Our founder Lalit Choda speaks to Fatima Boolani (Co-Head of US Equity Research at Citi Bank) on the state of the Non-Human ID / Machine ID market.
Post the webinar session Fatima Boolani’s research team publishes a research report – Non-Human ID / Machine ID Expert Call: On Ground Floor (Pain-Point Awareness) of a Skyscraper (Lucrative TAM).
Some highlights from the discussion with Fatima Boolani :
- 2025 – Year of Education and Awareness, 2026 Organisations Invest in NHI Programs – 2025 the key focus remains on education and awareness by the industry, including from our NHI Mgmt Group, and in 2026 we expect an increase in organisations planning NHI programs into their budgets.
- Hybrid-Cloud, SaaS, Microservices and now GenAI are amplifying Non-Human / Machine ID risks – Hybrid-Cloud adoption, 3rd Party SaaS Supply Chain integrations, Containerisation/Microservices, API-Based service architecture and now GenAI have created a massive secrets sprawl problem. GitGuardian found 23.8M secrets in public GitHub repos in 2024, NHIs typically outnumber human identities by 25-50x.
- Key Challenges of NHIs – NHIs are typically unmanaged with very weak controls, they have very high privileges, a key attack vector to compromise systems/data and very challenging to remediate the risks. Many of the issues associated with NHIs are related to the fact the vast majority are static in nature and long lived and have weak offboarding processes.
- Key NHI Risks – there are many risks around NHIs, including hardcoded credentials in source code repos, lack of inventory of accounts, many stale/inactive accounts, lack of ownership, humans using NHIs, passwords/secrets are not rotated. See our article and animated video on the Top 10 NHI Issues.
- Large Number of NHI Breaches – over the last couple of years we have seen a significant number of NHI related breaches, due to growing secrets sprawl problem and 3rd party supply chain exposures. NHIs are easy to discover e.g. in public GitHub source code repositories.Our NHI Mgmt Group recently published an article on 40 Major NHI Breaches.
- Current IGA and PAM solutions only handle some NHI use cases – addressing NHI risks touches on all aspects of IT processes and controls, from IAM Lifecycle Processes (JML), SDLC (CI/CD, DevSecOps), Secrets Vaulting, Secrets Scanning, Detect and Response etc. Traditional IGA and PAM solutions are not designed to manage the full lifecycle processes needed to manage NHIs in particular for the huge risks and issues with static secrets and then more strategically solving zero trust model of dynamic secrets for managing software workloads, AI agents etc.
- Huge number of Vendors have entered into the NHI space – there are a large number of start-ups that are building dedicated NHI products, we are also seeing many existing identity players (IGA, PAM etc) pivoting into NHI space. Approx. $400M in VC funding went into start-ups developing NHI capabilities in 2024 – further details here.There are different approaches vendors have taken from NHI Governance, Posture Management & ITDR capabilities to solving software workload management strategically using zero-trust principles of dynamic ephemeral secrets.We expect there to be a lot of market activity in 2025-2026 and vendors pivot to build out their NHI capabilities and expect multiple to see consolidation, acquisitions in the market.Lalit was asked about existing IGA / PAM players and how well they are positioned to pivot and take market share – CyberArk, BeyondTrust, Sailpoint, Saviynt were discussed alongside the new wave of start-ups coming into the market over the last few years including Akeyless, Entro, Astrix, Oasis to name but a few.
- GenAI / Agentic AI will tip NHI risks – we expect with the explosion of AI services, the number of NHIs will increase significantly and much stronger controls and guardrails will be needed to securely manage the NHIs used by AI services. This will bring a bigger focus and investment from the industry and organisations around needing to manage the risks around managing NHIs.
Further details on all the topics covered can be found in the most comprehensive ground-breaking research report written by our founder Lalit Choda – The Ultimate Guide To Non-Human Identities.
