Non-Human Identity Security: An Attack Surface You Can’t See
Eighty percent of breaches begin with identity. But most organizations are still treating identity as an access control problem — a gate to pass through — rather than an attack surface to monitor, baseline, and defend continuously.
When security practitioners talk about identity, they typically mean user authentication. MFA enforcement, password policy, privileged access management (PAM) — controls designed to keep the wrong person from logging in. That framing made sense when the identity surface was primarily human, but it no longer meets the challenge.
The modern enterprise identity fabric contains five distinct identity classes, most of which traditional IAM architectures were not designed to govern. Human accounts (the original target of identity controls) represent a shrinking fraction of the total identity population. Service accounts, machine identities, OAuth tokens, workload identities, and AI agent credentials collectively outnumber human accounts in most organizations, often by a ratio of 82 to 1. Most of them have elevated permissions. Almost none of them are behaviorally baselined. Many of them are never reviewed at all.
| 88% | Of basic web application attacks used stolen credentials (Verizon DBIR 2025) |
| 30% | Of all incidents began with valid account abuse (IBM X-Force Threat Intelligence Index) |
| 292 days | Average to identify and contain a credential-based breach (IBM 2025) |
| 82:1 | Machine-to-human identity ratio in typical enterprise environments (CyberArk 2025 Identity Security Landscape) |
The five classes and why each is different
Human accounts carry the highest individual blast radius when compromised, particularly privileged accounts. But they also carry the most governance investment. MFA is widely deployed for human identities. Behavioral anomaly detection for humans exists in most mature security programs. While access over-provisioning is still a common occurrence, human identity management is not the biggest threat. The challenge is that human identity governance was built for a binary trust model (authenticate, then trust) rather than a continuous verification model.
Service accounts are the most commonly abused non-human identity class. They frequently carry far more permissions than their declared function requires, deployed against a broad permission set and rarely reviewed. In many organizations, many service accounts have never been audited after initial provisioning. Some are “owned” by systems, applications, or projects that no longer exist. These are orphan credentials with a blast radius that can include production environments.
OAuth tokens present a different problem. They are granted through consent flows that users rarely read carefully, often to third-party applications that acquire permissions far in excess of their stated function. Token scope right-sizing — auditing what each OAuth token is authorized to access versus what it actually needs — is not a standard organizational practice. It should be at least a weekly one.
Workload identities — the credentials used by cloud workloads, containers, and serverless functions — are particularly attractive targets because they often carry infrastructure-level permissions and are provisioned automatically at deploy time. The 2025 Salesloft Drift breach involved adversaries stealing OAuth tokens from a chatbot and using them to access hundreds of Salesforce instances (Google Threat Intelligence Group, 2025). A single compromised workload identity with over-privileged scope can become a cloudwide vulnerability and attack surface.
AI agent credentials are the newest class and the fastest growing. Every internal AI agent connected to production data or enterprise communication channels has an identity. That identity carries permissions. Those permissions are almost never JIT-scoped. As an example, an agent that has standing read access to the customer database for the purposes of feature testing that completed months ago is a standing attack surface. Those credentials are often never revoked because it is largely unmanaged.
The behavioral baseline is the prerequisite for everything
Every identity detection capability depends on an expected behavioral baseline, otherwise you can’t detect anomalous authentication behavior. You cannot detect a service account that is being abused for lateral movement if you have never mapped what that service account legitimately calls. Behavioral baselines are not just features of security tooling, they are data structures that must be deliberately built and continuously maintained.
For human identities, the baseline captures authentication timing patterns, device fingerprints, geographic access patterns, and the set of resources each identity normally accesses.
For machine identities, it captures which services each identity calls, at what frequency, and with what response patterns. Deviation from baseline can be the first indication of a malicious signature, and what enables detection of credential-based attacks that leave no malware behind.
“We have realized that AI Agents are synthetic identities. We have to identify them like we would a human. Authenticate them, scope what that agent can and should be able to do, and then maintain observability fine enough to detect anomalous behavior quickly.”
— David Malcom, In Balance IT cybersecurity practice lead
JIT access and NHI lifecycle governance
Just-in-time access architecture eliminates standing privileges, which are the most exploitable condition in the enterprise identity fabric. Under JIT, credentials are issued per task, scoped to the minimum permissions required, and expire automatically on task completion. The standing attack surface is reduced to near zero because there are no standing permissions to compromise.
NHI lifecycle governance is the operational practice of tracking, rotating, right-sizing, and decommissioning non-human identities throughout their lifecycle. The target: All machine identities with active rotation, documented ownership, and current scope documentation. Given the increased attack surface and the machine speed threat actors, these tactics have become basic discipline, applied to a class of assets that most security teams have historically treated as invisible.
Identity as telemetry infrastructure
The identity fabric, when properly instrumented, is one of the most reliable sources of high-fidelity threat telemetry in the enterprise. Every authentication event, every privilege use, and every lateral movement attempt leaves a trace in identity logs.
The organizations that treat identity as a gate (validate credentials, grant access, stop watching) throw away this telemetry the moment the authentication succeeds. The organizations that treat identity as a battlefield collect and analyze that telemetry continuously because they understand that the authentication succeeding is not evidence that the session is safe.
ITDR — Identity Threat Detection and Response — is the operational program that turns identity telemetry into detection and containment capability. It is not a product category. It is a program that combines behavioral baselining, anomaly detection, and automated response across all five identity classes, continuously.
The identity question to ask this week
How many non-human identities does your organization currently have documented with active ownership, rotation schedules, and scope reviews? If the answer is a percentage below 90, the identity attack surface is larger than your security program currently addresses.
About This Series
This post is the third in the Adaptive Defense series. Each article addresses a specific domain where traditional frameworks fall short of today’s agentic AI threat landscape.
Post 1 — Why NIST, ISO 27001 & COBIT Can’t Keep Up With AI Threats
Post 2 — Agentic Adoption, the New Pattern for Cybersecurity
Post 4 — Your Coding Agents Have Admin Rights and Trust Issues