Notifications
Clear all
Topic starter
13/05/2026 8:55 pm
TL;DR: Gartner says 57% of organisations are worrying about leaked secrets in automated workflows and AI implementations, underscoring how discovery gaps leave NHIs, API keys, and service accounts exposed across cloud, CI/CD, and collaboration tools. Continuous inventory, not periodic scanning, is now the baseline control.
NHIMG editorial — based on research published by Entro Security.
By the numbers:
- 57% of organizations find themselves worrying about leaked secrets in their automated workflows and AI implementations.
Questions worth separating out
Q: How should security teams inventory non-human identities across cloud and CI/CD environments?
A: They should build one inventory that correlates secrets, service accounts, tokens, and certificates across repositories, vaults, pipelines, and runtime systems.
Q: Why do non-human identities create more governance risk than human user accounts?
A: NHIs are often long-lived, widely distributed, and embedded in automation, so they can be overlooked for months while still carrying meaningful access.
Q: What is the difference between secret scanning and non-human identity discovery?
A: Secret scanning finds exposed credentials in a specific place, such as a repository or log.
Practitioner guidance
- Build a unified NHI inventory across code, cloud, and collaboration tools Correlate secrets found in repositories, vaults, CI/CD systems, chat platforms, and cloud IAM so duplicate or orphaned credentials are not counted as separate assets.
- Attach ownership and lifecycle state to every discovered credential Record who owns the identity, where it runs, whether it is active, and when it should be rotated or decommissioned.
- Rank remediation by effective blast radius Prioritise credentials with cross-account access, production reach, or inherited admin rights before low-impact development secrets.
With 28% of secrets incidents now originating outside code repositories, teams need monitoring that covers Slack, Jira, Confluence, and runtime logs as part of normal operations, not exception handling?
👉 Read the source article on non-human identity discovery and inventory →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
13/05/2026 8:56 pm
A few things worth adding from our research at NHI Mgmt Group.
Discovery without lifecycle context is inventory theatre. Counting secrets or service accounts does not produce governance if teams cannot connect each identity to an owner, runtime use, and retirement path. The practical result is that remediation stays manual, slow, and inconsistent, while exposed credentials remain valid far longer than their designers intended. Practitioners should treat discovery as the start of control, not the control itself.
A few things that frame the scale:
- 64% of valid secrets leaked in 2022 are still valid and exploitable today, proving that detection alone is not enough without automated revocation, according to The State of Secrets Sprawl 2026.
- Internal repositories are 6x more likely to contain secrets than public ones, at 32.2% versus 5.6%, which means private code cannot be treated as low-risk by default.
A question worth separating out:
Q: When should organisations treat an NHI as a high-priority security risk?
A: They should escalate any NHI with production access, cross-account reach, inherited admin privilege, or unclear ownership. Those traits expand the likely blast radius if the credential is exposed or abused. A high-priority NHI is one that can affect many systems before detection and slow response make containment harder.
👉 Read our full editorial: Non-human identity discovery and inventory still miss hidden secrets
