SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Crystal
#
PAM
#
Cloud Security
#
IoT Security

Identity crisis as machine accounts outnumber humans

Tue, 14th Apr 2026
Author image
By Shannon Williams, News Editor

Cybersecurity specialists are warning of an emerging identity management crisis as machine accounts and AI agents outnumber human users across modern IT estates. The concerns coincide with Identity Management Day 2026, which highlights the growing complexity of digital identities.

Many enterprise identity environments now span ageing on-premise systems, multiple cloud platforms and rapidly expanding automation. Security leaders say this sprawl has exposed weaknesses in how organisations track, authenticate and govern the people and machines interacting with their networks and data.

Richard Enderby, Practise Lead, Cybersecurity at SHI, said a lack of investment in cohesive identity strategies has left many firms exposed.

"An ageing AD environment, decades-old service accounts and SSO rollouts that drag on for months all point to a failure to invest in and adopt a unified approach to identity management. Add to that the army of non-human identities (NHIs) such as AI agents, bots, service accounts, virtual machines, API keys and OAuth tokens, and the threat of quantum computing, which is expected to result in mass decryption and credential compromise, and we're quite literally on the cusp of an identity crisis."

Now in its sixth year, Identity Management Day draws attention to how businesses manage human, machine and agentic identities. Industry practitioners say the balance has now shifted decisively towards non-human accounts, which often operate at high speed, at scale and, in many cases, with elevated permissions.

According to cloud security specialist Sysdig, humans account for only a small minority of identities in large cloud deployments. That shift has reshaped how attackers gain initial access and move laterally through environments.

Crystal Morin, Senior Cybersecurity Strategist at Sysdig, said: "Identity management has undergone a massive shift: humans now make up less than 3% of managed identities in cloud environments. The rest belong to machines that don't log off, don't take breaks, and often operate with elevated permissions."

Against this backdrop of automation, quantum threats and AI-driven systems, Enderby said traditional efforts around so-called "identity hygiene" no longer go far enough.

"The imperative up to this point was to adopt good identity hygiene to drive down the identity debt created by orphaned accounts or over-permissions. But now it's a race against time to transform identity management into a resilient, future-ready identity architecture capable of ensuring the business can maintain operations in the face of a range of emerging threats."

Security teams say agentic AI illustrates the scale of the challenge. Once granted access to data and tools, these systems can initiate tasks and make decisions autonomously.

"Take agentic AI, which is proving problematic not just to authenticate but to enforce least privilege. It's all well and good allowing AI agents to source information or carry out tasks, but if you can't restrict their access in the same way as a human user, they are essentially allowed to ride roughshod over the estate."

Practitioners are calling for a shift away from fragmented tools and static policies towards a broader identity architecture spanning discovery, governance, monitoring and incident response across both human and non-human identities.

Enderby said the first step is to uncover how many machine identities an organisation already has and how those accounts behave in practice.

"Creating an identity architecture fit for these new challenges will require the organisation to discover and transform. Discovery is essential to get on top of the NHIs traversing the network, CI/CD pipelines which can see tools enjoy domain admin rights to deploy infrastructure and code, and smart IoT and edge devices that may have credentials that never expire. To deal with these entities requires machine identity management (MIM), secrets vaulting and automated credential rotation. The discovery process should also entail a review of privileged account and service account ownership, the deprovisioning process, and enforcement of least privilege across environments, including the cloud."

Morin said the rise of automation and AI development has widened the gap between traditional identity controls and real-world usage patterns in cloud-native environments.

"As automation and AI-driven development explode, the gap between human and machine identities is becoming one of the defining security challenges of our time. Machine identities are ephemeral, autonomous, and often difficult to manage at scale with traditional controls, which were never designed for this speed. Identity is the primary access control, it defines an environment's boundaries, and it's the most common source of initial access in a breach."

She argued that organisations need to treat identity as a continuous discipline that tracks the full lifecycle of machine accounts as well as employees.

"To keep up, organizations must rethink identity security as a continuous, lifecycle-driven discipline. Businesses must treat machine identities as the new firewall."

Enderby said static access policies, which rely on fixed permissions and conditions, have entrenched problems such as over-privileged accounts and inconsistent controls across business units and regions.

"We also need to move away from static access policies that perpetuate problems such as excessive permissions or inconsistent access controls and begin to war-game defences. A proactive stance sees the identity management system use real-time signals to analyse and counter threats, from device posture to location and user behaviour. Armed with this information, it's then possible to become more adaptive and carry out risk-based decisions, which in turn reduces exposure and improves response."

Experts also point to resilience as a growing concern in identity strategies. Many organisations now rely on a small number of cloud-based identity providers, raising questions about contingency planning if those services fail or come under attack.

Enderby highlighted the operational and geopolitical risks of concentrated identity infrastructure.

"Finally, organisations need to adopt a resilient mindset that considers the potential for change. What happens if the primary identity provider (IdP) becomes unavailable? Are there other authentication paths in place that can allow the business to operate as a minimal viable company? How could shifts in the regulatory and geopolitical landscape affect the ability of the business to operate? A key example here is digital sovereignty, which is increasingly making it difficult to maintain a centralised IAM model."

Long-term protection, he said, will depend on sustained attention to identity risk and a forward-looking view of emerging technologies.

"It's only by identity management getting to grips with these issues while keeping one eye on the horizon that it can hope to continue to protect the business."
Related stories
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching
IWF & Cyacomb launch workplace abuse material scans
Cork Cyber adds automated mapping to Vantage platform
How Atomgate uses education and partnership to drive successful SonicWall upgrades

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding