- Non-human identities outnumber human ones 82 to 1, new report claims
- Security teams focus on identity security
- The attack vectors remain unchanged, and that’s a good thing.
New research from Rubrik Zero Labs has claimed that AI agents in the workplace are creating a surge of “non-human identities”, which now outnumber human users by a ratio of 82 to 1.
This growth comes as 90% of global leaders cite identity attacks as their top cybersecurity concern, as non-human identities are expanding the attack surface faster than security teams can keep up.
“Identity management in the age of AI has become a complex task, especially with the maze of NHIs,” noted the company’s chief transformation officer, Kavitha Mariappan.
AI Agents, or Non-Human Identities, Are Creating New Pain Points
However, the risks do not go unnoticed: 89% of organizations plan to hire staff dedicated specifically to identity security over the next year. Additionally, 87% plan to change their IAM provider, with 58% citing security concerns as their top reason for switching.
However, security experts worry it may be too little, too late: 89% have already incorporated AI agents into their identity infrastructure and another 10% plan to do so.
Three in five (58%) security leaders now expect at least half of next year’s cyberattacks to be driven by agent AI, and only 28% believe they will fully recover from a cyber incident within 12 hours (a drop of 15 percentage points over a year).
Most alarmingly, 89% of ransomware victims agreed to pay the ransom to recover from the attack or stop it.
Despite an evolving landscape, common attack vectors are not changing. Four out of five (79%) CrowdStrike detections did not involve malware, just the attacker logged in. Social engineering remains a key vector, as 86% of attacks on core web applications today rely on stolen credentials, and non-human identities can be equally susceptible to deception.
Social engineering (24%), compromising legitimate credentials (21%), forged authentication tokens (20%), and bypassing MFA (17%) are among the most popular, but that’s a good thing.
With this in mind, all security leaders need to do is modify the way they protect emerging tools from the same old threats.
So despite the rise of non-human identities, security teams don’t actually face new challenges, just more systems to lock down.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
