Notifications
Clear all
Topic starter
22/06/2026 10:00 am
TL;DR: Frost & Sullivan says PAM is shifting from vault-centric control to real-time privilege decisions as hybrid estates, automation, and AI agents expand the privileged identity surface, according to Delinea’s summary of the 2026 Frost Radar for PAM. Static reviews and periodic audits are no longer enough when privilege is exercised at machine speed, not human pace.
NHIMG editorial — based on content published by Delinea: Built for machine speed, Delinea named a Growth and Innovation Leader on the 2026 Frost Radar for PAM
By the numbers:
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: Why do static PAM controls struggle with machine-speed privilege?
A: Static PAM controls assume privilege can be reviewed, approved, and audited on a human cadence.
Q: When should organisations prioritise JIT access over longer-lived privileged accounts?
A: Organisations should prioritise JIT access when privileged actions are task-specific, repeatable, and carried out by machines or service identities.
Q: What do security teams get wrong about AI agent privilege?
A: Teams often treat AI agent privilege like static service-account access.
Practitioner guidance
- Map privileged identities by execution mode Separate human-admin access from workload, service account, third-party, and AI-agent privilege so each class can be governed with the right timing and review pattern.
- Shift from vault-centric controls to runtime enforcement Prioritise policy decisions at the point of use, where privilege is actually consumed, and verify that automated systems cannot retain standing access between tasks.
- Apply JIT and zero standing privilege to NHIs first Target long-lived service accounts, API keys, and workload identities that still carry persistent elevation, then reduce their usable window to the task duration.
What's in the full analysis
Delinea's full analysis covers the operational detail this post intentionally leaves for the source:
- The Frost Radar scoring context that explains how the market evaluation was constructed
- The specific platform capabilities Delinea says contributed to its placement on the radar
- The integration and deployment details behind its weeks-not-months time-to-value claim
- The report excerpts on runtime authorization, AI-assisted session analysis, and control-plane direction
👉 Read Delinea's analysis of the 2026 Frost Radar for PAM →
PAM at machine speed: are your privilege controls keeping up?
Explore further
22/06/2026 10:44 am
Vault-centric privilege management is becoming a control delay, not a control plane. The Frost Radar framing matches what many teams now see in practice: privilege is exercised continuously across machines, workloads, third parties, and emerging agents. Once execution speed exceeds review cadence, the control no longer governs action, it only records it. Practitioners should treat that as a structural governance shift, not a feature gap.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means most teams cannot reliably validate where privileged machine access actually exists.
A question worth separating out:
Q: How should PAM, IAM, and NHI teams work together on privileged access?
A: They should share a single view of privileged execution across humans, machines, workloads, and agents. PAM owns control of high-risk actions, IAM governs identity and entitlement structure, and NHI teams cover non-human lifecycle and visibility. The programme works best when those functions align on the same runtime risk model.
👉 Read our full editorial: PAM is moving to runtime control for machines and AI agents
