Identity Sprawl Driven by Non-Human and Ephemeral Cloud Identities
Security teams are reporting a growing loss of certainty in identity and access management as enterprises accumulate large numbers of poorly governed identities across cloud platforms, CI/CD pipelines, and automation frameworks. The reporting describes this as identity sprawl—a systemic drift where identity creation, usage, and governance fall out of sync with traditional lifecycle and access review models designed for predictable human users.
A key driver is the rapid proliferation of non-human identities (service accounts, APIs, workloads, and increasingly autonomous/agentic systems) that can be created and discarded in seconds, outpacing visibility and privilege management controls. The articles cite investigations and threat analysis indicating attackers are weaponizing exposed identity data at scale, and report survey data that 72% of identity leaders say the threat level of identity-related attacks increased or stayed the same over the past year.
Timeline
Jan 12, 2026
Experts advocate incremental identity governance over large migrations
The articles argued that large-scale identity modernization or replacement projects are risky and often fail. They recommended incremental life cycle management and operational governance to reduce unmanaged access and keep pace with ongoing identity sprawl, particularly as AI agents enter production.
Jan 12, 2026
Privilege growth among machine identities raises access risk
The coverage highlighted that privilege is becoming widespread and persistent, especially among non-human identities, while review cycles remain focused on workforce users. This was described as creating amplified access risk and leaving unmanaged privileges in place for too long.
Jan 12, 2026
Fragmented identity tooling leaves organizations with poor visibility
The reports said identity data and controls are fragmented across multiple platforms and tools, preventing many organizations from maintaining a reliable inventory of non-human identities or understanding their effective identity posture. The visibility gap was presented as a key factor undermining consistent policy enforcement.
Jan 12, 2026
Research highlights attacker abuse of exposed identity data at scale
Research cited in the coverage said attackers are industrializing the use of exposed identity data and combining identity fragments such as credentials, cookies, attributes, and device data. This activity was described as enabling impersonation, MFA bypass, and lateral movement.
Jan 12, 2026
Identity sprawl emerges as a growing enterprise security problem
Industry reporting described identity sprawl as an expanding security issue driven by cloud adoption, automation, and AI, which are causing identity life cycles, visibility, and privilege management to become misaligned. Traditional identity governance models based on predictable human joiner-mover-leaver patterns were reported as breaking down.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Sources
Related Stories
AI and Non-Human Identity Sprawl Expands IAM Attack Surface
Reporting and commentary warn that **AI-driven non-human identities (NHIs)** are rapidly increasing the number and turnover of credentials inside enterprise IAM programs, amplifying long-standing weaknesses such as credential sprawl, unclear ownership, and inconsistent lifecycle controls. The Cloud Security Alliance’s findings highlight that many organizations treat *AI identities* like traditional service accounts or API keys, causing them to inherit existing governance gaps while adding new scale and speed pressures as identities are created programmatically, distributed across environments, and used continuously. CSO Online describes the operational drivers behind the surge—microservices, Kubernetes auto-scaling, CI/CD pipelines (e.g., GitHub Actions), and infrastructure-as-code (e.g., Terraform) generating large volumes of short-lived tokens and service principals—then argues that **agentic AI** further accelerates risk because these identities may be authorized to execute commands, move data, and change configurations autonomously. The net risk emphasized is that over-privileged AI agents and other NHIs can create breach conditions that may not resemble traditional intrusion, instead appearing as “normal” automated activity due to excessive permissions and weak visibility into post-authentication behavior.
3 days ago
Enterprise Concerns Over Securing Non-Human Identities
Organizations are increasingly challenged by the rapid proliferation of non-human identities (NHIs), such as service accounts, API keys, digital certificates, access tokens, automated bots, IoT devices, and AI agents. More than half of enterprises surveyed express uncertainty about their ability to secure these NHIs, highlighting a significant gap between the adoption of automated digital identities and the maturity of tools and processes to protect them. The complexity and diversity of NHIs, which now form the backbone of modern digital infrastructure, have outpaced traditional identity and access management strategies, leaving organizations exposed to new risks. The exponential growth of NHIs, especially in cloud-native and automated environments, has led to a situation where non-human accounts vastly outnumber human users. This expansion, combined with issues like "secrets sprawl"—where credentials are scattered across codebases and pipelines—creates opportunities for account hijacking, privilege escalation, and lateral movement by threat actors. Security experts emphasize the need for unified visibility, consistent identity policies, and automated responses to address these risks, particularly as NHIs and AI agents become more integral to business operations and the attack surface continues to expand.
3 weeks ago
Non-Human Identities and Permissions Sprawl in Enterprise Security
Enterprises are facing significant challenges in managing the rapidly expanding attack surface created by both human and non-human identities. Reports highlight that permissions and entitlements are growing at a pace that outstrips the ability of security teams to maintain oversight, with hundreds of millions of active entitlements and billions of permissions in large organizations. This complexity leads to persistent blind spots, including dormant and orphaned accounts that remain active and pose a risk for misuse, as well as the accumulation of 'identity debt' where excessive and unused access quietly increases risk over time. Non-human identities (NHIs), such as machine accounts, tokens, and keys, are becoming increasingly critical in cloud environments. Effective management of these NHIs is essential for reducing risk, improving compliance, and increasing operational efficiency. Automation and centralized secrets management are emphasized as key strategies for maintaining visibility and control over both human and non-human identities, helping organizations address security gaps and reduce operational costs associated with manual oversight and credential management.
1 months ago