Dive Brief:
- Digital entities such as bots and AI agents are fast emerging as prime targets for cyberattacks as organizations rapidly increase their reliance on them, cybersecurity firm Delinea said in a recent report.
- For every human identity, there are about 46 so-called “non-human identities,” with the number of NHIs projected to exceed 45 billion by the end of 2025, “illustrating their pervasive presence in modern infrastructures,” according to the research.
- “While human identities remain a primary attack target, non-human identities (NHI) have quietly become an equally critical — and often overlooked — security risk,” the report said.
Dive Insight:
The findings come as leading U.S. enterprise software providers including Microsoft and SAP have begun rolling out AI agents designed to perform tasks in corporate finance and other business functions.
NHIs are digital identities for applications, services or devices, used by organizations to execute automatic machine-to-machine operations, according to a CrowdStrike article. They expand an organization’s cybersecurity risks because each machine identity presents a potential entry point for attackers, the article said.
“With seemingly countless NHIs deployed across modern organizations, it is easy for NHIs to be overlooked in security strategies, introducing a higher risk of unauthorized access,” it said.
The nonprofit Cloud Security Alliance in September published a study finding that nearly one in five organizations had experienced a security incident related to NHIs.
Despite their importance, NHIs are often neglected in security practices, according to Delinea.
Over 70% of NHIs are not “rotated” or replaced within recommended timeframes, leaving them vulnerable to exploitation, the Delinea report said, citing data from Entro Labs, a research arm of cybersecurity startup Entro Security. Additionally, 97% of organizations expose their NHIs to third-party vendors, increasing the risk of unauthorized access.
“As attackers refine their techniques to target identity systems, the combination of unrotated credentials and widespread third-party access creates a growing and dangerous vulnerability,” the report said.
