25-06-2025
Is Your Business Ready To Secure Non-Human Identities?
Arun Shrestha, BeyondID CEO & cofounder, has 20+ years in enterprise software with leadership roles at Oracle, Sun, SeeBeyond & Okta.
The world's largest enterprise software providers—including Salesforce, Adobe and Oracle—are rushing to deploy enterprise-ready AI agents designed to boost productivity, automate workflows and streamline operations.
Yet this wave of innovation brings with it an urgent and largely overlooked security threat: the explosion of non-human identities (NHIs). These include service accounts, API keys, machine credentials and, increasingly, autonomous AI agents that are deeply integrated into core business systems, entrusted with accessing sensitive data and executing tasks without human oversight.
If compromised, AI agents could impersonate employees, exfiltrate confidential information or quietly disrupt operations at scale while evading traditional security measures.
The Surge In Non-Human Identities
Managing identity in the enterprise is no longer just about people. NHIs now outnumber human identities at a staggering rate. According to PwC, "It's estimated that an average of 45 non-human identities for every 1 human identity exist within an organisation," with some experts predicting this ratio will eventually reach 100:1.
We estimate that there will be approximately 64 devices and AI agents for each online user by 2030, so with 5.5 billion people online today, this equates to managing 352 billion unique digital identities.
Most organizations remain unprepared. Identity-first security has historically focused on protecting people. That mindset must expand immediately to include the growing ecosystem of devices, workloads, and autonomous agents powering modern enterprises.
Why Every AI Agent Needs An Identity
Salesforce's launch of Agentforce 2dx signals a new era of autonomous AI in the enterprise. According to Salesforce, these agents have handled over 500,000 customer conversations, and they're now resolving 84% of customer queries. Microsoft is following suit with Tenant Copilot and Agent Factory, embedding agentic AI as digital coworkers across enterprise environments.
These developments underscore why identity management is no longer optional. Just as every human employee requires secure credentials, so too must every non-human entity. Without proper identity governance, compromised AI agents can operate undetected, extracting sensitive data or corrupting core processes.
Building An Identity Fabric For Humans And Machines
Organizations must evolve their identity security programs to account for the full spectrum of human and non-human identities, including:
• Automated provisioning and deprovisioning of AI agents and machine credentials to avoid orphaned identities and minimize attack surfaces.
• Fine-grained authorization controls to limit what autonomous agents are permitted to access or perform.
• Unified access management (UAM) that spans human and machine identities across cloud and on-premises environments.
• AI-powered anomaly detection to flag suspicious behavior that traditional tools might miss.
• Cross-platform identity correlation to unify identity views and maintain compliance.
Leading vendors like Okta and CyberArk are actively developing tools for securing NHIs and agentic AI, adding embedded authentication and governance controls to reduce risk.
To stay competitive and secure in an AI-driven landscape, enterprises must adopt a forward-looking identity strategy that balances innovation with risk mitigation. Organizations must align the behavior of autonomous agents with internal security policies and governance frameworks to ensure that these agents act within established organizational boundaries.
At the same time, companies must keep pace with evolving data and AI regulations to avoid compliance pitfalls, particularly as non-human identities become more prevalent. Finally, as AI agents transform traditional roles and workflows, businesses must invest in workforce transformation. Namely, reskilling employees to effectively collaborate with their digital counterparts and adapt to new operational models.
Adapting Security For An AI-Powered Future
The agentic AI market is projected to grow to $24.50 billion by 2030, at a CAGR of 46.2%. As adoption accelerates, the ability to govern NHIs will be a defining factor in whether organizations capitalize on AI or fall victim to its vulnerabilities.
The rise of autonomous AI agents represents both a productivity breakthrough and a cybersecurity wake-up call. Organizations that adapt now, by modernizing identity security frameworks and treating every AI agent, device and workload as a first-class identity, will be positioned to thrive.
Those that don't may find that their greatest competitive asset has become their most dangerous liability.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
