- Non-human identities outnumber human ones 82 times, new report finds
- Security teams focus on identity security
- Attack vectors remain unchanged, and that’s a good thing
A new study from Rubrik Zero Labs claims that AI agents in the workplace are creating a wave of “non-human identities,” which now outnumber human users by a ratio of 82 to 1.
This growth comes as 90% of global executives cite identity attacks as their top cybersecurity concern, as non-human identities expand the attack surface faster than security teams can keep up.
“Identity management in the AI era has become a complex undertaking, especially with the maze of NHIs,” noted Kavitha Mariappan, chief transformation officer at the company.
AI agents, or non-human identities, create new weaknesses
The risks are not going unnoticed, however, as 89% of organizations plan to hire staff dedicated specifically to identity security in the next year. Additionally, 87% are considering switching IAM providers, with 58% citing security concerns as the primary reason for the change.
Security experts, however, fear it may be too little, too late: 89% have already integrated AI agents into their identity infrastructure and 10% plan to do so.
Three in five security executives (58%) now expect at least half of next year’s cyberattacks to be caused by agentic AI, and only 28% believe they would fully recover from a cyberincident within 12 hours (down 15 percentage points year-over-year).
Even more alarming, 89% of ransomware victims agreed to pay the ransom to recover from or stop the attack.
Despite the changing landscape, common attack vectors are not changing. Four out of five CrowdStrike detections (79%) did not involve malware, but simply the attacker’s login. Social engineering remains a key vector, with 86% of core web application attacks today relying on stolen credentials, and non-human identities can be just as susceptible to being fooled.
Social engineering (24%), legitimate credential compromise (21%), forged auth tokens (20%), and MFA bypass (17%) are among the most popular, but that’s a good thing.
With this in mind, all security leaders need to do is adjust how they protect emerging tools against the same old threats.
So despite the rise of non-human identities, security teams aren’t really facing new challenges, just more systems to lock down.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
