With constant technological advances, changing privacy standards and regulatory enforcement, and efforts to meet consumer demand for streamlined experiences, the identity landscape is quite different from what it once was, and still evolving. The growth of agentic AI presents additional difficulties regarding unmanaged access and non-human identities.
Traditional identity governance is ineffective against hidden privilege threats due to its focus on human identities, lack of scalability and adaptability, and reliance on outdated principles and technologies. Hidden privilege threats are a significant factor in today’s landscape, and it is vital for organizations to adjust the way they approach identity and access management to account for these risks.
Introducing Secrets Insights
Global identity security leader BeyondTrust recently announced that its Identity Security Insights solution is being expanded to include Secrets Insights. Identity Security Insights is already a solution with thorough visibility into a wide variety of cloud and on-premises environments. The Secrets Insights expansion of the solution will be available later this year, offering advanced visibility into hidden risks that traditional tools often fail to address.
The new capabilities will build on the existing functions of Identity Security Insights in order to more effectively mitigate the risks of unmanaged secrets and non-human identities. With a focus on machine identities, embedded credentials, and invisible access paths, this expansion enables the discovery of unmanaged secrets and identities with access to secrets, as well as risk scoring and prioritization using exposure and privilege level analysis.
Inside the Data
The announcement of the expansion comes alongside the completion of BeyondTrust’s initial Identity Security Risk Assessments conducted for organizations, exploring the dangers associated with identity and access management in a variety of industries and company sizes. Many of the most significant findings from these assessments bolster the case for the Secrets Insights expansion’s importance.
Notably, BeyondTrust found dormant service accounts with privileges in over 70% of environments. The data also frequently shows reused credentials by human administrators across multiple accounts, which opens the door for a single credential theft to enable unauthorized access to many non-human privileged accounts. Misconfigurations in Entra Service Principals grant excessive permissions and create pathways for compromising entire Microsoft 365 environments.
Many environments contain hidden privilege escalation paths through overlooked configurations and federated systems. BeyondTrust also found Active Directory Service accounts bridging on-premises and Microsoft 365 environments, enabling attack vectors across platforms. Mismanaged GitHub repository access also leads to uncontrolled access to secrets and sensitive code, potentially endangering critical components.
Agentic AI and the Amplification of Risk
The growing popularity of autonomous AI systems magnifies identity-related vulnerabilities, as non-human identities given agency to interface with infrastructure and provision access present new and evolving risks. If unmanaged secrets and privileges go unchecked, agentic AI solutions have the potential to cause damage by mismanaging sensitive assets themselves or offering threat actors a pathway to compromise privileged accounts and infiltrate systems.
It is crucial for organizations to strike a balance between AI-driven automation and security oversight. While automated processes and agentic solutions can streamline operations and decrease burdens on security teams, they must still be implemented and managed securely with thorough policy enforcement and continuous monitoring. Advanced identity management capabilities like BeyondTrust’s Secrets Insights can help keep agentic AI solutions in check by addressing machine identity risks.
Identity Security Needs a Paradigm Shift
The identity landscape is evolving, bringing changes that demand a new approach to identity security. Traditional identity governance tools and policies are no longer sufficient to address modern threats and mitigate the risks of continually evolving technologies. “Secrets are the new identity crisis,” says Chad Cragle, Chief Information Security Officer at Deepwatch, highlighting the importance of improved visibility and insight. “If you don’t know where they are, who has access, or how they’re used, then you’ve already lost the game.”
It is crucial for organizations to implement continuous privilege discovery and secrets management that is scalable and adaptable. It is also important to ensure unified visibility across human and machine identities. Proactive risk assessment is vital to offer visibility into identities and discover and address dangers before they can cause damage. Automation is also key in the current landscape and moving forward, enabling teams to do more with the resources at hand.
A Roadmap for Organizations
Organizations are encouraged to take steps to secure their systems and resources against identity-based threats, including those presented by agentic AI solutions. Implementing zero standing privilege and least privilege for machine identities can help protect against the exposure of secrets and privilege escalation. Observing best practices for rotating and vaulting secrets also works to prevent secrets exposure and compromise. Building resilient frameworks for identity and access governance is essential in the age of AI.
