Replicants in the directory: The gap between AI agents and identity security

6 Min Read
6 Min Read

Written by Grady Summers, Netwrix CEO

Safety was constructed for folks. AI brokers are exposing that hole.

Forty-four years after Blade Runner imagined replicants strolling amongst us, safety groups are managing their very own model of the non-human workforce.

These replicants have already got accounts, privileges, and entry to delicate knowledge. These are AI brokers, service accounts, OAuth functions, workload identities, and the rising variety of machine identities that already outnumber folks in lots of enterprise environments.

This distinction is necessary as a result of id safety is constructed round human conduct. Folks be part of corporations, change roles, take holidays, and ultimately go away. These lifecycle occasions grew to become the premise for id governance. Machine IDs not often comply with that sample.

In response to the Non-Human Id Administration Group, machine identities now outnumber human customers by as a lot as 50 to 1 in lots of environments. Some exist for a number of minutes. Others stay lively for years after the appliance or automation that created them is forgotten.

Most organizations nonetheless battle to reply primary questions like who owns them, why do they nonetheless exist, and what have they got entry to?

See also  Cryptocurrency exchange HTX rejects UK sanctions allegations and announces refusal to list ruble stablecoin

Belief grows quicker than governance

In 2025, an attacker tracked as UNC6395 obtained an OAuth token related to Salesloft’s Drift chat integration and used it to maneuver by Salesforce environments throughout tons of of organizations.

This token was not harmful because it exploited a software program vulnerability. It was harmful as a result of he had already trusted me.

From there, the attackers gained entry to AWS credentials, Snowflake tokens, and extra secrets and techniques saved in locations they should not be. One trusted machine ID is now a path to many extra machine IDs.

AI brokers don’t trigger this downside. They speed up it. Organizations are deploying AI brokers that create identities, inherit privileges, work together with programs, and develop the variety of trusted credentials working inside their environments.

If safety groups do not know these identities exist or do not perceive what they’ve entry to, the assault floor grows silently within the background.

Id packages are constructed for folks

I’ve spent my profession in id and safety, and id was on the coronary heart of practically each incident my staff investigated. My credentials have been stolen. I forgot my permissions. Entry that survives past the worker or system to which it was initially issued.

See also  Maine breach portal exploited to publish fake data breach disclosures

AI is just not creating new id issues. We’re exposing one thing that already existed.

A human id program assumes somebody owns the account, periodically checks for entry, and ultimately deletes the account. AI brokers do not naturally match into that lifecycle. They’re created robotically, inherit permissions from different identities, work together with the system at machine velocity, and may even create further identities on the fly.

In consequence, the id inhabitants is rising quicker than most governance processes are designed to deal with.

Many organizations know they’re deploying AI quicker than they will handle it, however they do not know the place the gaps are.

The Netwrix AI Maturity Evaluation benchmarks your group’s id, knowledge, and AI governance practices, identifies strengths and blind spots, and supplies actionable suggestions for mitigating AI-related dangers.

→ Take a free AI Maturity Evaluation

Visibility is just not adequate

In response to our 2026 Information and Id Safety Report, organizations the place AI considerably elevated the variety of identities of their atmosphere reported a 43% year-over-year breach price, in comparison with 11% for organizations the place AI didn’t considerably change their id footprint.

What was stunning was not the violation price. Who was compromised?

Organizations which have quickly expanded their ID numbers by AI usually report having stronger governance practices than different organizations. They’re now extra more likely to monitor shadow AI, handle non-human identities, and keep steady visibility of delicate knowledge.

See also  Bybit bets on meme coin mania with $100,000 in prize money for $TRUMP token trading

They invested within the playbook. They’re nonetheless being compromised.

Safety groups want ongoing solutions to 4 questions: What sorts of identities exist? Who owns them? What have they got entry to? When will it stop to exist?

With out these solutions, every new deployment of AI will quietly develop the variety of trusted identities working in your atmosphere.

accountability points

If an AI agent is concerned in a safety incident, who owns its id? Who accredited its permission? Who opinions its entry? Who decides when it needs to be retired?

For service accounts, there’s often a path. If brokers function at machine speeds, creating downstream identities and interacting between programs, the road to people can rapidly disappear.

Realizing the place delicate knowledge resides is barely half the equation. The opposite half is understanding all of the IDs which have entry to your knowledge, sustaining a present stock, and ensuring every ID has a transparent proprietor.

Crucial trusted identities aren’t at all times monitored by safety groups. More and more, they change into issues that nobody remembers creating.

To learn the way organizations are adapting id safety to AI, try our 2026 Information and Id Safety Report.

Sponsored and written by Netwrix.

TAGGED:
Share This Article
Leave a comment