Why Non-Human Identities Are The Fastest-Growing Risk On Your CISO's Radar
✨ AI Summary
🔊 جاري الاستماع
InnovationWhy Non-Human Identities Are The Fastest-Growing Risk On Your CISO's RadarByNidhi Jain,Forbes Councils Member.for Forbes Technology CouncilCOUNCIL POSTExpertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based)Jun 10, 2026, 09:30am EDTNidhi Jain is CEO & Founder of CloudEagle.ai, a platform helping enterprises govern SaaS, identities, and AI agents at scale. gettyAsk a CISO how many employees their company has. They will know the exact headcount.Now ask how many service accounts, API keys, OAuth tokens and AI agents are running inside their environment right now. The room goes quiet. Someone offers an estimate. Someone else says they will pull a report. Nobody is confident in the answer.That gap is no longer a hygiene issue. It is the largest unmonitored attack surface in the modern enterprise, and it has been growing in silence for a decade.Your identity count is off by an order of magnitude.Every cloud workload, SaaS integration, CI/CD pipeline and AI agent created in the past twelve months arrived with its own credentials.None of them are governed by the access reviews, joiner-mover-leaver workflows or quarterly attestations built for humans. They were provisioned, used and then forgotten.The breach data shows what happens when that gap goes unaddressed. The 2025 Verizon Data Breach Investigations Report found that credential abuse was the leading initial access vector for the second year in a row.The cost story is worse. IBM's Cost of a Data Breach Report puts the global average breach cost at $4.4 million, with breaches initiated through stolen credentials averaging $4.67 million and taking 246 days to identify and contain. That is roughly eight months of attacker dwell time before the breach is even noticed.The stolen credentials are not human. They are the static API keys, hardcoded tokens and over-permissioned service accounts that traditional IAM was never desi...
