{"id":5787,"date":"2025-11-14T02:12:25","date_gmt":"2025-11-14T02:12:25","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5787"},"modified":"2025-11-14T02:12:25","modified_gmt":"2025-11-14T02:12:25","slug":"agentic-ai-opens-door-to-new-id-challenges-report","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5787","title":{"rendered":"Agentic AI opens door to new ID challenges: Report"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

New research released Thursday by Rubrik Zero Labs finds that the AI wave, and in particular agentic AI, has created a \u201ctroubling gap between the expanding identity attack surface and organizations\u2019 ability to recover from resulting compromises.\u201d<\/p>\n

According to the report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats<\/a><\/em>, the result is a surge of both non-human identities (NHIs) and agentic identities.<\/p>\n

Key findings revealed:<\/p>\n

89% of organizations have \u201cfully or partially incorporated AI agents into their identity infrastructure, and an additional 10% have plans to.\u201d<\/p>\n

Of those polled, 58% estimate that, in the next 12 months, half or more of the cyberattacks they must deal with will be \u201cdriven by agentic AI.\u201d<\/p>\n

Industry\u00a0reports<\/a>\u00a0contend that NHIs now outnumber human users by 82-1.<\/p>\n

In addition, a release<\/a> from Rubrik states, as organizations integrate agents into their workflows, the increase in NHIs will continue to outpace the growth of human identities, \u00a0and securing them \u201cwill become as essential \u2014 if not more so \u2014 as securing human identities.\u201d<\/p>\n

Furthermore, authors of the report state, \u201cas traditional network boundaries have dissolved amid cloud migrations, remote work adoption, and now agentic AI, identity is no longer merely a control layer. It has become the primary attack surface, which threat actors weaponize to gain access to IT environments and \u2018live off of the land\u2019 over the course of an attack.\u201d<\/p>\n

The overwhelming majority of today\u2019s breaches, they write, are predicated on exploiting trust and valid credentials rather than circumventing network defenses.<\/p>\n

\u2018Under-the-radar crisis exists<\/em><\/h2>\n

Kavitha Mariappan<\/a>, chief transformation officer at Rubrik, said, \u201cthe rise of identity-driven attacks is changing the face of cyber defense. Managing identities in the era of AI has become a complex endeavor, especially with the labyrinth of NHIs. We have an under-the-radar crisis on our hands where a single compromised credential can grant full access to an organization\u2019s most sensitive data.\u201d<\/p>\n

She added, \u201ccomprehensive Identity Resilience is absolutely critical to cyber recovery in this new landscape.\u201d<\/p>\n

The research was prompted, she said in an email to CSOonline,<\/em> because \u201cthe cyber defense landscape has fundamentally changed, creating a significant gap between the expanding identity attack surface and an organization\u2019s ability to recover [from an attack]. As traditional network boundaries have dissolved due to cloud migration, remote work, and the accelerating adoption of agentic AI, identity has become a primary vulnerability.\u201d<\/p>\n

Threat actors \u201care overwhelmingly exploiting trusted and valid credentials to\u00a0log<\/em>\u00a0in, not break in,\u201d Mariappan explained.\u00a0\u201cThese attacks are further complicated by the labyrinth of non-human identities, like API keys and AI agents, which are surging across the enterprise and are proving difficult to manage. Unlike with human identities, these NHIs can be difficult to revoke and often slip through the cracks, leading to poor lifecycle governance.\u201d<\/p>\n

David Shipley<\/a>, head of Canadian security awareness training provider firm Beauceron Security, said he agrees with the report\u2019s findings for a key reason: \u201c[While] phishing and social engineering overall are where attacks start, identity and access management (IAM) practices are where the fire gets roaring.\u201d<\/p>\n

Organizations, he said, \u201cneed modern approaches to IAM and employee cyber education and engagement. The employee education doesn\u2019t just help them spot and stop threats, you can help them understand why good IAM processing technology is required.\u201d<\/p>\n

He pointed out, \u201c[there is] a reason why identity and access management<\/a> is the foundation of a security program. When it\u2019s done poorly, the impacts reverberate throughout an organization during an attack.\u201d<\/p>\n

Shipley said that he often tells clients, \u201cIAM is the bottom of the cyber equivalent of Maslow\u2019s hierarchy of needs<\/a>. Where humans need food and shelter to survive, digital systems need strong IAM practices to survive.\u201d<\/p>\n

\u201cIn our work around the world, we\u2019ve seen that as organizations get larger and more complex, it\u2019s far more likely they have huge issues in identity management,\u201d he said. \u201cThis isn\u2019t the kind of problem that technology alone can fix, regardless of the vendor. It takes understanding people, process, culture, and technology.\u201d<\/p>\n

Agentic AI \u2018like a stick of dynamite thrown into a fishpond\u2019<\/h2>\n

For example, said Shipley, \u201cit doesn\u2019t matter what AI-powered IAM tool you have if you allow people to bypass processes to grant, remove, or change access because the process for approvals is [seen] as too slow or cumbersome.\u201d<\/p>\n

The least favourite thing to find when you\u2019re investigating a cyber incident, he said, \u201cis no way to trace who did what because there\u2019s nothing in the logs. The second worst is to find a bunch of identities that no one knows how they got there or how they had the access they did.\u201d\u00a0<\/p>\n

Shipley described agentic AI as \u201cbasically a stick of dynamite thrown into a fishpond when it comes to identity, and the results look the same. If organizations can\u2019t tell if a human or their agent performed a set of actions, they can\u2019t properly understand if they have a software vulnerability, an issue with employee awareness or motivation on security, or even worse, an insider threat.\u201d<\/p>\n

Worse yet, he said, \u201cthe whole concept of zero trust just got wiped out. Agents rely on huge amounts of trust and frankly, they haven\u2019t earned it and have done everything they can possibly do to show they shouldn\u2019t be trusted. From hallucinations to hijacking, this technology is not ready for prime time.\u201d<\/p>\n

Thomas Randall<\/a>,\u00a0research lead at Info-Tech Research Group, added that most of the Rubrik Zero Labs report \u201cvalidates what the industry already knows. For years, Info-Tech research has shown that identity is a prime attack surface, that zero trust\/least privilege\/continuous verification are best practices, and that security training is imperative.\u201d<\/p>\n

Attack surface to drastically increase<\/h2>\n

He said that two elements stood out to him: \u201cFirst is bridging human and non-human identity under a single umbrella; typically, we might understand these under separate domains of IAM vs DevOps secrets management, respectively. The report\u2019s point is that attackers don\u2019t respect those org-chart boundaries, so security teams should think beyond those boundaries, too.\u201d<\/p>\n

However, said Randall, \u201cthis framing overlooks that these identities are operationally different. While both authenticate and authorize, the tooling, telemetry, RACI, and risk models differ. A single \u2018identity plane\u2019 may be the goal conceptually, but practically, it\u2019s hard to implement across those divergent ecosystems.\u201d<\/p>\n

The second element is, he said, \u201cthe stark claim that non-human identities now outnumber human users by around 82:1. As organizations start developing more AI agents (especially if individuals have free rein to develop their own copilots or GPTs), the attack surface drastically increases.\u201d<\/p>\n

Randall noted, \u201ceach copilot or GPT can hold API keys, OAuth tokens, or delegated permissions (for example, \u2018read SharePoint docs, query CRM data, send emails.\u2019). This is certainly where I think organizations need to be concerned: the gap between agentic AI rollout and AI governance grows increasingly wider.\u201d<\/p>\n

Organizations, he said, \u201chave to be disciplined in controlling agent creation, credentialing, and lifecycle management; otherwise, the attack surface potentially increases drastically.\u201d\u00a0Security leaders must understand that IAM tools alone won\u2019t protect against or help them restore the integrity of their identity infrastructure in the event of a compromise, he added.<\/p>\n

In addition, said Mariappan, they must also understand that IAM tools alone won\u2019t protect against or help them restore the integrity of their identity infrastructure in the event of a compromise.<\/p>\n

In fact, she said, \u201cwhile 87% of IT and security leaders plan to change their IAM providers, 60% have already switched providers in the last three years, signaling the industry\u2019s dissatisfaction with current solutions for tackling identity-based threats. Our research reveals that a comprehensive identity resilience strategy is needed for when, not if, an attack strikes.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

New research released Thursday by Rubrik Zero Labs finds that the AI wave, and in particular agentic AI, has created a \u201ctroubling gap between the expanding identity attack surface and organizations\u2019 ability to recover from resulting compromises.\u201d According to the report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, the result is a surge […]<\/p>\n","protected":false},"author":0,"featured_media":5788,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5787","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5787"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5787"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5787\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5788"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5787"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5787"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5787"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}