: Security teams should treat machine-to-machine trust as a separate identity domain from human access. Use certificate-based authentication, mutual TLS, least privilege, and segmentation so internal traffic is verified continuously. If the environment still relies on reusable secrets, an AI-speed attacker can turn one credential into broad lateral movement.

Q: Why do passwords and MFA fail to stop AI-driven intrusion workflows?

A: Passwords and MFA are built for interactive human login, not for internal service authentication. Once an attacker is inside, AI can harvest reusable secrets and pivot through machine-to-machine paths without touching a login prompt. The failure is architectural: the controls protect users, but not the workload identity layer.

Q: What breaks when bearer tokens are used as durable internal credentials?

A: Bearer tokens become replayable secrets, so any actor that steals them can use them as proof of access. In internal environments, that creates hidden trust paths that are easy for an AI-directed attacker to enumerate. Durable token use also makes revocation and containment harder because the credential itself carries the authority.

Q: Who is accountable for workload identity security when AI is involved?

A: Accountability usually sits with platform, infrastructure, and identity teams together because workload trust crosses their boundaries. Security leadership should assign ownership for issuance, rotation, revocation, and policy enforcement before deploying AI-enabled infrastructure. That prevents machine identities from becoming unmanaged access channels.

Technical breakdown

Why passwords fail against AI-driven lateral movement

Passwords are shared secrets, so they are inherently copyable once exposed. In an AI-directed intrusion, the attacker is not waiting at a login screen, but using compromised access to enumerate internal systems and pivot across them. That makes password strength less relevant than the trust model behind internal authentication. If the identity can be replayed, harvested, or reused across services, a machine-speed adversary can turn one secret into broad movement.

Practical implication: replace shared-secret assumptions in internal access paths with cryptographic identity controls.

How x.509 certificates change machine-to-machine authentication

x.509 certificates replace shared secrets with cryptographic proof of identity. The public key can be shared, but the private key stays bound to its secure boundary, which means the credential is not exposed in the same way as a password or bearer token. For infrastructure, this matters because service-to-service traffic needs verifiable identity at scale. Mutual TLS makes both sides prove who they are before data flows, which is the right primitive for machine trust.

Practical implication: use certificate-based authentication for service identity and mutual TLS wherever systems talk to systems.

Why OAuth and MFA do not solve internal trust

OAuth governs authorization, not identity proof, and MFA is a checkpoint for human login, not continuous machine communication. Bearer tokens behave like secrets, so once stolen they can be replayed in the same way as other credentials. In a machine-speed attack, that gap matters more than user-facing authentication strength. The core failure is assuming that controls designed for interactive human sessions can secure non-interactive infrastructure traffic.

Practical implication: separate human authentication from workload authentication and do not treat bearer tokens as durable trust anchors.

Threat narrative

Attacker objective: The attacker aims to convert stolen internal credentials into scalable access across interconnected systems without relying on human-paced intrusion steps.

1. Entry begins when adversaries use AI-directed reconnaissance to identify exposed or reusable service credentials across internal systems.
2. Escalation occurs as the attacker maps which stolen credentials unlock which services and uses those identities to enumerate accessible systems and pivot laterally.
3. Impact follows when the attacker sustains machine-speed movement across more than two dozen organizations, turning credential abuse into broad compromise and operational reach.

Breaches seen in the wild

• MongoBleed breach — MongoBleed exposed secrets across 87K MongoDB servers.
• IOS app secrets leakage report — iOS apps leaking hardcoded secrets and credentials endangering user privacy.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Passwords and MFA are human controls, not machine trust controls. This article reinforces a long-standing governance gap: the authentication stack for people is not the authentication stack for services. AI-directed attackers do not need to defeat interactive login if they can operate through internal machine credentials instead. The implication is that identity programmes must stop treating human auth hardening as a proxy for workload security.

Credential-to-service mapping has become an attacker capability, not just a defender task. The article’s description of AI independently determining which credentials unlocked which services shows that internal trust relationships are now machine-readable by adversaries. That changes the governance problem for NHI teams because secrets are no longer isolated objects. They are graph edges that can be traversed at speed. Practitioners need to assume the attack surface is the relationship map itself.

x.509 certificates are now a governance primitive, not just an infrastructure preference. Certificates matter here because they remove the shared-secret weakness that AI-driven attackers exploit. In OWASP-NHI and ZT-NIST-207 terms, the organisation needs verifiable identity for workloads, not merely stronger human authentication. The practitioner conclusion is straightforward: if internal trust is still built on reusable secrets, the architecture is already behind the threat.

Identity blast radius is now determined by machine speed, not human response time. The article shows how AI-driven reconnaissance, harvesting, and lateral movement compress the window available to defenders. That weakens assumptions behind segmented trust zones, manual investigation, and slow credential rotation cycles. The field should treat machine-speed identity abuse as a structural shift in how compromise propagates across infrastructure.

Workload identities need lifecycle governance, not just issuance controls. The attack pattern depends on service credentials that can be found, reused, and pivoted. That is a lifecycle problem as much as an authentication problem. In practice, organisations need to govern how machine identities are created, bound, rotated, and revoked across environments, or else the internal credential plane remains exploitable.

From our research:

• 53% of security leaders expect AI to run major portions of their infrastructure autonomously within the next three years, according to The 2026 Infrastructure Identity Survey.
• Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
• For the next step, compare this operating reality with OWASP Agentic AI Top 10 to pressure-test whether your trust model still fits autonomous behaviour.

What this signals

Workload identity governance will become a board-level infrastructure issue. With 53% of security leaders expecting AI to run major portions of infrastructure autonomously within three years, the gap is no longer theoretical. Teams that still anchor trust in human login assumptions will find their machine identity estate expanding faster than their governance model can absorb.

Certificate-based authentication will matter more as AI expands into operational control paths. The governance question is shifting from whether workloads should have identities to how tightly those identities are bound, rotated, and revoked. Organisations should align internal identity controls with the NIST AI Risk Management Framework and Zero Trust principles rather than extending human MFA logic into service traffic.

Identity blast radius is the new metric that matters. When one harvested secret can unlock multiple services, the problem is not just compromise but propagation. A programme that can measure and shrink machine identity reach will be better positioned to absorb AI-driven intrusion patterns without turning every incident into an environment-wide event.

For practitioners

• Inventory machine identities across internal trust paths Map service accounts, API keys, bearer tokens, and certificates to the systems they can reach so you can see where one credential can unlock multiple services.
• Replace shared secrets with certificate-based authentication Use x.509 certificates and mutual TLS for service-to-service traffic so internal authentication depends on cryptographic proof rather than replayable secrets.
• Separate human login controls from workload trust controls Keep MFA for people, but do not assume it secures internal machine communication or prevents bearer token replay inside the environment.
• Reduce lateral movement paths with least privilege and segmentation Constrain service entitlements to the minimum reach required and segment internal systems so a single harvested credential cannot traverse the environment freely.

Key takeaways

• AI-driven attacks expose a hard boundary in traditional identity security: human-facing controls do not govern internal machine trust.
• Credential reuse, bearer tokens, and service account sprawl turn one compromise into fast lateral movement when an attacker operates at machine speed.
• PKI, mutual TLS, least privilege, and segmentation are the controls that change the trust model from replayable secrets to verifiable workload identity.

Key terms

• Workload Identity: A workload identity is the cryptographic or credential-based identity assigned to a service, application, container, or process so it can authenticate to other systems. In practice, it is what lets non-human systems prove who they are without relying on human login methods.
• Mutual TLS: Mutual TLS is a certificate-based authentication method where both client and server prove identity during connection setup. It is widely used to secure machine-to-machine traffic because it replaces shared secrets with cryptographic verification on both sides of the connection.
• Bearer Token: A bearer token is a credential that grants access to whoever possesses it, without requiring a separate proof step at use time. That design makes it convenient for APIs and automation, but also increases replay risk if the token is exposed or stolen.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or operational governance, it is worth exploring.

This post draws on content published by Keyfactor: AI Beyond Passwords, How PKI Secures Your Infrastructure from AI-Driven Attacks. Read the original.