Autonomous Identity Platform provider Lumos recently published the “AI, Automation, and Risk in 2026: Identity at a Breaking Point” report, exploring the state of identity in the age of AI. According to the report, identity-based attacks are now the most common initial access vector for cyberattacks. Credentials, service accounts, and API keys provide easier entry points in modern environments than the exploitation of traditional vulnerabilities. This shift reflects and informs a broader evolution in attacker strategy toward exploiting trust relationships rather than software flaws.
Machine Identities Are Quietly Outnumbering Humans
One of the most transformative trends in today’s corporate environment is the growing prevalence of non-human identities (NHIs). This includes a wide range of entities such as service accounts, bots, APIs, and automation tools. Agentic AI tools, given extensive power to act autonomously within enterprise systems, are a type of NHI that is particularly rife with dangers due to the way that they operate and their inability to discern legitimate activity from suspicious behaviors.
These identities now outnumber human users by as much as 20-to-1, introducing outsized risk that most organizations are not equipped to manage. NHIs often accumulate privileges over time and are rarely reviewed and audited for persistent permissions. Many organizations lack complete visibility into where these identities exist and what they can access, making it impossible to effectively manage and secure the enterprise environment.
Security Teams Face a Visibility Crisis
As bad actors continue to adopt new and evolving tactics and technologies, their ability to cause extensive damage in very little time grows. The Lumos report shows that 42.1% of organizations say improving Mean Time to Detection, ensuring that threats are detected quickly within the enterprise, is a top priority. This demonstrates that organizations are committed to shifting their approaches to account for modern threats growing faster.
However, detection becomes harder with the growth in both the volume and complexity of identity. Effectively protecting enterprises requires comprehensive visibility and monitoring in order to ensure that all areas are secured against threats. Security teams struggle to track all of the necessary factors—such as API integrations, SaaS permissions, machine-to-machine access, and AI agents acting autonomously—to adequately maintain the security of broad attack surfaces.
The Hidden Risk of Dormant and Forgotten Access
The most alarming vulnerabilities, as outlined in the report, often involve identities that continue to linger due to improper offboarding, while nobody remembers they exist. This includes dormant access exploitation, cited by 51.1% of security leaders in the report, and service account abuse, cited by 39.1%. These identities often retain broad privileges long after their original purpose has run its course, creating potential access points for threat actors that are not monitored or protected.
It is crucial for organizations to employ zero-trust principles and implement measures to prevent damage enabled by lasting privileges and abuse. “Access should be granted with least privilege and limited duration, and networks should be segmented so a single compromised credential does not allow threat actors to move laterally across critical systems,” according to Darren Guccione, CEO and Co-Founder at Keeper Security.
Insider Risk Remains a Major Threat
Another significant trend noted by Lumos is the fact that security failures frequently originate internally rather than from external attackers. Insider threats—whether malicious, unintentional, or compromised by outside actors—are especially insidious and difficult to defend against, as they leverage legitimate access and privileges from within the organization to carry out risky actions such as data theft, espionage, and operational damage.
Key issues in insider threat trends include insider access misuse (46.6%) and lateral movement following initial compromise (37.5%). Once attackers obtain identity credentials, often through phishing or other social engineering tactics, they are often able to move freely across systems, increasing privileges and gaining access to sensitive data and controls. This enables them to cause extensive damage while evading many threat detection measures.
The Rise of AI as a Defensive Necessity
According to the report, 50.4% of security leaders believe AI automation will have the greatest impact on threat detection and risk triage. AI can help to enhance security capabilities by monitoring identity behavior patterns, detecting anomalous privilege use, automating access reviews, and prioritizing identity-related risk.
With increasing AI use on both the attacker side and enterprise side, introducing new and evolving risks, many of the rampant threats in the AI age can only be effectively combatted with AI-empowered security measures. Security tools enhanced by AI can handle detection and analysis at a scale and speed that is impossible to match with human workers alone.
Agentic AI Introduces Both Risk and Opportunity
AI agents, acting autonomously, require identities and permissions in order to function. This increases the number of machine identities in the environment and allows agentic AI tools to carry out a wide range of actions within enterprise systems, which can simultaneously enable increased efficiency and productivity and introduce risk that traditional security tools and policies fail to mitigate.
AI agents can be jailbroken and manipulated by outside actors, as well as having the potential to cause inadvertent damage due to not having the same training and understanding that human users have. At the same time, AI enables continuous monitoring and automated response at a scale beyond what human teams can reasonably achieve alone.
Identity Security Is Becoming the Foundation of Cyber Defense
This report just provides additional evidence of what we already know about the current threat landscape: that the traditional perimeter security model is no longer sufficient. Modern security strategies increasingly revolve around identity visibility, governance, and privilege management, prioritizing tools and measures that account for new and evolving risks. Organizations that fail to modernize identity security risk leaving critical systems exposed.
