A new study shows a widening gap in enterprise security as organizations expand the access of non-human and AI-driven identities without the visibility and controls required to secure them.
The research from Keeper Security surveyed 109 cybersecurity professionals at the RSA Conference 2026 and finds 46 percent of respondents report that AI-powered tools have access to critical systems and data, while 76 percent say those identities are not consistently governed under privileged access policies.
“AI and automation are expanding how systems interact and access an organization’s data,” says Darren Guccione, CEO and co-founder of Keeper Security. “That shift introduces new complexity around identity, and requires a unified approach to visibility and control across both human and non-human access.”
Only 28 percent of organizations report full visibility into non-human identities (NHIs) across cloud, on-premises and SaaS environments, while 53 percent identify lack of visibility into AI, automation and machine access as their top risk. Without centralized visibility, security teams can’t consistently enforce least-privilege access or monitor how identities are used, increasing the likelihood of excessive privileges and unmanaged access.
Only 26 percent of organizations report using automated detection and response to monitor NHI activity. Most continue to rely on manual processes that are not designed to scale in environments driven by automation and continuous system-to-system interaction. More than 40 percent of respondents report experiencing a security incident involving non-human identities or credentials in the past year, while 32 percent are unsure whether such an incident has occurred, highlighting ongoing detection gaps.
Commenting on the findings Mark McClain, CEO at SailPoint, says:
AI is impacting the enterprise in profound ways –starting with the explosive growth of NHIs. Every automated workflow, smart application, and AI agent is a new ‘who’ that needs to be seen, managed, and secured.
The more autonomous and agentic software becomes, the more essential enterprise identity security becomes. And addressing this challenge for large, complex enterprises at today’s scale, sophistication and dynamism cannot be replicated by AI alone. However, AI, coupled with the extensive domain knowledge that companies like SailPoint have built over decades, will prove itself a true game-changer in the coming years.
You can find out more on the Keeper site.
Image credit: BiancoBlue/depositphotos.com
