TL;DR

Rubrik Zero Labs research shows AI agents create non-human identities outnumbering human users 82-to-1, with 90% of global leaders citing identity attacks as top cybersecurity concern. Eighty-nine percent of organisations plan dedicated identity security hires within 12 months, whilst 87% plan IAM provider changes. Attack vectors remain unchanged—79% of CrowdStrike detections involve no malware, just credential-based logins—meaning security teams face scaling challenges rather than fundamentally new threats.

Exponential Growth in Non-Human Identities

AI agents in workplaces are creating a surge of non-human identities, with new research claiming they now outnumber human users 82-to-1. This growth expands attack surfaces faster than security teams can manage, with 90% of global leaders identifying identity attacks as their primary cybersecurity concern.

“Managing identities in the era of AI has become a complex endeavour, especially with the labyrinth of NHIs,” notes Kavitha Mariappan, Rubrik’s Chief Transformation Officer. The risks haven’t gone unnoticed: 89% of organisations plan hiring staff dedicated specifically to identity security in the next year, whilst 87% intend changing their IAM provider, with 58% citing security concerns as their main switching reason.

Proactive Response Meets Implementation Reality

Security experts worry responses may arrive too late, with 89% of organisations already incorporating AI agents into identity infrastructure and another 10% planning to do so. Fifty-eight percent of security leaders expect at least half of next year’s cyberattacks driven by agentic AI, whilst only 28% believe they’d fully recover from cyber incidents within 12 hours—a 15 percentage point decline from one year ago.

More alarmingly, 89% of ransomware victims agreed to pay ransoms to recover from or stop attacks, suggesting limited confidence in defensive capabilities and recovery procedures.

Familiar Attack Vectors at Scale

Despite evolving landscapes, common attack vectors aren’t changing. Four in five (79%) CrowdStrike detections didn’t involve malware—just attackers logging in with legitimate credentials. Social engineering remains key, with 86% of basic web application attacks relying on stolen credentials. Non-human identities prove just as susceptible to deception as human users.

Social engineering (24%), legitimate credential compromise (21%), forged authentication tokens (20%), and MFA bypass (17%) rank amongst the most popular attack methods. This consistency offers opportunity: security leaders need only adapt existing protection strategies for emerging tools rather than developing entirely new approaches.

Looking Forward

Despite surging non-human identities, security teams aren’t faced with fundamentally new challenges—just more systems requiring lockdown using established methodologies. The expansion demands scaling existing identity protection practices rather than inventing novel security paradigms, though the sheer volume of non-human identities requires automation and systematic approaches beyond manual management capabilities.

Source: TechRadar Pro