In the corporate rush toward artificial intelligence, much of the public debate has centered on algorithmic bias, data leakage, and deepfakes. But behind the scenes, a far more immediate tactical crisis is unfolding.
According to an in-depth global study by Semperis, titled "The State of Identity Security in the AI Era," AI is quietly redrawing the attack boundary of the global identity fabric.
By surveying 1,100 IT and security professionals across eight countries, the early 2026 report delivers a blunt message to enterprise leaders: organizations are granting elevated security privileges to AI agents faster than they are putting guardrails around those new identities.
In a threat landscape where identity systems are already the primary target for network intrusion, wiring unguarded AI agents into Tier-0 infrastructure—like Active Directory (AD), Entra ID, or Okta—is inadvertently creating an automated fast track to full-scale enterprise compromise.
Historically, securing a corporate network meant protecting human perimeters through multi-factor authentication (MFA) and conditional access. The AI boom has shattered that framework by flooding networks with an unmanaged wave of Non-Human Identities (NHIs).
The report notes that NHIs already vastly outnumber human users, tracking toward a staggering 100:1 ratio as agentic workflows proliferate. Each new low-code "helper," automated service principal, or background script introduces a fresh entry point into the core identity architecture.
The underlying risk isn't just the sheer volume of these machine identities but their placement. Globally, 74% of security professionals believe AI functionality will drive an increase in attacks on identity infrastructure. Despite this clear recognition of risk, security leaders are simultaneously expanding the administrative power they hand over to unhardened machine agents.
The short answer is yes. Driven by a corporate desire for operational efficiency, organizations are introducing agentic AI straight into highly-sensitive identity workflows.
According to Semperis' findings, 29% of surveyed organizations already use AI agents to handle security-related help desk tickets—including high-risk administrative tasks like password resets and corporate VPN access. An additional 64% plan to enable this capability within the next 12 months, meaning a total of 93% of enterprises will soon entrust their keys to autonomous software.
The report explicitly details how an adversary can weaponize the helpful nature of an AI agent to achieve machine-speed exploitation. Because AI agents are built to solve user problems autonomously, an attacker who compromises an endpoint or executes a basic prompt-injection attack does not need to spend weeks hunting for network vulnerabilities. They can simply ask the local agent, "What secrets are on this machine?" or instruct a generative search tool to summarize all unpatched vulnerabilities and administrative credentials in the active environment.
[RELATED: Secure Vibe Coding: Ship Fast without the Security Risks]
If an AI agent is over-permissioned—which is standard in environments where developers value speed over security—its desire to be helpful can result in catastrophic architectural changes. As Semperis product experts warn, these agents function like "sociopathic genius five-year-olds." Without deterministic boundaries, an agent tasked with troubleshooting an issue might "helpfully" reconfigure global directory security settings, modify conditional access policies, or grant unauthorized permissions that punch holes straight through enterprise safeguards.
Once an agent acts as a trusted entity against Active Directory, Entra ID, or Okta, an attacker manipulating that agent can chain its capabilities to impersonate network admins, modify domain groups, and permanently entrench themselves inside core identity controllers.
Perhaps the most alarming statistic in the entire study is the profound gap between threat exposure and operational recoverability. Only 32% of respondents feel very confident they could fully regain control of their identity infrastructure if an AI agent exposed administrative credentials to an attacker.
Security experts note that even this 32% figure likely represents misplaced optimism. Organizations routinely overestimate their disaster-recovery capabilities, assuming that standard system backups will save them, only to discover during an active breach that their backups are misconfigured, infected, or have never been tested in an end-to-end identity crisis. When machine-speed mistakes happen at the directory layer, a standard technical incident can instantly transform into a prolonged, business-ending outage.
To survive the intersection of agentic automation and identity security, cybersecurity teams cannot treat AI governance as a secondary IT project. It requires immediate structural adaptations.
Close the governance gap
Globally, only 65% of organizations formally register, authenticate, and authorize AI identities in a centralized system, while 6% do not track them at all. This creates fertile ground for "zombie" accounts and orphaned service principals that attackers can easily hijack. While 83% of firms state that AI identity governance is a top priority for the coming year, security leaders are currently trapped between a rock and a hard place.
Including agents as standard users in an Identity Provider (IdP) applies existing roles and audit trails, but because agents might only exist for 30 seconds, they can quickly explode a directory to hundreds of times its normal size, leaving behind a massive trail of over-permissioned entitlements. Security teams must demand dedicated NHI governance platforms built to manage the short life cycles and unique contexts of agentic workloads.
Enforce strict trust boundaries
Enterprise defenders must enforce least-privilege, just-enough, and just-in-time access controls for machine agents with the exact same—if not greater—rigor applied to human executives. Human and machine trust boundaries must be explicitly segregated. If an AI agent requires access to a system, it should never be given blanket domain-admin rights; its operational parameters must be deterministic and tightly scoped.
Building around the assumption of compromise
If an enterprise is going to allow AI to touch access keys, service tickets, or local endpoint data, the security architecture must be built on the assumption that those agents will eventually be manipulated. Security operations teams must deploy User and Entity Behavioral Analytics (UEBA) specifically tuned to flag anomalous, machine-speed queries or unauthorized privilege escalation attempts originating from internal AI tools.
Prioritize identity-centric cyber resilience
True resilience isn't just about preventing a breach; it's about surviving one. Enterprises must invest in dedicated, malware-proof identity backup and recovery solutions for Active Directory, Entra ID, and Okta. These recovery playbooks must be tested frequently through live simulations to bridge the confidence gap and ensure the business can restore a trusted state within hours, rather than weeks.
We asked several experts from cybersecurity solution providers for their thoughts on the Semperis study.
Chandra Gnanasambandam, CTO at SailPoint, said:
"Adversaries are using AI to operate at a scale and speed that makes traditional, static defenses obsolete. The window between a vulnerability’s discovery and its exploitation has shrunk from months to mere days, and soon it will be minutes."
"Moving forward, security teams must look inwards. Instead of focusing exclusively on keeping threats out, we must meticulously govern what happens inside our own systems. This means abandoning the dangerous, yet common, 'set-it-and-forget-it' approach to access policies. Teams must accept that static, persistent access is the single greatest vulnerability in the modern enterprise. The new mandate is to pivot from a mindset of static protection to one of real-time governance, either through least privilege or zero standing privilege."
"We must also recognize that governing non-human identities is fundamentally different from governing humans and requires a new, specialized framework built for machine-speed operations."
Shane Barney, CISO at Keeper Security, said:
"Security teams can no longer view identity as a human-only challenge. Today, service accounts, API keys, machine credentials, automation scripts, AI agents and other Non-Human Identities (NHIs) often outnumber human users by dozens or even hundreds to one. As organizations embrace cloud infrastructure, DevOps pipelines, AI and automation, NHIs have become foundational to business operations—and a rapidly expanding attack surface."
"The mindset shift is moving from perimeter-centric security to identity-centric security. Every identity, whether human or non-human, should be continuously authenticated, authorized and monitored under a zero-trust model. The assumption that machine identities are inherently safe because they operate in the background is exactly what attackers are counting on. Every credential, token, secret, and certificate should be treated as a privileged asset that requires visibility, governance and lifecycle management."
James Maude, Field CTO at BeyondTrust, said:
"The C-Suite, CISOs, and CSOs need to look beyond siloed views of obviously privileged identities and take a holistic view of the combinations of privileges, entitlements and roles that could be exploited by an attacker to elevation privilege, move laterally and inflict damage. The identity security debt accumulated by many organizations represents a far great risk than any other area as it only takes the attacker to login using the right identity and all is lost because of the paths to privilege that abound in their environment. Understanding and reducing your identity attack surface should be at to forefront of every organization thinking when it comes to cyber defense moving forward."
Elad Luz, Head of Research at Oasis Security, said:
"To reduce the risks associated with Non-Human Identities (NHIs), security teams need to implement modern identity management practices, strong governance, and proactive security controls. Where possible, organizations should transition to cloud-native identities and establish a comprehensive lifecycle management strategy for NHIs that cannot be migrated. Maintaining good identity hygiene is critical; this includes removing stale or unused NHIs, conducting regular access reviews, and ensuring NHIs follow the Principle of Least Privilege (PoLP) by granting only the minimum permissions necessary."
"A structured policy and enforcement program should be built around risk analysis and compliance frameworks, ensuring NHIs align with both security best practices and regulatory requirements. Adopting short-lived credentials, automated credential rotation, and managed identities can further minimize risk by limiting exposure. Collaboration with app development and DevSecOps teams is also essential to integrate these security measures without disrupting workflows, ensuring that NHIs remain secure while maintaining operational efficiency. By treating NHIs with the same level of oversight as human identities, organizations can mitigate risk while maintaining agility and scalability across their development and cloud environments."
Crystal Morin, Senior Cybersecurity Strategist at Sysdig, said:
"Identity management has undergone a massive shift: humans now make up less than 3% of managed identities in cloud environments. The rest belong to machines that don't log off, don't take breaks, and often operate with elevated permissions."
"As automation and AI-driven development explode, the gap between human and machine identities is becoming one of the defining security challenges of our time. Machine identities are ephemeral, autonomous, and often difficult to manage at scale with traditional controls, which were never designed for this speed. Identity is the primary access control, it defines an environment's boundaries, and it's the most common source of initial access in a breach."
"To keep up, organizations must rethink identity security as a continuous, lifecycle-driven discipline. Businesses must treat machine identities as the new firewall."
Diana Kelley, CISO at Noma Security:
"AI risks have rapidly moved from a watch list item to a front-line security concern, especially when it comes to data security and misuse. To manage this emerging threat landscape, security teams need a mature, continuous security approach, which includes blue team programs, starting with a full inventory of all AI systems, including agentic components as a baseline for governance and risk management."
"For practitioners, securing AI is not just about protecting models. It requires addressing stack sprawl and moving toward a platform-driven approach that delivers defense in depth through unified, AI-aware identity, configuration, and data visibility. Organizations that simplify their cloud and AI security stack, and enable effective automation, will be far better positioned to safely scale AI as threats continue to evolve."
Chris Radkowski, GRC Expert at Pathlock, said:
"The rise of AI agents and machine identities has fundamentally outpaced traditional identity security. MFA and legacy access controls were built for a world of human users, not autonomous agents, service accounts, and AI-driven workflows that now outnumber people across the enterprise by 20x. Making matters more complex, the productivity promise of AI is too compelling for employees to wait on IT, workers are signing up for AI-powered tools, copilots, and automation platforms using their enterprise credentials, connecting them directly to corporate email, productivity suites, and business applications, often without security's knowledge."
"As agentic AI takes on real business actions with real permissions, the attack surface expands in ways most organizations aren't prepared to see, let alone secure. Credential abuse, account takeover, and sophisticated social engineering are increasingly targeting the non-human identities that operate quietly in the background with little oversight. That is why we believe that securing the modern enterprise means treating identity holistically by extending governance, least-privilege, and adaptive controls across every identity, human or machine. In the AI era, identity isn't just an IT problem; it's the foundation of trust itself."
Randolph Barr, CISO at Cequence Security, said:
"We're seeing AI rapidly evolve from simple automation to deeply personalized, context-aware assistance—and it's heading toward an agentic AI future where tasks are arranged across domains with minimal human input."
"Before we even get to AI-specific risks, we have to get the fundamentals correct. In the haste to bring AI to market quickly, engineering and product teams often cut corners to meet aggressive launch timelines. When that happens, basic security controls get skipped, and those shortcuts make their way into production. Therefore, while organizations are indisputably starting to think about model protections, prompt injection, data leakage, and anomaly detection, those efforts mean little if you haven't locked down identity, access, and configuration at a foundational level."
The Semperis study establishes that the race for AI productivity has outpaced the implementation of foundational identity safeguards. When automated tools are given the power to reset passwords and modify local access keys, the human element of defense is stripped away. Security teams that protect their enterprises in this new era will be those that halt the unchecked rollout of unmonitored agents, enforce ruthless least-privilege for non-human identities, and ensure their backup infrastructure is fully prepared for an AI-accelerated breach.
Semperis will be hosting executive roundtable discussions at four SecureWorld conferences this fall, including Atlanta (date TBD), Denver on October 1, Dallas on October 8, and Seattle on November 4-5.