Notifications
Clear all
Topic starter
12/06/2026 9:47 pm
TL;DR: AI significantly expanded identities at 43% of organisations that reported a breach in the past 12 months, versus 11% where access patterns did not materially change, according to Netwrix Research Lab. Only 11% say they have full AI security readiness, showing governance and monitoring are lagging the pace of AI-driven access growth.
NHIMG editorial — based on content published by Netwrix: 2026 Data and Identity Security Report
By the numbers:
- 43% of organisations where AI significantly expanded identities reported a breach in the past 12 months, compared with 11% where AI had not materially changed access patterns.
- 76% of organisations do not fully govern or monitor non-human identities.
- 11% of organisations report full AI security readiness through continuous enforcement and monitoring.
Questions worth separating out
Q: How should security teams govern AI-driven identity expansion?
A: Security teams should treat AI-driven identity expansion as an identity lifecycle problem, not a one-time deployment task.
Q: Why do non-human identities create so much additional breach risk in AI programmes?
A: Non-human identities increase breach risk because they often carry standing access, are poorly inventoried, and are monitored less consistently than human accounts.
Q: What breaks when organisations rely on periodic access reviews for AI systems?
A: Periodic access reviews break when the identity scope changes between review cycles.
Practitioner guidance
- Inventory every AI-created identity path Map service accounts, tokens, keys, and certificates that support AI-enabled workflows, then attach ownership and business purpose to each one.
- Enforce least privilege at issuance Set scope limits before access is granted and deny broad entitlements that are only justified by convenience.
- Tie revocation to lifecycle events Revoke or rotate identities when the model, pipeline, vendor relationship, or workload changes.
What's in the full report
Netwrix's full report covers the operational detail this post intentionally leaves for the source:
- The full survey methodology behind 2,317 respondents across 1,889 organisations and more than 60 industries.
- Regional and maturity-tier breakdowns that show where AI readiness diverges most sharply.
- Incident response readiness comparisons that help security teams benchmark their own programme.
- Benchmarks for data visibility, access governance, and AI maturity that support board-level reporting.
👉 Read Netwrix's 2026 Data and Identity Security Report on AI readiness →
AI identity expansion and breach risk: are controls keeping up?
Explore further
13/06/2026 12:06 am
AI-driven identity growth has become a governance problem before it is a technology problem. When AI creates identities and permissions faster than human-paced review can absorb them, the breach question shifts from whether access exists to whether it is still governable at all. That is a direct challenge to IAM operating models built around periodic certification. Practitioners should treat identity expansion as a control-capacity issue, not a tooling issue.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: Who should own AI identity governance in the enterprise?
A: AI identity governance should be owned jointly by identity, security, and platform teams, with clear accountability for provisioning, monitoring, and revocation. If ownership sits only with one group, the organisation usually misses either the technical controls or the operational lifecycle. Shared governance is essential because the risk crosses IAM, NHI, and data access domains.
👉 Read our full editorial: AI identity expansion is outpacing data security governance
