Entro Security – The NHI & Secrets Risk Report
Non-Human Identities Are Skyrocketing — And So Are the Risks
In the first half of 2025, Entro Labs reported a 44% surge in Non-Human Identities (NHIs) compared to H1 2024. NHIs — including service accounts, bots, and machine credentials — now outnumber human identities by an alarming 144:1 ratio in enterprise environments.
Key insights from the report:
- Non‑human identities now outnumber human users by 144 to 1, a 44% increase year-over‑year—driven by AI agents, CI/CD automation, and third-party integrations
- Nearly half of all exposed secrets reside outside code repositories — in CI/CD logs, collaboration tools, and messaging platforms
- Over 5.5% of AWS NHIs hold full admin privileges—creating “Super NHIs” that elevate risk
- Other alarm bells include stale identities active for years, rampant overprivilege, and widespread secrets duplication and misconfiguration
As NHIs multiply, so do the secrets they rely on. These secrets — API keys, tokens, and credentials — are often left unmanaged:
- Long-lived credentials go unrotated
- Secrets are stored in plaintext or shared via messaging apps
- IAM roles remain over-permissioned and unmonitored
This report, based on telemetry from Entro’s enterprise customers, exposes the hidden threats and structural blind spots in identity and secrets management — from overprivileged AWS roles to secrets buried in collaboration tools. It also offers clear guidance for IAM and security teams on how to tighten control and reduce risk in today’s sprawling, machine-driven environments.
