What's Happening?
The SANS Institute has reported a significant increase in non-human identities (NHIs) within organizations, driven by the adoption of AI agents and automation. According to the 2026 SANS State of Identity Threats & Defenses Survey, 76% of organizations have
seen growth in NHIs, such as service accounts and API keys. The report highlights that 74% of organizations are using AI agents that require credentials, leading to a doubling or tripling of NHIs. These AI agents pose new security risks, as they can take unpredictable actions and require privileged access to critical infrastructure. The report warns that many organizations lack adequate governance frameworks to manage these risks, with a significant number failing to rotate machine credentials regularly.
Why It's Important?
The rapid increase in NHIs and the use of AI agents underscore the urgent need for robust governance and security measures in enterprises. As AI becomes more integrated into business operations, the potential for data breaches and security incidents increases. Organizations that fail to implement effective governance frameworks risk exposing sensitive data and critical systems to unauthorized access. The findings from the SANS Institute highlight the importance of adopting security-first approaches to AI deployment, which could prevent costly data breaches and protect organizational assets.
What's Next?
Organizations are expected to enhance their security measures by adopting practices such as secrets vaults, automated credential rotation, and least-privilege access. The SANS Institute recommends scaling these efforts to match the growth of NHIs. As AI continues to evolve, enterprises will need to stay ahead of potential security threats by implementing comprehensive governance frameworks. The report suggests that organizations should also consider human-in-the-loop approvals for AI agent actions to mitigate risks associated with autonomous decision-making.
