- Non-human identities outnumber humans 82-to-1, new report claims
- Security teams focus on identity security
- Attack vectors remain unchanged, and that’s a good thing
New research from Rubrik Zero Labs has claimed that AI agents in the workplace are creating a wave of ‘non-human identities’ that now outnumber human users 82-to-1.
This growth comes as 90% of global executives cite identity attacks as their top cybersecurity concern β as non-human identities expand the attack surface faster than security teams can keep up.
“Managing identities in the AI ββera has become a complex endeavor, especially with the maze of NHIs,” highlighted the company’s Chief Transformation Officer Kavitha Mariappan.
AI agents, or non-human identities, create new weak points
However, the risks are not going unnoticed, with 89% of organizations planning to hire staff dedicated specifically to identity security in the next year. Additionally, 87% plan to switch their IAM provider, with 58% citing security concerns as their main reason for switching.
However, security experts worry that it may be too little too late, as 89% have already incorporated AI agents into their identity infrastructure and another 10% plan to do so.
Three in five (58%) security leaders now expect at least half of next year’s cyber attacks to be powered by agent AI, and only 28% believe they will fully recover from a cyber incident within 12 hours (down 15 percentage points in one year).
More alarmingly, 89% of ransomware victims agreed to pay the ransom to recover from or stop the attack.
Despite an evolving landscape, common attack vectors are not changing. Four out of five (79%) CrowdStrike detections did not involve malware β just the attacker logging in. Social engineering remains a key vector, with 86% of basic web app attacks today relying on stolen credentials, and non-human identities can be just as susceptible to deception.
Social engineering (24%), legitimate credential compromise (21%), forged authentication tokens (20%), and MFA bypass (17%) are among the most popular, but that’s a good thing.
With this in mind, all security managers need to do is adapt how they protect new tools against the same old threats.
So despite the rise in non-human identities, security teams aren’t actually facing new challenges, just more systems to lock down.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
