Security teams have long designed identity governance around human behavior: onboarding, role changes, and eventual offboarding. AI agents and other machine identities do not follow that lifecycle, and a new analysis from Netwrix argues this mismatch is quietly expanding enterprise attack surfaces.

According to the Non-Human Identity Management Group, machine identities now outnumber human users by as much as 50 to one in many environments. Some exist for only minutes, while others remain active years after the application or automation that created them has been decommissioned. Most organizations cannot reliably answer who owns these identities, why they still exist, or what data and systems they can reach.

A trusted token becomes an attack path

The report points to the 2025 breach involving threat actor UNC6395 as a case study. The group obtained an OAuth token tied to Salesloft’s Drift chat integration and used it to move through Salesforce environments across hundreds of organizations. The token was not exploited through a software vulnerability. It was already trusted, and from there attackers pivoted to AWS credentials, Snowflake tokens, and other secrets that had been stored insecurely. A single compromised machine identity opened the door to several more.

Governance gaps persist even with strong programs

Netwrix’s 2026 Data and Identity Security Report found that organizations where AI significantly expanded the number of identities in their environment reported a 43% breach rate over the prior year, compared with just 11% among organizations where AI had not meaningfully changed their identity footprint.

Notably, the organizations hit hardest were not the ones with weaker security programs. They generally had stronger governance practices than their peers, including monitoring for shadow AI and maintaining continuous visibility into sensitive data. They still got breached, suggesting that visibility alone is not sufficient when identity counts scale faster than review processes can handle.

Four questions security teams need to answer

  • What identities exist in the environment?
  • Who owns each identity?
  • What can each identity access?
  • When should that identity be retired?

The report also raises an accountability problem: when an AI agent contributes to an incident, tracing ownership, approved permissions, and access reviews back to a responsible person can be difficult, especially when agents create downstream identities and interact across systems at machine speed.

Netwrix argues that mapping sensitive data locations is only half the equation. Maintaining a current, owned inventory of every identity that can reach that data is the other half, and increasingly the identities that matter most are the ones nobody remembers creating.