- Four in five UK enterprises suffered identity‑related breaches in 2025
- Machine identities now outnumber humans 100:1, with many AI agents accessing sensitive financial systems
- CyberArk urges unified, automated identity security as identity complexity outpaces traditional controls
Almost all enterprises experienced at least one identity-related breach in 2025, new research has claimed, in incidents where criminals logged into existing, legitimate accounts, instead of using a bug or a vulnerability to gain access.
The Identity Security Landscape Report 2026 from Palo Alto Networks’ CyberArk notes the problem is only going to get worse since the number of identities in the enterprise is also spiking, and through it – the attack landscape grows.
In fact, almost three quarters (74%) of enterprises in the UK experienced at least three successful identity-related breaches in the last 12 months.
The rise of the machines
There are multiple factors contributing to this significant rise in risk. The first one is the sheer number of accounts enterprises are handling. Today, UK organizations expect a steep rise in the number of accounts across human identities, machine identities, and AI identities.
AI & LLMs, IoT devices and bots, as well as humans using more cloud applications, are all contributing to the mushrooming of digital identities.
At the same time, more and more organizations are allowing AI agents and machine identities access to sensitive data.
Today, 34% of AI agents and 37% of machine identities can access financial records and high-value systems while at the same time, only a minority use behavioral monitoring and credential revocation for their autonomous AI agents, conversational AI agents, and GenAI agents.
CyberArk says that today, machine identities outnumber humans 100 to 1 in the UK alone. At the same time, organizations are not rethinking how identity risk is managed, resulting in increasing pressure to extend visibility, control, and governance.
Businesses must now transition from fragmented, manual oversight, to a unified, automated identity security approach, the researchers conclude. Having 100 machine identities to every human one requires a platform-driven strategy, they argue.
“The explosion of machine identities represents a fundamental shift in the enterprise attack surface,” says Rich Turner, Senior Vice President EMEA – Identity Security at Palo Alto Networks. “With AI-driven identities projected to continue accelerating in the next year, organizations are facing a reality where identity complexity is rapidly outpacing traditional security controls.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/kNeMomaQgHecAX4SDwmqCX-2560-80.jpg
Source link
