AI-generated identities surge in 2026: what IAM teams should watch

TL;DR: Identity compromise now accounts for up to 75% of all security incidents at 77% of organisations, while only 43% can proactively detect identity-based risks and 46% report comprehensive visibility, according to Permiso Security’s 2026 State of Identity Security Report. The real governance problem is that visibility, not policy volume, has become the limiting control for NHI and AI identity programmes.

NHIMG editorial — based on content published by Permiso Security: Permiso Research Finds Up to 75% of Security Incidents Are Identity-Related, Highlighting New AI-Driven Risk

By the numbers:

• 77% of organizations report that identity compromise now accounts for up to 75% of all security incidents.
• Only 43% can proactively detect identity-based risks before incidents occur.
• 46% claimed they had comprehensive visibility into all of the identities in their environment.

Questions worth separating out

Q: How should security teams improve visibility across human, NHI, and AI identities?

A: Security teams should centralise identity telemetry so access changes, privilege relationships, and runtime activity can be analysed in one place.

Q: Why do AI-generated identities create extra governance risk?

A: AI-generated identities create extra governance risk because they can be created or modified by systems that do not follow traditional human approval cycles.

Q: What breaks when identity visibility is fragmented across tools?

A: Fragmented identity visibility breaks incident reconstruction, delay containment, and increases the chance that lateral movement will continue unnoticed.

Practitioner guidance

• Consolidate identity telemetry across clouds and SaaS Correlate human, NHI, and AI identity events in one operational view so teams can trace access changes without stitching together logs from separate consoles.
• Track runtime identity creation by AI systems Inventory which AI platforms can create or modify identities, then require explicit ownership for those lifecycle events and review them as continuously as workload changes.
• Measure blast-radius mapping time Test how long it takes responders to identify impacted identities, permissions, and reachable systems after a suspected compromise, then treat slow mapping as a control failure.

What's in the full report

Permiso Security's full research covers the operational detail this post intentionally leaves for the source:

• Survey methodology across 512 organisations and the full breakdown by environment type.
• The report's detailed visibility and detection benchmarks, including where teams still struggle to correlate identity events.
• Breakdowns of AI identity creation patterns and what practitioners reported about production access.
• The operational and budget implications behind the move to unified identity visibility tools.

👉 Read Permiso Security's 2026 State of Identity Security Report →

AI-generated identities surge in 2026: what IAM teams should watch?

Explore further

View Full Forum →  |  NHI Foundation Course →