- Four out of five UK businesses will suffer identity-related breaches by 2025
- Machine identities now outnumber humans 100:1, and many AI agents have access to sensitive financial systems
- CyberArk encourages consistent, automated identity security as identity complexity outpaces traditional controls
Almost all businesses experienced at least one identity-related breach by 2025, new research has claimed, in incidents where criminals logged into existing, legitimate accounts rather than using a bug or vulnerability to gain access.
The Identity Security Landscape Report 2026 from Palo Alto Networks’ CyberArk notes that the problem will only get worse as the number of identities in the enterprise also increases, and through that – the attack landscape grows.
In fact, almost three-quarters (74%) of businesses in the UK experienced at least three successful identity-related breaches in the last 12 months.
The advent of machines
There are several factors that contribute to this significant increase in risk. The first is the large number of accounts companies handle. Today, UK organizations expect a steep increase in the number of accounts across human, machine and AI identities.
AI and LLMs, IoT devices and bots, as well as humans using multiple cloud applications, are all contributing to the evolution of digital identities.
At the same time, more and more organizations are giving AI agents and machine identities access to sensitive data.
Today, 34% of AI agents and 37% of machine identities can access financial records and high-value systems, while at the same time only a minority use behavioral monitoring and credential revocation for their autonomous AI agents, conversational AI agents, and GenAI agents.
CyberArk says that today machine identities outnumber humans 100 to 1 in the UK alone. At the same time, organizations are not rethinking how identity risk is managed, resulting in increasing pressure to expand visibility, control and governance.
Companies must now move from fragmented, manual monitoring to a unified, automated identity security approach, the researchers conclude. Having 100 machine identities for every human requires a platform-driven strategy, they argue.
“The explosion of machine identities represents a fundamental shift in the enterprise attack surface,” said Rich Turner, Senior Vice President EMEA – Identity Security at Palo Alto Networks. “With AI-powered identities expected to continue to accelerate in the next year, organizations face a reality where identity complexity is rapidly outstripping traditional security controls.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
