Non-human identities: The silent workers who hold the keys to the kingdom.
Insecurity in the shadows: New data on the hidden risks of non-human identities
NHIs outnumber human users 50 to 1 in 2025.
They’re everywhere
We estimate that NHIs now outnumber human users 50 to 1—and that number will continue to grow. The scale of the problem—and the growing attack surface that comes with it—is rapidly becoming unmanageable.
of organizations cannot prevent the misuse of service accounts in real time.
They’re under-protected
NHIs cannot be protected like human users. Multi-factor authentication (MFA) is not applicable, and passwords cannot be easily rotated in a privileged access management (PAM) vault due to the risk of crashing critical processes.
of all users are service accounts with high access privileges and low visibility.
They’re over-privileged
NHIs typically have high access privileges in excess of what they need to complete their tasks. If compromised, this can allow access outside of their intended use, making them lucrative targets for lateral movement.
of organizations have full visibility into their on-prem service accounts.
They’re under-observed
NHIs are easy to create and difficult to monitor. With no centralized visibility, no organized onboarding and offboarding process, and a chronic lack of ownership, NHIs are often left to their own devices.
Why are NHIs a major security risk?
NHIs outnumber human users 50 to 1 in 2025.
They’re everywhere
We estimate that NHIs now outnumber human users 50 to 1—and that number will continue to grow. The scale of the problem—and the growing attack surface that comes with it—is rapidly becoming unmanageable.
of organizations cannot prevent the misuse of service accounts in real time.
They’re under-protected
NHIs cannot be protected like human users. Multi-factor authentication (MFA) is not applicable, and passwords cannot be easily rotated in a privileged access management (PAM) vault due to the risk of crashing critical processes.
Non-human identities: The silent workers who hold the keys to the kingdom.
They’re under-observed
of organizations have full visibility into their on-prem service accounts.
of organizations have full visibility into their on-prem service accounts.
of organizations have full visibility into their on-prem service accounts.
NHIs are easy to create and difficult to monitor. With no centralized visibility, no organized onboarding and offboarding process, and a chronic lack of ownership, NHIs are often left to their own devices.
NHIs are easy to create and difficult to monitor. With no centralized visibility, no organized onboarding and offboarding process, and a chronic lack of ownership, NHIs are often left to their own devices.
NHIs are easy to create and difficult to monitor. With no centralized visibility, no organized onboarding and offboarding process, and a chronic lack of ownership, NHIs are often left to their own devices.
Insecurity in the shadows: New data on the hidden risks of non-human identities
They’re over-privileged
of all users are service accounts with high access privileges and low visibility.
NHIs typically have high access privileges in excess of what they need to complete their tasks. If compromised, this can allow access outside of their intended use, making them lucrative targets for lateral movement.
Why are NHIs a major security risk?