We know that the landscape of cybersecurity is changing faster than we can believe. Today, machine identities are the key, strategic components that require a new model of security enforcement. The Verizon 2025 Data Breach Investigations Report (DBIR) highlights a concerning trend: breaches tied to third-party users and machine accounts are accelerating, with notable implications across various sectors including healthcare, finance, manufacturing, and the public sector. When the sensitive data users are no longer human, traditional security models designed only for human users go obsolete. It’s important for organizations to adjust to the growing complexity and wide reach of machine identities.
Credential-based attacks remain by far the most common tactic for initial access to systems. Increasingly attackers are finding a fertile attack surface in these ungoverned machine accounts. They exploit an ever-increasing population of machine identities such as service accounts, bots, robotic process automation (RPAs), artificial intelligence (AI) agents and application programming interfaces (APIs). The proliferation of these machine identities frequently results from ambiguous ownership and control. In addition, this power dynamic exposes weaknesses that are easily manipulated.
The Shift from Human-Centric Models
Historically, cybersecurity strategies have focused on the human end-user and their credentials. Unfortunately, these models fail to account for the growing prevalence and importance of machine identities, which have rapidly become essential to an organization’s operations. Today, as organizations rely increasingly on automation and digital services, these machine identities have exploded. It’s alarming that the DBIR reports that third parties are now involved in breaches 30% of the time, an increase of 100% year-over-year from 15%. This change marks an urgent call for organizations to reconsider their security architecture.
In fact, inefficient lifecycle management of machine identities is a top-three challenge faced by enterprises today. Agency accounts, for example, contractor accounts could stay active for years after the completion of a project, or business partner logins could have too many privileges. Such oversights create openings for potential breaches. As a result, organizations need to broaden their identity governance practices beyond the four walls of their employees to include all machine identities.
The Importance of Visibility and Accountability
To combat the rising threat of breaches tied to machine identities, visibility and accountability must become cornerstones of cybersecurity strategies. Or companies should be doing more and faster to deactivate accounts that are no longer necessary. They need to maintain a complete, correct inventory of all third-party users and machine identities. Addressing this blind spot is critical to reversing the pace of machine identity-based attacks speeding up across sectors.
Organizations should use a risk-based approach to continuously monitor these accounts. Setting clear ownership and governance protocols is an effective way to curb risks posed by credential-based attacks. By ensuring that every machine identity is accounted for and regularly reviewed, organizations can strengthen their defenses against potential intrusions.
Adapting to the Future Landscape
AI agents are proliferating at an unprecedented pace, and machine identities are getting increasingly complex. Organizations need to quickly evolve their security approach to stay one step ahead of these developments. We agree with the DBIR that without a strong governance model in place, organizations risk exposing themselves to the growing threat of machine identities. To encourage innovation, businesses need to spend on strong identity management solutions. These solutions provide holistic visibility and control over every machine account.