TL;DR: Human error appears in 60% of breaches and credential abuse drives 22% of incidents, according to Verizon's 2025 Data Breach Investigations Report. AI-assisted malicious email volume has also doubled from about 5% to 10% of all malicious communications, making credential-focused prevention and remediation the most practical control point.
NHIMG editorial — based on content published by Bitwarden: human error, AI-enhanced attacks, and credential abuse in breach prevention
By the numbers:
- AI-assisted malicious emails have doubled over the past three years, rising from approximately 5% to 10% of all malicious communications, according to recent research.
Questions worth separating out
Q: How should security teams reduce breach risk from exposed or reused credentials?
A: Start by inventorying exposed, weak, and reused credentials across the applications that matter most, then route users to guided remediation before attackers can use those credentials.
Q: Why does AI-assisted phishing make human error harder to manage?
A: AI-assisted phishing produces messages that are grammatically clean, context-aware, and tailored to the target, which reduces the value of spotting obvious errors.
Q: What breaks when organisations only use password policy to manage credential risk?
A: Password policy alone cannot tell teams which credentials are already exposed, reused, or active in risky applications.
Practitioner guidance
- Inventory exposed and reused credentials continuously Create a live view of weak, reused, and breached credentials across critical applications so remediation can start before attackers exploit them.
- Prioritise critical applications for credential cleanup Mark business-critical applications so users receive remediation notices for the accounts that create the highest breach impact first.
- Pair awareness training with stronger detection Use phishing awareness as a baseline, then add controls that catch credential capture, suspicious resets, and abnormal sign-in patterns.
What's in the full article
Bitwarden's full blog post covers the operational detail this post intentionally leaves for the source:
- How Bitwarden Access Intelligence surfaces weak, reused, and exposed credentials across user accounts
- Administrator workflow detail for marking critical business applications and triggering targeted notifications
- End-user remediation flow through browser extension alerts and password change prompts
- Enterprise deployment and subscription inclusion details for teams evaluating rollout scope
👉 Read Bitwarden's analysis of human error, credential abuse, and Access Intelligence →
Credential abuse and human error: what IAM teams need to fix?
Explore further
Credential abuse is the most operationally controllable form of human error. Human mistake is broad, but credential compromise is where identity teams can intervene with visibility, monitoring, and guided remediation. The article is right to separate the general human factor from the narrower credential problem because that is where prevention becomes measurable. Practitioners should treat credential abuse as the breach path they can most directly shrink.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- A separate finding from the same research shows that 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, with 38% reporting no or low visibility and 47% reporting only partial visibility.
A question worth separating out:
Q: Who is accountable when credential abuse leads to a breach?
A: Accountability sits across identity, security, and application owners because the failure is usually lifecycle-related as well as user-related. Identity teams need visibility and enforcement, application owners need to prioritise the highest-risk systems, and security leadership needs to measure whether risky credentials are actually being removed.
👉 Read our full editorial: Human error drives most breaches, but credential abuse is controllable