Forty-to-One
Arlo Gilbert ·
For every employee at your company, there are roughly 40 non-human identities on your network. API keys, service accounts, OAuth tokens, bot credentials, CI/CD pipeline runners. And now, increasingly, AI agents.
A Cybersecurity Insiders report published this month found that 92% of organizations have no visibility into their AI-specific identities. Not limited visibility. Not partial. They can't see them at all.
This is the most straightforward security problem in enterprise technology right now, and almost nobody's working on it.
The identities nobody manages
A non-human identity is anything that authenticates to a system without a human typing in a password. Your GitHub Actions workflow has credentials. Your Slack bot has an API token. Your monitoring service has database access. Your AI coding assistant has your SSH keys, your cloud credentials, and your repository permissions, because you gave them to it when you set it up.
For most of the cloud era, the non-human identity problem was about service accounts. Companies accumulated thousands of them. Nobody labeled them. Nobody tracked who created them or knew which ones were still active. Industry research puts the ratio at somewhere between 17:1 and 45:1, depending on the sector.
Infosecurity Magazine reported on April 9 that AI agents have driven a 76% increase in non-human identities over the past year alone. These aren't the same as old-fashioned service accounts that sit in the background running scheduled jobs. AI agents make decisions, access data across multiple systems, and chain actions in real time. The old problem was dormant credentials sitting around unused. The new problem is autonomous actors with broad, active access to production systems.
November 27, 2013
On that date, attackers compromised Target's network through credentials belonging to Fazio Mechanical Services, an HVAC contractor in Sharpsburg, Pennsylvania. Fazio had remote network access for monitoring energy consumption and billing. The attackers used those credentials to pivot from the contractor portal into Target's payment processing environment. Forty million credit card numbers. Seventy million customer records. Over $300 million in settlements and remediation.
The HVAC vendor's credentials were a non-human identity. Persistent. Over-privileged. Unmonitored. Nobody at Target had a process for reviewing what that account could access, because it wasn't a person. It was infrastructure.
Twelve years later, the percentage of organizations that have fully inventoried their non-human identities is still in the single digits.
Why AI agents are different
A traditional service account does one thing. It runs a backup. It polls an API. You can scope its permissions narrowly because its job is narrow.
AI agents aren't narrow. A coding agent needs access to your source code, your CI/CD pipeline, your issue tracker, your documentation, and sometimes your production infrastructure. A customer service agent needs your CRM, your knowledge base, your order management system, and your customer data.
These agents typically inherit the permissions of whoever deploys them. When a developer sets up an AI coding assistant, the agent gets the developer's full access level. Not a scoped-down version. The full set. It can read everything the developer can read, write everything the developer can write, and reach every system the developer has credentials for.
Nobody at the company approved that access grant. It happened automatically when the developer authenticated.
The accumulation problem
Every week, more agents come online. Sales teams deploy them. Marketing teams deploy them. Engineering teams deploy them. Each one creates new credentials that connect to multiple systems.
Nobody's decommissioning the old ones. When a pilot project ends or a tool gets replaced, the tokens persist. The service accounts stay active. The OAuth grants remain valid. Cloudflare published a technical guide on April 14 covering automated revocation and scoped permissions for non-human identities, which tells you where they think the gap is. Keeper Security's April report found critical gaps in how organizations secure AI agents and machine identities. Cisco is reportedly in talks to acquire Astrix Security, a startup focused entirely on non-human identity management.
The security industry is building products for a problem that most enterprises haven't acknowledged yet.
The offboarding gap
Three engineers on a team set up AI coding agents. Each agent gets the engineer's personal access token for GitHub, a set of AWS credentials, and Slack workspace access. The agents work. The team ships faster.
Six months later, two of those engineers have left the company. Their personal accounts were deactivated during offboarding. Their AI agents were not. The agents run on separate infrastructure with separate credentials that nobody linked to the departing employees. Those agents still have valid AWS access. Still have repository access. Still have Slack access. The credentials don't expire because nobody set an expiration.
This is happening at thousands of companies right now. AI agent offboarding isn't a process that exists at most organizations, because nobody has assigned ownership of agent credentials to a team or a system. IT deactivates the human. The human's agents keep running.
What to do about it
I don't usually end with a to-do list. But this problem is concrete enough that vague warnings aren't useful.
Inventory first. Run a discovery scan across your identity providers, cloud platforms, and SaaS tools. Count every service account, API key, OAuth token, and AI agent credential in your environment. If the number surprises you, that's the point.
Treat AI agents like contractors, not like software. When you hire a contractor, they get scoped access, a defined engagement period, and an offboarding process. Apply the same to agents: specific permissions for specific systems, expiration dates on credentials, a review when the project wraps.
Separate agent identities from human identities. Stop letting AI agents inherit developer or employee credentials. Create dedicated service accounts with the minimum permissions the agent actually needs. Yes, this is more work up front. It's less work than incident response.
Rotate credentials on shorter cycles than you think. If your human passwords rotate every 90 days but your agent tokens never expire, the math is backwards. Agents run 24/7 with broader access than most employees. Their credentials should have shorter lifespans, not infinite ones.
Add non-human identities to your quarterly access review. Ask the same question you ask about human accounts: does this identity still need this access? If nobody can answer, revoke it.
The ratio is 40-to-1 and growing. Start with the inventory. You can't secure what you can't count.