May 13
/
Latest News
Surge in AI Agents and Machine Identities Deepens Enterprise Security Risks
A new analysis from Palo Alto Networks’ 2026 Identity Security Landscape report shows that organizations are now managing an overwhelming imbalance between human and machine identities, with an average of 109 machine identities for every one human account.
That gap is widening quickly as AI agents proliferate across enterprise environments. Companies expect AI agent usage to grow by 85% in the next year, alongside a 77% increase in machine identities and a 56% rise in human identities. Despite this rapid expansion, most organizations still lack the controls needed to manage AI agents safely.
While many leaders say they understand the purpose of their AI systems, far fewer can clearly define what those agents can access, how permissions are limited, or when access should be revoked. AI agents and machine identities already reach sensitive systems, including financial data, personal information, operational technology, and core business applications—yet they often operate without the guardrails applied to human users.
The report highlights a widening disconnect between executive confidence and operational reality. C‑suite leaders believe least‑privilege principles are being enforced, largely because they focus on human access. Security teams disagree, pointing out that machine identities, service accounts, and automated workflows now drive much of the organization’s activity, often with broad, persistent permissions.
Privilege sprawl continues to accelerate the problem. Human accounts still trigger workflows, invoke agents, and access sensitive systems, but many retain privileges far beyond what their roles require. Local admin rights and ungoverned process elevation create opportunities for credential theft and lateral movement. Meanwhile, machine identities accumulate permissions across cloud and on‑premises environments, often without ongoing oversight.
Fragmented identity systems further complicate investigations. Unit 42’s review of more than 750 cyber incidents found that 87% required evidence from multiple sources to understand what happened, with complex cases needing up to 10 different data points. Security teams say these fragmented tools add an average of 12 hours to identity‑related investigations.
Authentication remains the primary control for many organizations, but the report warns that login security alone is no longer sufficient. Single sign‑on and MFA protect the front door, but they do not govern what users, tokens, connectors, or automated systems can do after authentication. More than half of respondents said they cannot consistently enforce least privilege for service accounts across cloud, SaaS, and on‑premises systems.
The report also points to weakening trust across machine‑driven environments. Attackers are using AI to gather open‑source intelligence and craft synthetic identities. Hard‑coded secrets, OAuth tokens, certificates, and machine credentials remain scattered across enterprise systems, often active long after their intended use. TLS certificate management continues to strain operations, with many organizations relying on manual processes that introduce risk.
Regulatory frameworks such as NIS2 and DORA are increasingly tying identity security practices to compliance, partnerships, and cyber insurance requirements. Insurance mandates have already influenced identity security investments over the past year.
As AI‑driven attacks accelerate, organizations face a growing gap between automated threats and human response times. The report concludes that identity controls—especially limiting standing privileges, uncovering hidden access paths, and enforcing just‑in‑time access—remain among the few defenses capable of responding at machine speed.
That gap is widening quickly as AI agents proliferate across enterprise environments. Companies expect AI agent usage to grow by 85% in the next year, alongside a 77% increase in machine identities and a 56% rise in human identities. Despite this rapid expansion, most organizations still lack the controls needed to manage AI agents safely.
While many leaders say they understand the purpose of their AI systems, far fewer can clearly define what those agents can access, how permissions are limited, or when access should be revoked. AI agents and machine identities already reach sensitive systems, including financial data, personal information, operational technology, and core business applications—yet they often operate without the guardrails applied to human users.
The report highlights a widening disconnect between executive confidence and operational reality. C‑suite leaders believe least‑privilege principles are being enforced, largely because they focus on human access. Security teams disagree, pointing out that machine identities, service accounts, and automated workflows now drive much of the organization’s activity, often with broad, persistent permissions.
Privilege sprawl continues to accelerate the problem. Human accounts still trigger workflows, invoke agents, and access sensitive systems, but many retain privileges far beyond what their roles require. Local admin rights and ungoverned process elevation create opportunities for credential theft and lateral movement. Meanwhile, machine identities accumulate permissions across cloud and on‑premises environments, often without ongoing oversight.
Fragmented identity systems further complicate investigations. Unit 42’s review of more than 750 cyber incidents found that 87% required evidence from multiple sources to understand what happened, with complex cases needing up to 10 different data points. Security teams say these fragmented tools add an average of 12 hours to identity‑related investigations.
Authentication remains the primary control for many organizations, but the report warns that login security alone is no longer sufficient. Single sign‑on and MFA protect the front door, but they do not govern what users, tokens, connectors, or automated systems can do after authentication. More than half of respondents said they cannot consistently enforce least privilege for service accounts across cloud, SaaS, and on‑premises systems.
The report also points to weakening trust across machine‑driven environments. Attackers are using AI to gather open‑source intelligence and craft synthetic identities. Hard‑coded secrets, OAuth tokens, certificates, and machine credentials remain scattered across enterprise systems, often active long after their intended use. TLS certificate management continues to strain operations, with many organizations relying on manual processes that introduce risk.
Regulatory frameworks such as NIS2 and DORA are increasingly tying identity security practices to compliance, partnerships, and cyber insurance requirements. Insurance mandates have already influenced identity security investments over the past year.
As AI‑driven attacks accelerate, organizations face a growing gap between automated threats and human response times. The report concludes that identity controls—especially limiting standing privileges, uncovering hidden access paths, and enforcing just‑in‑time access—remain among the few defenses capable of responding at machine speed.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.