How Rise in Machine Identities Creates Risks for Enterprises

The cybersecurity landscape is undergoing a dramatic shift. Bot accounts, service identities, APIs and automated processes now overwhelm corporate networks, vastly outnumbering human users and creating security blind spots that organisations are struggling to address.

This explosion of machine identities is reshaping enterprise security priorities, as threat actors increasingly target stolen credentials rather than deploying traditional malware. For many security teams, keeping track of who – or what – has access to critical systems has become nearly impossible.

According to recent research from CrowdStrike, identity-based attacks now account for 75% of initial access attempts in enterprise breaches. As Zeki Turedi, Field CTO Europe at CrowdStrike, put it when speaking with Cyber Magazine: “Identity is the new major battleground in cybersecurity – and visibility is critical to building a strong defence.”

CyberArk research exposes machine identity protection gaps within enterprise environments

 A new report from CyberArk highlights this challenge. Its 2025 Identity Security Landscape study, spanning 2,600 cybersecurity decision makers across 20 countries, found machine identities now outnumber human identities by a staggering 82-to-1 margin within enterprise environments.

Despite this imbalance, most organisations remain fixated on human-centric security models. The study found 88% of respondents define privileged users exclusively as humans, even though 42% of machine identities now possess privileged or sensitive access within their networks.

Clarence Hinton, Chief Strategy Officer at CyberArk, sees this disconnect as a growing risk: “The race to embed AI into environments has inadvertently created a new set of identity security risks centred around the access of unmanaged and unsecured machine identities – and the privileged access of AI agents will represent an entirely new threat vector.”

This security gap is already causing problems. Nearly nine in 10 surveyed organisations reported at least two successful identity-centric breaches in the past year, ranging from supply chain compromises to credential theft.

Beyond the machine identity challenge, 70% of respondents identified identity silos as a root cause of security risk. Many organisations maintain separate systems for managing different identity types – human users in one system, service accounts in another, cloud identities in yet another – creating visibility gaps that attackers exploit.

Credential attacks prove difficult to detect with traditional security tools

What makes identity attacks particularly dangerous is their low profile. When attackers use stolen credentials, they often bypass traditional security controls entirely.

CrowdStrike’s research shows these attacks typically appear as legitimate login attempts, leaving minimal forensic evidence compared to malware-based intrusions. Once inside, attackers move quickly – the company’s data indicates cybercriminals can spread laterally through networks in just 62 minutes after gaining initial access.

This speed creates enormous pressure on security teams. Many organisations struggle with fragmented defences, as IT and security functions often use separate tools and maintain different visibility levels across systems.

“Teams need real-time intelligence, high-fidelity detections and automation that provides actionable context to outpace today’s sophisticated adversaries,” says Zeki Turedi.

The machine identity explosion shows no signs of slowing. CyberArk’s research indicates AI will drive the creation of more privileged identities in 2025 than any other technology. This growth comes as organisations already struggle with existing AI security – 68% lack identity security controls for AI systems.

Shadow AI usage presents another challenge, with nearly half of organisations unable to secure AI applications deployed without IT approval. Both human and machine identities are expected to double this year, creating mounting pressure on security teams.

External factors are forcing organisations to address these gaps. The CyberArk report noted 88% of respondents face increased pressure from insurers mandating enhanced privilege controls, as underwriters recognise identity security as a critical risk factor.

CyberArk and Accenture partnership targets AI agent identity security requirements

To address these challenges, CyberArk has partnered with Accenture to integrate the consultancy’s AI Refinery platform with its Identity Security Platform. The collaboration aims to provide tools for implementing Zero Trust security controls for AI agents.

The partnership tackles the unique challenges of securing AI agent identities, which need authentication to critical systems while being restricted to performing only their intended functions. As AI adoption grows, enterprises may need to manage millions of machine identities, requiring new approaches to visibility and control.

“AI agents have the potential to gain privileged access to systems and processes, so they require the same level of identity security controls as human and machine identities,” says Matt Cohen, CEO at CyberArk. “By combining the comprehensive identity security capabilities of the CyberArk Platform with the powerful functionality of Accenture's AI Refinery, we will be enabling our customers to realise the full potential of agentic AI to transform their businesses with the peace of mind that comes with knowing the agent identities are secure.”

Accenture AI Refinery integration enables comprehensive identity security controls

Accenture's AI Refinery helps companies operationalise AI technology across public and private cloud platforms, while the CyberArk platform secures identities across environments.

“AI agents operate autonomously, presenting unique identity security challenges. Ensuring secure authentication, credentialing and authorisation is crucial for their safe operation both within and outside of organisations,” says Damon McDougald, Global Cybersecurity Protection lead at Accenture.

The integration focuses on several key capabilities: visibility into AI agent activities, least privilege access controls, secure authentication mechanisms and protection against manipulation that could expose data or disrupt operations.

This approach responds to growing enterprise interest in AI agents. Accenture's Technology Vision 2025 report found 77% of executives believe AI agents will fundamentally change how their organisations build digital systems.

As organisations prepare to integrate AI agents into their operations, these autonomous systems require specialised security controls that account for their unique characteristics.

“To stay resilient, CISOs and security leaders must modernise their identity security strategies to contend with a new and expanding attack surface characterised by the proliferation of identities with privileged access and made worse by damaging identity silos,” says Clarence.

To read the full article in the magazine, click HERE.

Explore the latest edition of Technology Magazine and be part of the conversation at our global conference series, Tech & AI LIVE.

Discover all our upcoming events and secure your tickets today.

Technology Magazine is a BizClik brand