Machine identity secrets in finance: are your controls keeping up?

TL;DR: Financial services now run on an estimated 82 machine identities for every human, while poor secret handling and static credentials continue to widen the breach surface, according to Akeyless and IBM's Cost of a Data Breach Report 2025. The governance problem is no longer secret storage alone, but whether IAM, PAM, and lifecycle controls can scale to machine-speed access and AI agents.

NHIMG editorial — based on content published by Akeyless: secrets management strategy for financial organizations and AI agents

By the numbers:

• The average breach in financial services now costs $5.56 million, according to IBM's Cost of a Data Breach Report 2025.
• Machine identities now outnumber humans 82 to 1.

Questions worth separating out

Q: How should financial teams manage machine identities with secrets at scale?

A: They should treat machine identities as first-class governed identities, not as technical exceptions.

Q: Why do static credentials create so much risk in cloud and AI environments?

A: Static credentials create standing access, which means compromise can persist long after the original issue is discovered.

Q: What breaks when secrets are scattered across code, files, and multiple vaults?

A: Security teams lose the ability to answer basic governance questions: who can use the secret, where it is deployed, and when it should be revoked.

Practitioner guidance

• Inventory every machine identity and its secret dependency Build a complete register of applications, bots, microservices, CI/CD jobs, and AI systems that depend on credentials.
• Replace long-lived credentials with task-bound issuance Issue secrets only for the duration of the job or session, then revoke them automatically when the task ends.
• Centralize policy while keeping secret reconstruction constrained Use one policy layer to govern rotation, audit, and access rules, but avoid designs where a single operational path can reconstruct all key material.

What's in the full article

Akeyless's full article covers the operational detail this post intentionally leaves for the source:

• The article walks through a finance-specific control model for centralized secrets governance across cloud, pipelines, and regulated workloads.
• It explains the vendor's zero-knowledge architecture and Distributed Fragments Cryptography approach for handling key material.
• It outlines how ephemeral, policy-driven access is applied to AI agents and machine identities in practice.
• It maps secrets handling to finance compliance requirements such as PCI DSS, GLBA, SOX, and NYDFS.

👉 Read Akeyless's analysis of secrets management for financial machine identities and AI agents →

Machine identity secrets in finance: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →