Machine identities pose a big security risk for enterprises, and that risk will be magnified dramatically as AI agents are deployed. According to a report by cybersecurity vendor CyberArk, machine identities — also known as non-human identities (NHI) — now outnumber humans by 82 to 1, and their number is expected to increase exponentially. By comparison, in 2022, machine identities outnumbered humans by 45 to 1.
“If you look at IAM [identity and access management] as a whole, machine identity is the most immature space,” says Gartner analyst Steve Wessels. “It’s so hard to catch up. And then we talk about AI. Things are moving so fast. People are doing it willy-nilly. They’re throwing up AI agents everywhere.”
Traditional security risks
Managing machine identities was already a problem before AI agents, but businesses found ways to bypass that, including building automation script that goes in every 90 days to change the certificate or password or account. This can result in self-signed certificates, certificates expiring without proper renewal processes, hard-coded credentials, and potential security risks from service accounts.