Entro Security – The NHI & Secrets Risk Report
Non-Human Identities Are Skyrocketing — And So Are the Risks
In the first half of 2025, Entro Labs reported a 44% surge in Non-Human Identities (NHIs) compared to H1 2024. NHIs — including service accounts, bots, and machine credentials — now outnumber human identities by an alarming 144:1 ratio in enterprise environments.
As NHIs multiply, so do the secrets they rely on. These secrets — API keys, tokens, and credentials — are often left unmanaged:
- Long-lived credentials go unrotated
- Secrets are stored in plaintext or shared via messaging apps
- IAM roles remain over-permissioned and unmonitored
This report, based on telemetry from Entro’s enterprise customers, exposes the hidden threats and structural blind spots in identity and secrets management — from overprivileged AWS roles to secrets buried in collaboration tools. It also offers clear guidance for IAM and security teams on how to tighten control and reduce risk in today’s sprawling, machine-driven environments.
