Notifications

Clear all

Identity security’s visibility gap: are your controls keeping up?

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 8151

Topic starter 24/06/2026 11:18 pm

TL;DR: Identity security leaders are split between AI-driven threat planning and day-to-day credential abuse, while only 5% of organisations say they have a complete NHI inventory, according to The Identity Underground Annual Pulse 2026. The gap is structural: programmes built for review cycles and legacy estates cannot govern identities that are proliferating faster than they can be seen.

NHIMG editorial — based on content published by Silverfort: The Identity Underground Annual Pulse 2026

By the numbers:

54% of executives cite AI-enhanced threats as their top concern for 2026.
43% of practitioners say credential stuffing and password spraying are still their most frequent attacks.
Only 5% of organizations feel confident they have a complete inventory of non-human identities.

Questions worth separating out

Q: How should security teams handle identity risk when legacy infrastructure and AI threats collide?

A: They should treat this as a single governance programme with two time horizons.

Q: Why do non-human identities create more governance risk than many teams expect?

A: Because they often lack a clear human owner, a visible lifecycle, or consistent review points.

Q: What breaks when identity teams rely on manual response during an attack?

A: Manual response breaks when attackers move faster than analysts can correlate logs across IdP, PAM, IGA, and SIEM.

Practitioner guidance

Inventory non-human identities as governed assets Establish ownership, business purpose, and lifecycle state for service accounts, API keys, workload identities, and third-party OAuth access.
Prioritise legacy authentication removal Identify NTLM and other legacy identity paths that still support critical workflows, then rank them by exposure and dependency.
Reduce manual identity triage dependence Connect IdP, PAM, IGA, and SIEM telemetry so that suspicious identity activity can trigger pre-defined containment workflows.

What's in the full report

Silverfort's full report covers the operational detail this post intentionally leaves for the source:

Survey methodology and respondent breakdown across more than 150 identity and security practitioners and executives.
The full set of ranked concerns, including how executives and practitioners differ on identity risk priorities.
Detailed commentary on platform consolidation, SIEM adoption, and where organisations are investing next.
Additional practitioner quotes that show how teams are describing the gap between strategy and operations.

👉 Read Silverfort's analysis of The Identity Underground Annual Pulse 2026 →

Identity security’s visibility gap: are your controls keeping up?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

9,443 Topics

15.4 K Posts

43 Online

135 Members

Latest Post: Axios supply chain compromise: what IAM and CI teams missed Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies