NHI sprawl in 2025: what does it mean for IAM teams?

TL;DR: Non-human identities are on track to outnumber human identities by 100 to 1 in enterprise environments, and Entro Security argues that lifecycle management, AI-assisted detection, and zero-trust controls will become central to 2025 security planning. The governance assumption that machine access can be handled like human access is already breaking down.

NHIMG editorial — based on content published by Entro Security: Cybersecurity Predictions for 2025, focused on non-human identity takeover

By the numbers:

• Non-human identities are on track to outnumber human identities by 100 to 1 in enterprise environments.
• NHIs outnumber human identities by 25x to 50x in modern enterprises.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

Questions worth separating out

Q: How should security teams implement NHI lifecycle management?

A: Start with discovery, then assign every service account, API key, token, and certificate to an owner with a defined approval and revocation path.

Q: Why do non-human identities complicate zero trust programmes?

A: Because NHIs authenticate at machine speed, often with long-lived secrets and repeated programmatic calls, which makes one-time trust decisions too weak.

Q: What breaks when secrets are stored in code and CI/CD tools?

A: Access becomes invisible, reusable, and hard to revoke, which means the organisation loses control of where authentication material exists.

Practitioner guidance

• Map every machine identity to an owner Require a named business or platform owner for each service account, API key, token, and certificate so identity sprawl can be triaged and revoked quickly when it is no longer needed.
• Inventory secrets outside approved vaults Scan code repositories, CI/CD tools, chat systems, and config files for long-lived credentials, then move them into controlled storage with clear rotation and revocation processes.
• Separate detection from remediation Use anomaly detection to identify unusual machine identity behaviour, but route every alert into a revocation or rotation workflow that can invalidate the credential before reuse.

What's in the full article

Entro Security's full blog post covers the operational detail this post intentionally leaves for the source:

• The specific 2025 prediction themes and the order Entro Security assigns to them across NHI growth, AI, IAM, lifecycle, and zero trust.
• The vendor's recommendations for CISOs on continuous discovery, automated lifecycle management, and anomaly detection.
• The article's own examples of how AI is expected to affect secrets usage patterns and access monitoring.
• The framing Entro Security uses for why these trends matter to enterprise security planning in 2025.

👉 Read Entro Security’s predictions on NHI takeover and 2025 identity risk →

NHI sprawl in 2025: what does it mean for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →