Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

NHI sprawl and AI-driven attacks: what IAM teams must change


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Non-human identities are now reported at a 144:1 ratio, a 44% increase from 2024 to 2025, while AI-powered cyber attacks rose 47% globally and 78% of CISOs said the threat materially affects their business, according to Clarity Security. The real issue is not tool adoption but whether identity governance can still keep pace with identities and decisions that move faster than manual review cycles.

NHIMG editorial — based on content published by Clarity Security: 2026 IAM trends for NHI growth, AI attacks, and identity-first security

By the numbers:

Questions worth separating out

Q: How should security teams govern non-human identities at scale?

A: Security teams should govern non-human identities through continuous discovery, lifecycle ownership, entitlement review, and automated drift detection.

Q: Why do AI-driven attacks force changes in identity governance?

A: AI-driven attacks compress the time available to detect misuse and reduce access.

Q: What do security teams get wrong about identity-first security?

A: Teams often treat identity-first security as a policy change when it is really an operating model change.

Practitioner guidance

  • Inventory every non-human identity continuously Establish automated discovery across cloud, hybrid, and on-premise environments so service accounts, bots, API keys, and agent identities are visible before they accumulate hidden privilege.
  • Replace periodic reviews with nested entitlement checks Review indirect permissions and inherited access paths, not just top-level accounts, because hidden entitlements often carry the highest operational risk in sprawling identity estates.
  • Automate remediation for high-risk access drift Trigger permission reduction or revocation when an identity's behaviour changes, rather than waiting for a manual ticket to clear, so attack windows stay short.

What's in the full article

Clarity Security's full report covers the operational detail this post intentionally leaves for the source:

  • The article's full breakdown of how each 2026 trend affects governance, security operations, and identity team workload.
  • The report's specific recommendations for unified governance, continuous monitoring, and context-aware access.
  • The article's examples of how identity data can support workforce planning and onboarding efficiency.
  • The vendor's broader trend framing across NHI growth, AI attacks, authentication, and identity-first strategy.

👉 Read Clarity Security's 2026 IAM trends analysis for NHI and identity-first security →

NHI sprawl and AI-driven attacks: what IAM teams must change?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Non-human identity sprawl is now a governance problem, not a hygiene issue. Once machine identities outnumber human identities at this scale, inventory and certification processes stop being administrative tasks and become control limits. The article's 144:1 ratio shows that the access surface is now structurally shaped by NHIs, not just by workforce accounts. Practitioners should treat unmanaged service identities as a core governance domain, not a side inventory exercise.

A few things that frame the scale:

  • 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
  • Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, according to the same report.

A question worth separating out:

Q: How can organisations reduce risk from shadow IT and unmanaged bots?

A: Organisations should standardise application onboarding, require ownership for every new identity, and monitor for access drift in real time. Shadow IT becomes dangerous when unmanaged applications create persistent identities outside governance. Reducing risk means making every identity discoverable, reviewable, and attributable.

👉 Read our full editorial: Identity governance trends for 2026: NHI sprawl, AI attacks, trust



   
ReplyQuote
Share: