Keeper Security has released its latest global report, which examines the challenges cybersecurity decision-makers face as identity ecosystems expand. According to the report, legacy tools and unchecked AI adoption are widening security gaps that attackers exploit.
Conducted with 3,200 cybersecurity decision-makers and senior IT leaders across the United States, Europe, Asia-Pacific and the Middle East, Identity Security at Machine Speed explores how the rapidly expanding identity ecosystem — spanning employees, contractors, third parties and machine accounts — is reshaping enterprise security strategy.
Among the key findings:
- Identity sprawl is a near-universal challenge: Nearly nine out of ten senior IT leaders report that managing the growing identity footprint is challenging, reflecting the scale and complexity of modern security environments.
- Control is fragmented, not consolidated: Identity authority is often distributed across systems, with no single cybersecurity control plane. Globally, 96 percent cited disconnected or poorly integrated security tools as creating exploitable gaps.
- Detection of unauthorized activity is lagging: In 72 percent of organizations, credential misuse is not detected in real time, with most taking hours, and in some cases, days or weeks to identify unauthorized privileged access.
As AI adoption accelerates, new governance gaps are emerging:
- AI usage is multiplying NHIs: 43 percent of respondents globally identified AI-related non-human identity (NHI) management and security as a top identity governance gap.
- Employee AI use is a top concern: Over half (56 percent) of respondents are concerned about employees inadvertently exposing sensitive information to AI systems.
- Shadow AI creates blind spots: A lack of visibility into the AI tools employees use was identified as a significant governance gap by 42 percent of organizations globally.
U.S. respondents reflect particular urgency, with 73 percent citing disconnected or poorly integrated tools as creating exploitable gaps, compared with 63 percent globally.
“AI agents, service accounts and machine identities radically outnumber human users in many environments. Most organizations lack the capabilities in their current identity security stack to govern them. Every unmanaged identity is a prime target for attackers,” said Darren Guccione, CEO and co-founder of Keeper Security. “Given the accelerated proliferation of AI and machine identities within enterprise infrastructure, the implementation of pervasive identity governance with real-time detection and least-privilege enforcement is essential.”
