TL;DR: Credential abuse remains the dominant initial access path, used in 22% of breaches, while compromised-credential incidents now take an average of 246 days to identify and contain, according to Verizon DBIR 2025 and IBM’s 2025 breach study. That makes lateral movement prevention an architectural problem, not a tooling afterthought, especially as AI agents multiply identity complexity.
NHIMG editorial — based on content published by Elisity: Andy Ellis on How to Prevent Lateral Movement in the Age of AI Agents
By the numbers:
- Credential abuse is now the single most common initial access vector, used in 22 percent of breaches.
- 88 percent of basic web application attacks involve stolen credentials.
- Breaches involving compromised credentials took an average of 246 days to identify and contain.
Questions worth separating out
A: They should focus on internal reach, not just authentication.
Q: Why do AI agents make lateral movement harder to contain?
A: AI agents add more runtime identities to the same endpoint and can act faster than human review cycles.
A: Location-based control breaks because internal systems still trust anything on the right subnet or inside the right segment.
Practitioner guidance
- Map east-west trust paths by identity class Inventory which human users, service accounts, and AI agents can reach each internal asset, then identify where those paths were granted for convenience rather than necessity.
- Separate AI agents from human users at the control plane Treat agents as distinct runtime identities with their own policy boundaries, logging, and least-privilege scopes instead of letting them inherit the user’s full access context.
- Enclave unpatchable devices behind mediated access Place legacy, FDA-locked, or otherwise unpatchable assets behind identity-aware segmentation and proxy enforcement so that only explicitly allowed identities can reach them.
What's in the full article
Elisity's full article covers the architectural detail this post intentionally leaves at the strategy level:
- A deeper walkthrough of Andy Ellis’s zero trust framing for stopping lateral movement in practice
- Discussion of the VPN-and-proxy enclaving pattern for legacy and unpatchable devices
- More detail on identity-based microsegmentation as a containment layer for east-west traffic
- Additional context on how AI agents change endpoint identity separation and policy design
👉 Read Elisity’s analysis of preventing lateral movement in the age of AI agents →
AI agent identity and lateral movement , are your controls keeping up?
Explore further
Preventing lateral movement is no longer a detection problem, it is an identity architecture problem. Once an attacker or rogue workload gets inside, the enterprise is already negotiating with its own trust model. The decisive question is which identities can still reach what, and whether those reach paths were designed for containment or convenience. Security leaders should treat lateral movement as a design constraint on IAM, PAM, and NHI programmes, not as a downstream incident response metric.
A few things that frame the scale:
- 23.7% of organisations share secrets through insecure methods such as email or messaging applications, according to The 2024 Non-Human Identity Security Report.
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, according to The 2024 Non-Human Identity Security Report.
A question worth separating out:
Q: Who is accountable when a compromised service account or AI agent moves laterally?
A: Accountability sits with the organisation that assigned the access and failed to constrain it. The right question is whether the identity was given more reach than its task required, and whether the programme had enough segmentation and governance to limit the resulting blast radius. That is the control failure leaders must own.
👉 Read our full editorial: AI agent identity and lateral movement: why architecture fails