New research released Thursday by Rubrik Zero Labs finds that the AI wave, and in particular agentic AI, has created a “troubling gap between the expanding identity attack surface and organizations’ ability to recover from resulting compromises.”
According to the report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, the result is a surge of both non-human identities (NHIs) and agentic identities.
Key findings revealed:
89% of organizations have “fully or partially incorporated AI agents into their identity infrastructure, and an additional 10% have plans to.”
Of those polled, 58% estimate that, in the next 12 months, half or more of the cyberattacks they must deal with will be “driven by agentic AI.”
Industry reports contend that NHIs now outnumber human users by 82-1.
In addition, a release from Rubrik states, as organizations integrate agents into their workflows, the increase in NHIs will continue to outpace the growth of human identities, and securing them “will become as essential — if not more so — as securing human identities.”
Furthermore, authors of the report state, “as traditional network boundaries have dissolved amid cloud migrations, remote work adoption, and now agentic AI, identity is no longer merely a control layer. It has become the primary attack surface, which threat actors weaponize to gain access to IT environments and ‘live off of the land’ over the course of an attack.”
The overwhelming majority of today’s breaches, they write, are predicated on exploiting trust and valid credentials rather than circumventing network defenses.
‘Under-the-radar crisis exists
Kavitha Mariappan, chief transformation officer at Rubrik, said, “the rise of identity-driven attacks is changing the face of cyber defense. Managing identities in the era of AI has become a complex endeavor, especially with the labyrinth of NHIs. We have an under-the-radar crisis on our hands where a single compromised credential can grant full access to an organization’s most sensitive data.”
She added, “comprehensive Identity Resilience is absolutely critical to cyber recovery in this new landscape.”
The research was prompted, she said in an email to CSOonline, because “the cyber defense landscape has fundamentally changed, creating a significant gap between the expanding identity attack surface and an organization’s ability to recover [from an attack]. As traditional network boundaries have dissolved due to cloud migration, remote work, and the accelerating adoption of agentic AI, identity has become a primary vulnerability.”
Threat actors “are overwhelmingly exploiting trusted and valid credentials to log in, not break in,” Mariappan explained. “These attacks are further complicated by the labyrinth of non-human identities, like API keys and AI agents, which are surging across the enterprise and are proving difficult to manage. Unlike with human identities, these NHIs can be difficult to revoke and often slip through the cracks, leading to poor lifecycle governance.”
David Shipley, head of Canadian security awareness training provider firm Beauceron Security, said he agrees with the report’s findings for a key reason: “[While] phishing and social engineering overall are where attacks start, identity and access management (IAM) practices are where the fire gets roaring.”
Organizations, he said, “need modern approaches to IAM and employee cyber education and engagement. The employee education doesn’t just help them spot and stop threats, you can help them understand why good IAM processing technology is required.”
He pointed out, “[there is] a reason why identity and access management is the foundation of a security program. When it’s done poorly, the impacts reverberate throughout an organization during an attack.”
Shipley said that he often tells clients, “IAM is the bottom of the cyber equivalent of Maslow’s hierarchy of needs. Where humans need food and shelter to survive, digital systems need strong IAM practices to survive.”
“In our work around the world, we’ve seen that as organizations get larger and more complex, it’s far more likely they have huge issues in identity management,” he said. “This isn’t the kind of problem that technology alone can fix, regardless of the vendor. It takes understanding people, process, culture, and technology.”
Agentic AI ‘like a stick of dynamite thrown into a fishpond’
For example, said Shipley, “it doesn’t matter what AI-powered IAM tool you have if you allow people to bypass processes to grant, remove, or change access because the process for approvals is [seen] as too slow or cumbersome.”
The least favourite thing to find when you’re investigating a cyber incident, he said, “is no way to trace who did what because there’s nothing in the logs. The second worst is to find a bunch of identities that no one knows how they got there or how they had the access they did.”
Shipley described agentic AI as “basically a stick of dynamite thrown into a fishpond when it comes to identity, and the results look the same. If organizations can’t tell if a human or their agent performed a set of actions, they can’t properly understand if they have a software vulnerability, an issue with employee awareness or motivation on security, or even worse, an insider threat.”
Worse yet, he said, “the whole concept of zero trust just got wiped out. Agents rely on huge amounts of trust and frankly, they haven’t earned it and have done everything they can possibly do to show they shouldn’t be trusted. From hallucinations to hijacking, this technology is not ready for prime time.”
Thomas Randall, research lead at Info-Tech Research Group, added that most of the Rubrik Zero Labs report “validates what the industry already knows. For years, Info-Tech research has shown that identity is a prime attack surface, that zero trust/least privilege/continuous verification are best practices, and that security training is imperative.”
Attack surface to drastically increase
He said that two elements stood out to him: “First is bridging human and non-human identity under a single umbrella; typically, we might understand these under separate domains of IAM vs DevOps secrets management, respectively. The report’s point is that attackers don’t respect those org-chart boundaries, so security teams should think beyond those boundaries, too.”
However, said Randall, “this framing overlooks that these identities are operationally different. While both authenticate and authorize, the tooling, telemetry, RACI, and risk models differ. A single ‘identity plane’ may be the goal conceptually, but practically, it’s hard to implement across those divergent ecosystems.”
The second element is, he said, “the stark claim that non-human identities now outnumber human users by around 82:1. As organizations start developing more AI agents (especially if individuals have free rein to develop their own copilots or GPTs), the attack surface drastically increases.”
Randall noted, “each copilot or GPT can hold API keys, OAuth tokens, or delegated permissions (for example, ‘read SharePoint docs, query CRM data, send emails.’). This is certainly where I think organizations need to be concerned: the gap between agentic AI rollout and AI governance grows increasingly wider.”
Organizations, he said, “have to be disciplined in controlling agent creation, credentialing, and lifecycle management; otherwise, the attack surface potentially increases drastically.” Security leaders must understand that IAM tools alone won’t protect against or help them restore the integrity of their identity infrastructure in the event of a compromise, he added.
In addition, said Mariappan, they must also understand that IAM tools alone won’t protect against or help them restore the integrity of their identity infrastructure in the event of a compromise.
In fact, she said, “while 87% of IT and security leaders plan to change their IAM providers, 60% have already switched providers in the last three years, signaling the industry’s dissatisfaction with current solutions for tackling identity-based threats. Our research reveals that a comprehensive identity resilience strategy is needed for when, not if, an attack strikes.”
No Responses