Here is a number that should be on every CISO's risk register by Friday: 109 to 1.
That is the ratio of machine identities to human identities in the average enterprise, according to Palo Alto Networks' 2026 Identity Security Landscape report, which surveyed 2,900 cybersecurity decision-makers worldwide. For every employee badge, every SSO login, every MFA-protected human account in your organization, there are 109 API keys, service accounts, OAuth tokens, machine certificates, and — increasingly — AI agent credentials operating with equal or greater access to your systems.
Most of those machine identities have no owner. Many have never been rotated. Some have more access than your CEO.
And now AI agents are making the problem exponentially worse.
The Cloud Security Alliance's whitepaper on Non-Human Identity Governance puts the baseline ratio at 45:1 in typical enterprises and 144:1 in cloud-native environments. But the CSA also found something more alarming: more than 16% of organizations do not track the creation of AI-related identities at all. They are adding agents to their environments faster than they can count them, let alone govern them.
Welcome to the non-human identity crisis — the moment when the species your IAM was built for became the minority in your own infrastructure.
The Numbers That Rewrite Your Risk Model
The scale of the NHI problem has been quietly measured across multiple independent studies in the first half of 2026, and the convergence of their findings is damning.
Palo Alto Networks' Identity Security Landscape (2,900 respondents):
- Machine identities outnumber human identities 109:1
- 9 out of 10 organizations experienced at least one identity-related breach in the past 12 months
- 96% of respondents report that human identities operate with access far beyond what their roles require
- Disconnected identity silos add an average of 12 extra hours per identity-related incident
Orchid Security's Identity Gap 2026 Snapshot (1,000+ enterprise deployments):
- 57% of enterprise identity is now "identity dark matter" — invisible and unmanaged by existing IAM tools
- 67% of non-human accounts are created directly inside applications, bypassing centralized identity providers entirely
- 57% of applications bypass centralized IdPs, which means the real identity surface extends well beyond the formal IAM stack
Cloud Security Alliance NHI Governance Analysis:
- Only 15% of organizations feel highly confident in their ability to prevent NHI-based attacks
- 16% of organizations do not track AI-related identity creation at all
Non-Human Identity Management Group (NHIMG) Research:
- 68% of organizations cannot reliably distinguish AI agent activity from human activity
- Only 5.7% of organizations have full visibility into their service accounts
- 71% of NHIs are not rotated within recommended timeframes
- Only 20% have formal processes for offboarding and revoking API keys
Read those numbers together. Nine in ten enterprises have been breached through identity. More than half their identity estate is invisible. Only one in six has confidence they can prevent the next NHI attack. And the population of machine identities is growing by orders of magnitude as AI agents proliferate.
This is not a gap in your security posture. This is a structural failure in the foundation your entire security model sits on.
Why AI Agents Are a Different Species of Identity
Traditional non-human identities — service accounts, API keys, cron jobs, automation scripts — were predictable. They ran predefined tasks on fixed schedules with bounded access. They were boring. Boring is safe.
AI agents are not boring.
They pursue goals autonomously. They discover tools. They chain actions across systems without human approval at each step. They find shortcuts. And critically, as Orchid Security's research explains, "if an environment contains unmanaged local accounts, excessive privileges, hardcoded credentials, or orphaned accounts, AI agents may discover and use those paths faster than humans can review them."
OWASP codified this risk as ASI03: Identity & Privilege Abuse in its Top 10 for Agentic Applications — the first globally peer-reviewed security framework for autonomous AI systems, built by more than 100 researchers. OWASP ranked it #3, but as Adversa AI's technical analysis argues, "it sets the blast radius for every other agent risk: a goal hijack or a tool misuse is only as damaging as the credentials the agent happens to be holding when it fires."
The fundamental difference between human and agent identity comes down to five structural gaps that traditional IAM was never designed to address:
| Dimension | Human Identity | Agent Identity |
|---|---|---|
| Authentication | Interactive (MFA, SSO) | Bearer tokens, API keys (no MFA equivalent) |
| Permission scope | One identity per person | Multiple identities aggregated per agent |
| Session lifetime | Sessions expire predictably | Tokens often persist indefinitely |
| Attribution | Actions traceable to a human | Actions trace to a shared credential, not the triggering human |
| Deprovisioning | Standard HR-driven offboarding | Credentials rarely revoked when projects end |
The one-sentence version from OWASP: "Your AI agent has more access than most of your employees, no identity of its own, and attackers know that stealing its tokens is easier than phishing a human."
The Credential Crisis in Motion
The theoretical risk became concrete in the first half of 2026. DevFortress's semi-annual intelligence report compiled the timeline:
28.6 million new secrets were exposed on public GitHub in 2025 — a 34% year-over-year increase. AI-service credentials specifically surged 81.5%. And GitGuardian found 24,008 unique secrets embedded in MCP (Model Context Protocol) configuration files in the protocol's first year of widespread adoption.
But the statistic that should end every debate about the urgency of NHI governance: 64% of credentials confirmed as leaked in 2022 were still active and exploitable in January 2026. Four years after detection. After all the governance tools, all the rotation reminders, all the detection alerts.
The incident timeline reinforces the pattern:
-
August 2025: Attackers stole OAuth tokens from Salesloft's Drift chatbot integration, reaching over 700 organizations through a single compromised agent identity. No passwords stolen, no MFA bypassed, no CVEs exploited — the tokens were the identity.
-
January 2026: A Cursor AI agent deleted an entire production database in 9 seconds after finding an unscoped token in a codebase it was never assigned to search. The agent was doing its job — it simply had access to resources that should never have been in its scope.
-
March 2026: The LiteLLM supply chain compromise backdoored 47,000 machines in approximately 40 minutes through two malicious PyPI package versions. Every machine that installed the compromised versions had all credentials — AWS tokens, GCP credentials, SSH keys, Kubernetes configurations — exfiltrated instantly.
-
June 2026: The Klue OAuth breach demonstrated the pattern yet again: a single legacy credential, created in 2022 for an abandoned prototype, led to 195 customer environments being compromised. The credential was never rotated, never revoked, never even noticed — for four years.
Each incident shares the same structural cause: machine identities operating without lifecycle management, scope boundaries, or ownership attribution.
Framework #1: The NHI Governance Maturity Assessment
Where does your organization fall? Use this five-level assessment to evaluate your current NHI governance posture and identify the critical gaps that agents exploit.
Level 1: Invisible (Most Organizations Today)
- No inventory of NHIs beyond what the IdP shows
- Service accounts and API keys created ad hoc by individual teams
- No ownership attribution for machine credentials
- No rotation policies enforced
- Agent identities not tracked separately from other NHIs
- Risk profile: Maximum. You cannot govern what you cannot see. Agents operating in this environment inherit every unmanaged path they discover.
Level 2: Discovered
- Partial NHI inventory exists (typically from a recent audit or vendor POC)
- Some service accounts have documented owners
- Rotation policies exist on paper but enforcement is manual
- AI agents are acknowledged as a category but not separately governed
- Risk profile: High. Visibility without enforcement creates a false sense of security. You know the problem exists but cannot act at machine speed.
Level 3: Governed
- Comprehensive NHI inventory maintained through automated discovery
- Every NHI has an assigned owner, business purpose, and documented access scope
- Credential rotation enforced through automation (not calendar reminders)
- AI agents registered as a distinct identity class with separate governance policies
- Shadow agent detection in place
- Risk profile: Moderate. Governance reduces blast radius but does not prevent runtime exploitation.
Level 4: Enforced
- Zero Standing Privilege (ZSP) implemented — agents start with zero access and request time-bound grants per task
- Just-in-time credential issuance for agent operations
- Runtime behavioral monitoring detects anomalous agent actions
- Automated revocation when agents are decommissioned or projects conclude
- Full audit trail linking agent actions to triggering human and business context
- Risk profile: Low. The attack surface is minimized and monitored. Compromise of a single agent credential is time-bounded and scope-limited.
Level 5: Verified
- Hardware-rooted identity for agents on critical infrastructure (DICE/SPDM attestation)
- Cryptographic workload attestation validates agent integrity before credential issuance
- Continuous posture assessment — agent permissions automatically adjust based on behavioral analysis
- Agent identity governance integrated into CI/CD pipelines (agents are provisioned and scoped as part of deployment, not after)
- Risk profile: Minimal. Agent identity is anchored in hardware, scoped by policy, and monitored in real time.
The honest assessment for most enterprises: Orchid Security's data says 57% of your identity estate is invisible. If more than half your identities are in the dark, you are at Level 1 regardless of what your IAM dashboard shows. The dashboard is only showing you the 43% it can see.
Framework #2: 90-Day Agent Identity Governance Roadmap
For enterprises starting at Level 1 or Level 2, here is a practical implementation timeline to reach Level 3 within one quarter — the minimum viable governance posture before deploying production AI agents.
Days 1-30: Discovery and Inventory
| Action | Owner | Deliverable |
|---|---|---|
| Deploy application-layer NHI discovery (not just IdP scanning) | Security Engineering | Complete inventory of all NHIs including shadow agents |
| Map every NHI to an owner, business purpose, and target system | Application Security + Business Units | Ownership registry with escalation paths |
| Identify all credentials older than 90 days without rotation | IAM Team | Stale credential report with risk-ranked remediation plan |
| Catalog all AI agents (sanctioned and shadow) with their access paths | AI/ML Platform Team | Agent registry with permission maps |
| Assess which applications bypass centralized IdPs | Identity Architecture | Bypass inventory (expect 57% per Orchid data) |
Days 31-60: Policy and Enforcement
| Action | Owner | Deliverable |
|---|---|---|
| Establish agent identity class in IAM taxonomy | Identity Architecture | Agent-specific provisioning and deprovisioning workflows |
| Implement automated credential rotation for all NHIs >90 days old | Security Engineering | Rotation automation with break-glass procedures |
| Deploy runtime monitoring for agent behavioral anomalies | Security Operations | Alert rules distinguishing normal agent behavior from exploitation |
| Define Zero Standing Privilege baseline for new agent deployments | IAM Team | ZSP policy template requiring time-bound grants |
| Create agent decommissioning checklist tied to project lifecycle | DevOps/Platform Engineering | Automated credential revocation on project close |
Days 61-90: Operationalization
| Action | Owner | Deliverable |
|---|---|---|
| Integrate agent identity provisioning into CI/CD pipeline | Platform Engineering | Agents scoped at deployment, not retrofitted |
| Run tabletop exercise: "What happens when an agent credential is compromised?" | Security Operations + IR Team | Incident response playbook for NHI/agent breaches |
| Establish continuous NHI posture reporting to CISO/board | GRC | Monthly NHI risk dashboard with trend metrics |
| Evaluate vendor solutions for gaps remaining after internal build | Security Architecture | Buy vs. build decision for discovery, governance, and runtime layers |
| Conduct first agent access review (equivalent of quarterly human access review) | IAM Team | Certified agent access scope with documented exceptions |
The critical success metric: By Day 90, you should be able to answer one question for every AI agent in your environment: What can this agent access, why does it need that access, who owns it, and what happens to its credentials when the project it serves is concluded? If you cannot answer that question, you are not ready for production agent deployment.
The Vendor Landscape Is Converging Fast
The enterprise security market has recognized the NHI crisis, and the vendor response in 2026 has been rapid — perhaps too rapid for enterprises to evaluate rationally. The landscape is converging around three functional layers:
Identity Governance and Discovery:
- Orchid Security — pioneered "identity dark matter" concept; application-layer discovery of invisible NHIs; The Hacker News called their Guardian Agents framework "the next layer of identity governance"
- Entro Security — Globee Awards 2026 Cybersecurity Startup of the Year; specialized in NHI secrets lifecycle management
- AppViewX — launched Agent Identity Security product using PKI-based approach for agent lifecycle management
Runtime Security and Posture:
- Linx Security — published the definitive Top 11 Agentic AI Security Solutions guide; focuses on runtime enforcement and MCP policy
- Aembit — workload-to-workload identity for agent-to-API authentication without static credentials
Platform Consolidation:
- Microsoft — open-sourced the Agent Governance Toolkit covering all 10 OWASP Agentic Top 10 risks with zero-trust identity, execution sandboxing, and policy enforcement; added Agent 365 as a licensing prerequisite effective July 2026
- Google — Gemini Enterprise Agent Platform includes Agent Identity for granular per-agent permissions and governance
- Palo Alto Networks — expanding Prisma AIRS into unified identity security covering both human and machine identities under a single control plane
CRN's midyear 2026 list of hottest cybersecurity startups explicitly called out NHI protection as one of the defining growth categories, alongside agentic SOC and AI security. The startups are raising nine-figure rounds. The hyperscalers are shipping governance toolkits. The message is clear: the market has decided this is the control plane for enterprise AI security.
The question for CISOs is not whether to invest, but how to evaluate solutions when the category itself is still being defined. The NHIMG's practitioner guidance offers a useful starting principle: separate identity governance (what an agent may access) from runtime security (whether the agent's live behavior stays within policy after execution begins). Any vendor claiming to solve both in a single product should demonstrate both capabilities independently.
The Uncomfortable Truth for CIOs
Microsoft's own survey found that only 29% of organizations "strongly agree" they have safe AI protections in place. Meanwhile, Gartner projects that three in four large enterprises will adopt multi-agent systems by the end of 2026.
The math is simple: 75% adoption against 29% readiness means roughly half of all enterprise agent deployments are operating without adequate identity governance. Every one of those unprotected deployments is creating machine identities at a ratio that already overwhelms human identities by two orders of magnitude — and the agents themselves are finding and exploiting the ungoverned paths faster than any human attacker could.
The IANS Research CISO community puts it bluntly: "The shift to agentic AI is forcing a reckoning with IAM fundamentals that many organizations had been deferring."
That deferral period is over. Your IAM was built for a world where humans were the primary identity. That world ended sometime in 2025. The 109 machine identities per human in your environment are not waiting for you to catch up.
What This Means for Your Enterprise
If you're a CISO: Run the maturity assessment above against your current NHI governance posture. If you are honest about where your organization stands, you will likely find yourself at Level 1 or Level 2. The 90-day roadmap is your minimum viable path to Level 3 before Q4 agent deployments.
If you're a CIO: Every AI agent deployment decision is now also an identity governance decision. If your teams are deploying agents faster than your IAM program can provision, scope, and monitor their credentials, you are accumulating identity debt that compounds at machine speed. The 12-hour incident response penalty from identity fragmentation (Palo Alto data) will be the least of your costs.
If you're an architect: Treat agent identity as a first-class design concern, not a security team problem to solve post-deployment. The organizations at Level 5 are the ones that provision agent identities in CI/CD, not in a separate governance workflow that runs days or weeks after the agent is already in production.
The non-human identity crisis is not a future risk. It is a present reality measured by independent research across thousands of enterprises. The 109:1 ratio is not a prediction — it is the world you are operating in today.
The question is whether your IAM knows it yet.
Continue Reading
- One Forgotten Credential, 195 Breached Companies: The Klue Attack — How a single unrotated credential from 2022 became a blueprint for SaaS supply chain attacks
- The Agentjacking Threat: How a Fake Bug Report Hijacks AI Coding Agents — When agents become attack vectors through manipulated context
- Opaque 3.0: The Agent Governance Toolkit That Proves AI Trust Mathematically — Verifiable governance for enterprise AI agents
- The AI Agent Security Crisis Every Enterprise Is Ignoring — The original warning about ungoverned agent deployments
- Shadow AI: The Invisible Risk Hiding in Every Enterprise — When employees deploy AI tools without IT's knowledge
Rajesh Beri is Head of AI Engineering at Zscaler, where he builds AI solutions for enterprise security, compliance, and operations. Views expressed are his own.