- Four in five UK businesses suffered identity-related breaches by 2025
- Machine identities now outnumber humans 100:1, and many AI agents access sensitive financial systems
- CyberArk Calls for Unified, Automated Identity Security as Identity Complexity Overwhelms Traditional Controls
Nearly every company experienced at least one identity-related breach in 2025, new research claims, in incidents where criminals logged into existing legitimate accounts, rather than using a bug or vulnerability to gain access.
Palo Alto Networks’ CyberArk 2026 Identity Security Landscape Report notes that the problem will only get worse as the number of identities in the enterprise is also increasing, and through that, the attack landscape is growing.
In fact, almost three quarters (74%) of UK businesses experienced at least three successful identity-related breaches in the last 12 months.
The rise of machines
There are multiple factors that contribute to this significant increase in risk. The first is the large number of accounts that companies manage. Today, UK organizations expect a sharp increase in the number of accounts across human identities, machine identities and AI identities.
AI and LLM, IoT devices and bots, as well as human use of more cloud applications, are contributing to the proliferation of digital identities.
At the same time, more and more organizations are allowing AI agents and machine identities to access sensitive data.
Today, 34% of AI agents and 37% of machine identities can access high-value financial records and systems, while at the same time, only a minority use behavioral monitoring and credential revocation for their autonomous AI agents, conversational AI agents, and GenAI agents.
CyberArk says that today, machine identities outnumber humans by 100 to 1 in the UK alone. At the same time, organizations are not rethinking how identity risk is managed, creating increasing pressure to expand visibility, control and governance.
The researchers conclude that companies must now move from fragmented manual monitoring to a unified and automated identity security approach. They argue that having 100 machine identities for every human requires a platform-driven strategy.
“The explosion of machine identities represents a fundamental shift in the enterprise attack surface,” said Rich Turner, Senior Vice President, EMEA – Identity Security, Palo Alto Networks. “With AI-powered identities expected to continue accelerating over the next year, organizations are facing a reality where identity complexity is rapidly outpacing traditional security controls.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
