Notifications
Clear all
Topic starter
07/06/2026 8:28 pm
TL;DR: Identity becomes the primary attack surface in 2026 as agentic AI pushes IAM toward continuous, context-aware decisions and market consolidation collapses fragmented identity tooling into unified platforms, according to ConductorOne. The deeper shift is that static identity governance assumptions no longer match how access, privilege, and verification now operate.
NHIMG editorial — based on content published by ConductorOne: Identity Becomes the Battlefield: 3 Cybersecurity Predictions for 2026
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 70% of organisations grant AI systems more access than human employees.
- Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems.
Questions worth separating out
Q: Why do identity controls fail when access is reviewed only periodically?
A: Periodic review fails because access often changes faster than the governance cycle can observe.
Q: How should organisations govern agentic AI and NHI access in the same programme?
A: Treat both as non-human identities that need ownership, scope, lifecycle, and usage controls.
Q: What do security teams get wrong about MFA and identity risk?
A: They often treat MFA as proof that the access itself is safe.
Practitioner guidance
- Map identity as the control plane Inventory where authentication, authorisation, governance, and detection still live in separate tools.
- Replace periodic review with live entitlement checks Move the highest-risk access paths to continuous evaluation so that privilege can be reduced or revoked when context changes.
- Build one identity graph across human and non-human identities Create a shared record for users, service accounts, secrets, and AI actors so ownership, privilege, and usage can be correlated.
What's in the full article
ConductorOne's full blog covers the strategic argument and market implications this post intentionally leaves at the headline level:
- The article’s three 2026 predictions in the vendor’s own framing, including how it sees the identity category shifting.
- The specific rationale behind the move from periodic access review to continuous identity decisions.
- The consolidation argument across IAM, PAM, IGA, ITDR, and CIEM, including why the vendor expects platform convergence.
- The broader identity-security narrative ConductorOne uses to connect human and non-human identity governance.
👉 Read ConductorOne's 2026 identity security predictions for IAM and NHI →
Identity security in 2026: are your controls keeping up?
Explore further
07/06/2026 10:22 pm
Identity is now the security control plane, not a supporting service. The article is right that modern attacks repeatedly collapse back to access, privilege, and stale trust. That is the same pattern NHIMG sees across human IAM and NHI governance: if identity is not the first place risk is measured, the rest of the stack is compensating for a blind spot. Practitioners should treat identity as the primary point of control, not an audit afterthought.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 79% of organisations have experienced secrets leaks, and 77% of those incidents resulted in tangible damage.
A question worth separating out:
Q: What should teams do when identity tooling is fragmented across IAM, PAM, IGA, and detection?
A: Start by defining a single source of truth for identity, privilege, and usage data. Then identify the highest-risk control gaps where each tool sees only part of the problem, such as orphaned service accounts, overprivileged roles, or uncoupled alerting and access review workflows.
👉 Read our full editorial: Identity security becomes the battlefield in 2026
