Skip to main content
Threat IntelligenceEmerging Threats

AI Agents Expose Identity Security Gap

Blurred laptop on minimalist desk in neutral room conveys vulnerability.

"Security was built for people. AI agents are exposing the gap," Grady Summers, CEO of Netwrix, writes — and the evidence he cites makes that warning concrete.

UNC6395 and the Drift–Salesforce chain

In 2025 a threat actor tracked as UNC6395 obtained an OAuth token tied to Salesloft's Drift chat integration and used it to move through Salesforce environments across hundreds of organizations. The token did not exploit a software flaw so much as exploit trust: because the machine identity was already trusted, attackers pivoted from that single token to reach AWS credentials, Snowflake tokens, and "additional secrets stored where they shouldn't have been." That episode is the source's central example of how one machine identity can become a wormhole to many others.

Machine identities now outnumber people — sometimes by a lot

According to the Non-Human Identity Management Group, machine identities now outnumber human users by as much as 50 to one in many environments. These non-human identities take many forms: AI agents, service accounts, OAuth applications, workload identities, and other machine credentials. Some are ephemeral, existing for minutes; others remain active for years after the application or automation that created them has been forgotten. The result: organizations often cannot answer basic questions about who owns them, why they still exist, or what they can access.

Identity programs were built for human lifecycles — AI agents don't follow them

Summers argues that traditional identity governance assumed human behavior: employees join, change roles, take leave, and eventually depart. Those lifecycle events became the backbone of review and removal processes. Machine identities rarely follow that pattern. AI agents can be created automatically, inherit permissions, interact across systems at machine speed, and even spawn downstream identities as they operate. Netwrix's analysis frames AI not as a creator of a fundamentally new problem but as an accelerant that exposes and multiplies pre-existing identity gaps.

Four operational questions every security team must answer

Netwrix identifies four continuous answers security teams need to keep control of identity risk: What identities exist? Who owns them? What can they access? When should they no longer exist? The 2026 Data and Identity Security Report cited in the source found a stark correlation tied to those failures: organizations where AI significantly expanded identity counts reported a 43% breach rate over the prior year, compared with 11% among organizations where AI hadn't significantly changed their identity footprint. Notably, many of the breached organizations had invested in governance practices — monitoring shadow AI, governing non-human identities, and maintaining continuous data visibility — yet still suffered incidents. That points to a gap between policy and operational reality: visibility alone, Summers warns, is not sufficient.

What this means for security teams, enterprise leaders, and adversaries

  • Technologists and security teams: Expect identity inventories to grow faster than traditional review cycles. The source argues teams must maintain continuous inventories and clear ownership for every identity that can reach sensitive data, because the most dangerous trusted identities may be the ones "nobody remembers creating."
  • Affected enterprises and procurement leaders: Rapid AI adoption often outpaces governance. The report cited urges practical assessment: Netwrix offers an AI Maturity Assessment that benchmarks identity, data, and AI governance practices, identifies blind spots, and delivers recommendations aimed at reducing AI-related risk.
  • Adversaries and threat actors: The UNC6395 case demonstrates the strategic value of exploiting trusted non-human credentials. When a single OAuth token or service account is already trusted across systems, it becomes a high-leverage target for lateral movement and secret harvesting.

Accountability is the thorn at the center of the problem. Service accounts sometimes leave an audit trail; AI agents that create downstream identities and behave at machine speed can quickly sever any clear line back to a human approver. That ambiguity — who approved an agent's permissions, who reviews its access, who decides when it should be retired — is where governance must catch up to automation.

Summers' prescription, implicit throughout the report, is practical and procedural: maintain current inventories of all identities, assign clear owners, continuously answer the four operational questions, and treat machine identities as first-class citizens of identity governance. For organizations adopting AI faster than they govern it, the next step he offers is an assessment to map strengths and blind spots.

As the Netwrix piece frames it, the technical challenge is straightforward to state and hard to solve: trust has scaled faster than governance. The central unresolved question it leaves on the table is operational — can organizations translate visibility and policy into continuous, accountable control before the next trusted token becomes a pathway for attackers?

Read the original Netwrix analysis on BleepingComputer