{"id":14374,"date":"2025-07-02T07:12:04","date_gmt":"2025-07-02T07:12:04","guid":{"rendered":"https:\/\/newestek.com\/?p=14374"},"modified":"2025-07-02T07:12:04","modified_gmt":"2025-07-02T07:12:04","slug":"how-cybersecurity-leaders-can-defend-against-the-spur-of-ai-driven-nhi","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14374","title":{"rendered":"How cybersecurity leaders can defend against the spur of AI-driven NHI"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Machine identities pose a big security risk for enterprises, and that risk will be magnified dramatically as AI agents are deployed. According to a report<\/a> by cybersecurity vendor CyberArk, machine identities \u2014 also known as non-human identities (NHI) \u2014 now outnumber humans by 82 to 1, and their number is expected to increase exponentially. By comparison, in 2022<\/a>, machine identities outnumbered humans by 45 to 1.<\/p>\n

\u201cIf you look at IAM<\/a> [identity and access management] as a whole, machine identity is the most immature space,\u201d says Gartner analyst Steve Wessels. \u201cIt\u2019s so hard to catch up. And then we talk about AI. Things are moving so fast. People are doing it willy-nilly. They\u2019re throwing up AI agents everywhere.\u201d<\/p>\n

Traditional security risks<\/h2>\n

Managing machine identities was already a problem before AI agents, but businesses found ways to bypass that, including building automation script that goes in every 90 days to change the certificate or password or account. This can result in self-signed certificates, certificates expiring without proper renewal processes, hard-coded credentials, and potential security risks from service accounts.<\/p>\n

There are three main issues when it comes to NHI: visibility of these identities, long lost and untracked NHI and default and hard-coded credentials<\/p>\n

Visibility<\/h3>\n

Yageo Group had so many problematic machine identities that information security operations manager Terrick Taylor says he is almost embarrassed to say this, even though the group has now automated the monitoring of both human and non-human identities and has a process for managing identity lifecycles. \u201cLast time I looked at the portal, there were over 500 accounts,\u201d he says.<\/p>\n

But once he can see the problem \u2014 a default password, for example, or an account that was too permissive, or older than 90 days \u2014 he can take steps to shut it down or take other measures. This issue can increase considerably if it is a company often acquiring others with different technologies.<\/p>\n

According to the CyberArk survey \u2014 of more than 2,600 security decision-makers across 20 countries \u2014 70% of respondents say that identity silos are a root cause of cybersecurity risk, and 49% say they lack complete visibility into entitlements and permissions across the cloud environments.<\/p>\n

What makes it complicated is that machine identities can be created by various individuals and systems within an organization, for a multitude of different reasons. Some of these identities are created by employees who then leave the company, taking the knowledge of their existence with them as they go. But the access rights remain.<\/p>\n

Even more worrisome is that a single compromised account with high privileges can be used by an attacker to create more service accounts, helping them spread further and deeper within an organization and making it much harder to root them out.<\/p>\n

Long lost non-human identities<\/h3>\n

Lifecycle management is crucial to secure machine identities. In addition to the operational challenges of expired certificates there\u2019s also the risk that the longer a credential has been hanging around, the higher the odds that someone has stumbled across it. \u201cThe hardest thing with a service account is keeping track of why it was created and what it is being used for,\u201d says Gartner\u2019s Wessels. \u201cWhen you spin it up, you know exactly what it is, but if you don\u2019t document that really well and maintain that documentation, it quickly becomes unmanaged.\u201d<\/p>\n

Companies end up with service accounts everywhere, which creates a large attack surface, that only grows over time. \u201cWe\u2019ve seen passwords that were set and haven\u2019t been changed for nine years,\u201d Wessels says. \u201cThat password becomes kind of embedded, and it\u2019s very difficult to rotate it, change it, secure it.\u201d<\/p>\n

Many companies don\u2019t have lifecycle management for all their machine identities and security teams may be reluctant to shut down old accounts because doing so might break critical business processes.<\/p>\n

Yageo\u2019s Taylor isn\u2019t one of those people. \u201cIf I see anything more than 90 days old, I\u2019m killing it regardless. If it\u2019s more than 90 days, I can\u2019t see how it would still be useful.\u201d<\/p>\n

Others may soon have to join him. In April, the Certificate Authority Browser Forum unanimously voted to reduce TLS certificate lifespans from the current 398 days to 200 days by next March, 100 days by March of 2027, and just 47 days by March of 2029. \u201cThat is going to be a fundamental problem for a lot of us because of the operational disruption that would happen,\u201d Nemi George, vice president of IT and CISO at PDS Health says. \u201cWe have a very robust process but there are still days when we come in and a cert renewal fell through the cracks.\u201d<\/p>\n

Shorter lifespans reduce the chance for keys becoming compromised via man-in-the-middle attacks and data breaches and encourages companies to embrace automation.<\/p>\n

Default and hard-coded credentials<\/h3>\n

When an application is first built, it\u2019s easy to use passwords that are simply the word \u201cpassword\u201d as placeholders. Access-management systems that provide one-time-use credentials to be used exactly when they are needed are cumbersome to set up. And some systems come with default logins like \u201cadmin\u201d that are never changed.<\/p>\n

There are a lot of mistakes like this that companies make all the time, says George. \u201cAn attacker doesn\u2019t really have to be sophisticated to get in.\u201d It\u2019s like leaving your key in the lock when you leave the house. At that point, does it even count as a break-in if the criminal enters? \u201cYou kind of let them in.\u201d<\/p>\n

Similarly, when developers hard-code passwords and other access credentials right into the software, and the code is leaked, those credentials are ripe for the harvesting.<\/p>\n

According to Verizon\u2019s 2025 data breach investigations report<\/a>, there were nearly half a million exposed credentials in public git repos, which Verizon refers to as secrets. And the median time it took to remediate discovered leaked secrets was 94 days. That\u2019s three months in which an attacker could find this information and exploit it.<\/p>\n

And they did. According to the report, credential abuse was the single most common access vector, occurring in 22% of nearly 10,000 breaches analyzed, putting it ahead of both exploitation of vulnerabilities and phishing, though Verizon did not differentiate between human and machine identities in its report.<\/p>\n

As attackers deploy more AI and automation, all the traditional risks of machine identities become more acute. AI-powered bots can crawl through leaked data and source code repositories to find insecure machine identities and leverage them for even greater access.<\/p>\n

Generative AI and AI agents increase NHI risks<\/h2>\n

According to the CyberArk survey, AI is expected to be the top source of new identities with privileged and sensitive access in 2025. It\u2019s no surprise that 82% of companies say their use of AI creates access risks. Many generative AI technologies are so easy to deploy that business users can do it without input from IT, and without security oversight. Almost half of all organizations, 47%, say that they aren\u2019t able to secure and manage shadow AI<\/a>.<\/p>\n

AI agents are the next step in the evolution of generative AI. Unlike chatbots, which only work with company data when provided by a user or an augmented prompt, agents are typically more autonomous, and can go out and find needed information on their own. This means that they need access to enterprise systems, at a level that would allow them to carry out all their assigned tasks. \u201cThe thing I\u2019m worried about first is misconfiguration,\u201d says Yageo\u2019s Taylor. If an AI agent\u2019s permissions are set incorrectly \u201cit opens up the door to a lot of bad things to happen.\u201d<\/p>\n

Because of their ability to plan, reason, act, and learn AI agents can exhibit unpredictable and emergent behaviors. An AI agent that\u2019s been instructed to accomplish a particular goal might find a way to do it in an unanticipated way, and with unanticipated consequences.<\/p>\n

This risk is magnified even further, with agentic AI systems that use multiple AI agents working together to complete bigger tasks, or even automate entire business processes. In addition to individual agents, agentic AI systems can also include access to data and tools, as well as security and risk guardrails.<\/p>\n

\u201cIn old scripts the code is static and you can look at the behavior, look at the code, and you know that this thing should be connecting,\u201d Taylor says. \u201cIn AI, the code changes itself\u2026 Agentic AI is cutting edge. And sometimes you step over that edge, and it can cut.\u201d<\/p>\n

This isn\u2019t a purely theoretical threat. In May, Anthropic released<\/a> the results of the security testing on its latest Claude models. In one test, Claude was allowed access to company emails, so that it could serve as a useful assistant. In reading the emails, Claude discovered information about its own impending replacement with a newer AI system, and also that the engineer in charge of this replacement was having an affair. In 84% of the tests, Claude attempted to blackmail the engineer so that it wouldn\u2019t be replaced. Anthropic said it put guardrails in place to keep this kind of thing from happening, but it hasn\u2019t released the results of any tests on those guardrails.<\/p>\n

This should raise significant concerns for any company giving AI direct access to email systems.<\/p>\n

Unanticipated behaviors are just the start. According to CSA, another challenge with agents is the unstructured nature of their communications. Traditional applications communicate through extremely predictable, well-defined channels and formats. AI agents can communicate with other agents and systems using plain language, making it hard to monitor with traditional security techniques.<\/p>\n

How cybersecurity leaders can secure machine identities<\/h2>\n

The first step is to get visibility into all the machine identities in an environment and to create policies for how to manage them.<\/p>\n

Gartner\u2019s Wessels recommends that enterprises move towards centralized governance for machine identities and attach credentials to specific workloads. \u201cThen manage the lifecycle of that application or workload. That way of doing it is a much more modern way.\u201d<\/p>\n

The credentials could last for five minutes, or even less than that. \u201cJust for the time they need that connection. Then it goes away.\u201d<\/p>\n

There\u2019s a lot of guidance out there for companies looking to modernize their identity management, and many established vendors in the space. And the technology continues to evolve as the uses of AI become more developed.<\/p>\n

According to the CyberArk survey, 94% of respondents are already using AI and LLM in their identity security strategies. For example, 61% are considering using AI to secure both human and machine identities in the next 12 months.<\/p>\n

Unfortunately, when it comes to securing the identities of AI agents, things aren\u2019t looking as rosy. \u201cThere aren\u2019t a lot of standards around agentic AI and it\u2019s being spun up and put in by anybody and everybody,\u201d says Wessels. \u201cThere\u2019s not a whole lot of structure even around who should handle these things.\u201d<\/p>\n

Companies also need to monitor what the AI agents are doing, what connections they\u2019re making, and what information they\u2019re pulling, he says.<\/p>\n

Anand Rao, AI professor at Carnegie Mellon University, suggests that some enterprises might want to wait and secure their legacy infrastructure first, and only deploy AI agents after they\u2019ve modernized their machine identity environment.<\/p>\n

It all depends on their risk tolerance. And there are some frameworks that companies can look at. The SANS Institute released in March a set of AI security guidelines<\/a>, which includes recommendations such as enterprises limiting the functions and tools that AI agents have access to, and ensuring that the agent has the least privilege possible.<\/p>\n

CSA released in May its agentic AI red teaming guide<\/a>, which outlines several ways in which AI agents have risks that are different than traditional applications, and offers practical recommendations on how to spot if agents are misbehaving.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Machine identities pose a big security risk for enterprises, and that risk will be magnified dramatically as AI agents are deployed. According to a report by cybersecurity vendor CyberArk, machine identities \u2014 also known as non-human identities (NHI) \u2014 now outnumber humans by 82 to 1, and their number is expected to increase exponentially. By comparison, in 2022, machine identities outnumbered humans by 45 to… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14374","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14374","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14374"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14374\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}