AI Agents Are Accelerating Non-Human Identity Growth
Forty-four years after Blade Runner imagined replicants walking among us, security teams are managing their own version of a non-human workforce. These aren't fictional bioengineered beings, but they're no less real: AI agents, service accounts, OAuth applications, workload identities—the growing swarm of machine identities that already outnumber people in many enterprise environments.
Here's the thing most teams don't want to hear: identity security was built around human behavior. People join companies, change roles, take vacations, eventually leave. Those lifecycle events became the foundation of identity governance. Machine identities rarely follow that pattern.
According to the Non-Human Identity Management Group, machine identities now outnumber human users by as much as 50 to one in many environments. Some exist for minutes. Others remain active years after the application or automation that created them has been forgotten.
Most organizations still struggle to answer basic questions about who owns these identities, why they still exist, or what they can access.
The problem isn't new. AI is just making it worse.
The Drift Breach: How One Token Became a Pathway
In 2025, a threat actor tracked as UNC6395 obtained an OAuth token associated with Salesloft's Drift chat integration and used it to move through Salesforce environments across hundreds of organizations.
The token wasn't dangerous because it exploited a software vulnerability. It was dangerous because it was already trusted.
From there, attackers reached AWS credentials, Snowflake tokens, and additional secrets stored where they shouldn't have been. One trusted machine identity became the path to several more.
This is the pattern that keeps me up at night. Not the flashy zero-day exploits or the sophisticated ransomware campaigns. The quiet ones—the breaches that happen because someone, somewhere, granted an identity access it didn't need and then forgot about it.
The Drift breach shows how a single trusted credential can become an entire attack pathway. And with AI agents multiplying across environments, the number of those trusted credentials is growing faster than most security teams can track.
Why AI Agents Make It Worse
AI agents don't create this problem. They accelerate it.
Organizations are deploying AI agents that create identities, inherit permissions, interact across systems, and expand the number of trusted credentials operating inside the environment. If security teams don't know those identities exist—or don't understand what they can access—the attack surface grows quietly in the background.
Human identity programs assume someone owns an account, reviews access periodically, and eventually removes it. AI agents don't naturally fit that lifecycle. They can be created automatically, inherit permissions from other identities, interact with systems at machine speed, and even create additional identities as they work.
The result is an identity population growing faster than most governance processes were designed to handle.
I've spent my career in identity and security, and identity was at the center of nearly every incident my teams investigated. Stolen credentials. Forgotten permissions. Access that outlived the employee or system it was originally issued to.
AI isn't creating a new identity problem. It's exposing one that already existed.
The Breach Rate Reality Check
Our 2026 Data and Identity Security Report found that organizations where AI significantly expanded the number of identities in their environment reported a 43% breach rate over the previous year, compared with 11% among organizations where AI hadn't significantly changed their identity footprint.
The surprising part wasn't the breach rate. It was who got breached.
Organizations where AI rapidly expanded identity counts generally reported stronger governance practices than their peers. They were more likely to monitor shadow AI, govern non-human identities, and maintain continuous visibility into sensitive data.
They invested in the playbook. They still got breached.
This is what makes me uncomfortable about the current state of identity security. You can do everything right—implement governance frameworks, maintain visibility tools, establish review processes—and still get hit if your identity population is growing faster than your ability to understand it.
The data doesn't lie: if AI has significantly expanded your identity count, you're four times more likely to experience a breach than organizations where AI hasn't changed your identity footprint.
And that's not even the worst-case scenario. That's with strong governance practices in place.
The Four Questions Every Security Team Must Answer
Security teams need continuous answers to four questions:
What identities exist? You can't govern what you can't see. If your identity inventory is incomplete, you're already behind.
Who owns them? For a service account, there's usually a trail. For an agent operating at machine speed, creating downstream identities, and interacting across systems, that line back to a person can disappear quickly.
What can they access? Knowing where sensitive data lives is only half the equation. Knowing every identity that can reach that data, maintaining a current inventory, and ensuring each identity has a clear owner is the other half.
When should they no longer exist? Human identity programs assume accounts eventually get removed. AI agents don't naturally fit that lifecycle. They keep working, keep creating identities, keep expanding access.
Without those answers, every new AI deployment quietly expands the number of trusted identities operating inside the environment.
The accountability question isn't theoretical. When an AI agent contributes to a security incident, who owns that identity? Who approved its permissions? Who reviews its access? Who decides when it should be retired?
The trusted identities that matter most aren't always the ones security teams are watching. Increasingly, they're the ones nobody remembers creating.