TL;DR: Financial services now run on an estimated 82 machine identities for every human, while poor secret handling and static credentials continue to widen the breach surface, according to Akeyless and IBM's Cost of a Data Breach Report 2025. The governance problem is no longer secret storage alone, but whether IAM, PAM, and lifecycle controls can scale to machine-speed access and AI agents.
NHIMG editorial — based on content published by Akeyless: secrets management strategy for financial organizations and AI agents
By the numbers:
- The average breach in financial services now costs $5.56 million, according to IBM's Cost of a Data Breach Report 2025.
- Machine identities now outnumber humans 82 to 1.
Questions worth separating out
Q: How should financial teams manage machine identities with secrets at scale?
A: They should treat machine identities as first-class governed identities, not as technical exceptions.
Q: Why do static credentials create so much risk in cloud and AI environments?
A: Static credentials create standing access, which means compromise can persist long after the original issue is discovered.
Q: What breaks when secrets are scattered across code, files, and multiple vaults?
A: Security teams lose the ability to answer basic governance questions: who can use the secret, where it is deployed, and when it should be revoked.
Practitioner guidance
- Inventory every machine identity and its secret dependency Build a complete register of applications, bots, microservices, CI/CD jobs, and AI systems that depend on credentials.
- Replace long-lived credentials with task-bound issuance Issue secrets only for the duration of the job or session, then revoke them automatically when the task ends.
- Centralize policy while keeping secret reconstruction constrained Use one policy layer to govern rotation, audit, and access rules, but avoid designs where a single operational path can reconstruct all key material.
What's in the full article
Akeyless's full article covers the operational detail this post intentionally leaves for the source:
- The article walks through a finance-specific control model for centralized secrets governance across cloud, pipelines, and regulated workloads.
- It explains the vendor's zero-knowledge architecture and Distributed Fragments Cryptography approach for handling key material.
- It outlines how ephemeral, policy-driven access is applied to AI agents and machine identities in practice.
- It maps secrets handling to finance compliance requirements such as PCI DSS, GLBA, SOX, and NYDFS.
👉 Read Akeyless's analysis of secrets management for financial machine identities and AI agents →
Machine identity secrets in finance: are your controls keeping up?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
Secrets management has become identity governance for machine-era finance. The article correctly shows that credentials are no longer an implementation detail, because machine identities now sit between applications, pipelines, cloud services, and AI tools. Once those identities outnumber people, the real control problem is whether security teams can still see, scope, and revoke access at the pace the business now operates. The practitioner conclusion is that secrets strategy belongs inside IAM and PAM governance, not beside it.
A few things that frame the scale:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, according to The 2026 Infrastructure Identity Survey.
- Another finding from the same survey shows that only 44% of organisations have implemented any policies to manage their AI agents, even though 92% agree that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: Who is accountable when an AI agent uses a secret incorrectly?
A: Accountability should sit with the team that approved the agent’s access model and operating boundary, not with the AI system itself. If the agent can obtain credentials without task-scoped limits, the governance failure is in how access was issued and monitored. Finance teams should define ownership, logging, and revocation before deployment.
👉 Read our full editorial: Secrets management for financial machine identities and AI agents