Notifications
Clear all
Topic starter
14/05/2026 2:34 pm
TL;DR: Nearly 86% of breaches now involve identity compromise, and the article argues that agentic AI and rapid NHI growth are forcing security teams beyond compliance-first thinking, according to SailPoint. The practical implication is that identity governance must become threat-centric, with stronger visibility, prevention, and least-privilege controls across both human and non-human access.
NHIMG editorial — based on content published by SailPoint: A conversation with Cyderes on stopping threats in the age of AI
By the numbers:
- Nearly 86% of breaches now involve identity compromise.
- Only 5.7% of organisations have full visibility into their service accounts.
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: How should security teams govern AI agents that can call tools and act autonomously?
A: Treat AI agents as NHIs with execution authority, not as ordinary integrations.
Q: Why do non-human identities change the way IAM teams should think about risk?
A: NHIs multiply faster than human accounts and often have broader or less visible access paths.
A: Compliance-driven control proves that a policy exists, while threat-centric control asks whether the policy reduces attacker opportunity.
Practitioner guidance
- Inventory every non-human identity Build a current register of service accounts, API keys, tokens, certificates, and agent identities across cloud, CI/CD, and SaaS systems.
- Reduce standing access for agents and workloads Replace persistent permissions with task-scoped access wherever the workflow allows it.
- Tie identity events to threat detection Send identity creation, privilege changes, token issuance, and unusual delegation into detection pipelines so abuse is visible in near real time.
Teams should pair agent rollout with explicit ownership, revocation, and logging controls, then map those controls to the NIST Cybersecurity Framework 2.0?
👉 Read SailPoint's conversation on identity compromise, AI agents, and NHI risk →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 2:37 pm
A few things worth adding from our research at NHI Mgmt Group.
Identity compromise is now an enterprise design problem, not just a detection problem. The article reinforces a pattern we see repeatedly in NHI incidents: once valid access is abused, the boundary between legitimate operations and malicious activity collapses. That means detection alone is insufficient if privilege, inventory, and revocation are weak. Practitioners should treat identity governance as part of attack-path reduction, not just audit support.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: When do AI agents and NHIs create more risk than they reduce?
A: They create more risk when they are deployed faster than the organisation can inventory, scope, and monitor them. That tipping point usually appears when teams cannot explain who owns the identity, what it can access, or how quickly access can be removed after misuse or compromise.
👉 Read our full editorial: Identity compromise and AI agents are reshaping threat-centric security
