- Four in five UK businesses suffered identity breaches in 2025
- Machine identities now outnumber humans 100:1, and many AI agents are accessing sensitive financial systems.
- CyberArk recommends unified, automated identity security as identity complexity exceeds traditional controls
Almost every company experienced at least one identity breach in 2025, according to a new study, in incidents where criminals logged into existing legitimate accounts, rather than using a bug or vulnerability to gain access.
Palo Alto Networks’ CyberArk Identity Security Landscape 2026 Report indicates that the problem will only get worse as the number of identities in the enterprise also increases, and through it, the attack landscape expands.
In fact, almost three quarters (74%) of businesses in the UK have experienced at least three successful identity breaches in the last 12 months.
The rise of machines
Several factors contribute to this significant increase in risk. The first is the large number of accounts that companies manage. Today, UK organizations expect a large increase in the number of accounts for human identities, machine identities and AI identities.
AI and LLMs, IoT devices and robots, and humans using more cloud applications are all contributing to the proliferation of digital identities.
At the same time, more organizations are allowing AI agents and machine identities to access sensitive data.
Today, 34% of AI agents and 37% of machine identities can access high-value financial records and systems, while at the same time, only a minority uses behavioral monitoring and credential revocation for their autonomous AI agents, conversational AI agents, and GenAI agents.
CyberArk claims that today, machine identities outnumber humans 100 times in the UK alone. At the same time, organizations are not rethinking how identity risks are managed, leading to increasing pressure to expand visibility, control and governance.
Companies must now move from manual, fragmented monitoring to a unified, automated approach to identity security, the researchers conclude. Having 100 machine identities for every human identity requires a platform-driven strategy, they say.
“The explosion of machine identities represents a fundamental shift in the attack surface for businesses,” said Rich Turner, senior vice president EMEA – Identity Security at Palo Alto Networks. “As AI-powered identities are expected to continue to accelerate over the next year, organizations face a reality where the complexity of identities is rapidly outpacing traditional security controls. »
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
