NHI sprawl and AI-driven attacks: what IAM teams must change

TL;DR: Non-human identities are now reported at a 144:1 ratio, a 44% increase from 2024 to 2025, while AI-powered cyber attacks rose 47% globally and 78% of CISOs said the threat materially affects their business, according to Clarity Security. The real issue is not tool adoption but whether identity governance can still keep pace with identities and decisions that move faster than manual review cycles.

NHIMG editorial — based on content published by Clarity Security: 2026 IAM trends for NHI growth, AI attacks, and identity-first security

By the numbers:

• Non-human identities have increased to a 144:1 ratio, marking a 44% increase from 2024 to 2025.
• AI-powered cyber attacks increased 47% globally in 2025.
• 78% of CISOs reported that AI threats are having a significant impact on their businesses.

Questions worth separating out

Q: How should security teams govern non-human identities at scale?

A: Security teams should govern non-human identities through continuous discovery, lifecycle ownership, entitlement review, and automated drift detection.

Q: Why do AI-driven attacks force changes in identity governance?

A: AI-driven attacks compress the time available to detect misuse and reduce access.

Q: What do security teams get wrong about identity-first security?

A: Teams often treat identity-first security as a policy change when it is really an operating model change.

Practitioner guidance

• Inventory every non-human identity continuously Establish automated discovery across cloud, hybrid, and on-premise environments so service accounts, bots, API keys, and agent identities are visible before they accumulate hidden privilege.
• Replace periodic reviews with nested entitlement checks Review indirect permissions and inherited access paths, not just top-level accounts, because hidden entitlements often carry the highest operational risk in sprawling identity estates.
• Automate remediation for high-risk access drift Trigger permission reduction or revocation when an identity's behaviour changes, rather than waiting for a manual ticket to clear, so attack windows stay short.

What's in the full article

Clarity Security's full report covers the operational detail this post intentionally leaves for the source:

• The article's full breakdown of how each 2026 trend affects governance, security operations, and identity team workload.
• The report's specific recommendations for unified governance, continuous monitoring, and context-aware access.
• The article's examples of how identity data can support workforce planning and onboarding efficiency.
• The vendor's broader trend framing across NHI growth, AI attacks, authentication, and identity-first strategy.

👉 Read Clarity Security's 2026 IAM trends analysis for NHI and identity-first security →

NHI sprawl and AI-driven attacks: what IAM teams must change?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →