AI agents are fuelling an identity and security crisis for organizations

• Non-human identities outnumber humans 82-to-1, new report claims
• Security teams are focusing on identity security
• Attack vectors remain unchanged, and that’s a good thing

New research from Rubrik Zero Labs has claimed AI agents in the workplace are creating a surge of ‘non-human identities’, which are now outnumbering human users 82-to-1.

This growth comes as 90% of global leaders cite identity attacks as their top cybersecurity concern – as non-human identities are expanding the attack surface faster than security teams can keep up with.

“Managing identities in the era of AI has become a complex endeavor, especially with the labyrinth of NHIs,” company Chief Transformation Officer Kavitha Mariappan highlighted.

AI agents, or non-human identities, are creating new weak points

The risks aren’t going unnoticed, though, with 89% of organizations planning to hire staff dedicated specifically to identity security in the next year. Furthermore, 87% plan to change their IAM provider, with 58% citing security concerns as their main reason for switching.

Security experts worry it could be too little too late, though, with 89% having already incorporated AI agents into their identity infrastructure and another 10% planning to do so.

Three in five (58%) security leaders now expect at least half of next year’s cyberattacks to be driven by agentic AI, and only 28% believe they’d fully recover from a cyber incident within 12 hours (down 15 percentage points in one year).

More alarmingly, 89% of ransomware victims agreed to pay the ransom to recover from, or stop, the attack.

Despite an evolving landscape, common attack vectors aren’t changing. Four in five (79%) CrowdStrike detections didn’t involve malware – just the attacker logging in. Social engineering remains a key vector, with 86% of basic web app attacks today relying on stolen credentials, and non-human identities can be just as susceptible to deceit.

Social engineering (24%), legitimate credential compromise (21%), forged authentication tokens (20%) and MFA bypass (17%) are among the most popular, but that’s a good thing.

With this in mind, all security leaders need to do is tweak how they protect emerging tools from the same old threats.

So despite the surge in non-human identities, security teams aren’t actually faced with new challenges, just more systems to lock down.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.