New research from Rubrik Zero Labs highlights a critical and growing challenge for enterprises: AI-driven identities are straining identity and access management (IAM) systems and leaving organizations vulnerable to cyberattacks.
The report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, reveals that as companies integrate AI agents into workflows, non-human identities (NHIs) now outnumber human users 82-to-1, creating a massive, under-the-radar attack surface.
“I could have unlimited amounts of technology in place. But if someone socially engineers our support desk to hand over admin passwords, that’s the end of the game,” said **Andrew Albrech, CISO at Domino’s. “Identity resilience is key.”
AI Agents Expand the Attack Surface
The rise of agentic AI—autonomous AI systems performing tasks across enterprise systems—is creating new identity challenges. According to Rubrik:
- 89% of organizations have fully or partially incorporated AI agents into their identity infrastructure, with another 10% planning to do so.
- 58% of IT security leaders expect at least half of cyberattacks in the next year to be driven by AI agents.
“Managing identities in the era of AI has become a complex endeavor,” said Kavitha Mariappan, Chief Transformation Officer at Rubrik. “Attackers aren’t breaking in—they’re logging in. Comprehensive identity resilience is now critical to cyber recovery.”
Growing Investment in Identity Resilience
As awareness of these risks rises, organizations are taking action:
- 89% plan to hire professionals over the next 12 months to strengthen identity management and security.
- 87% are actively switching or planning to switch IAM providers, with 58% citing security concerns as the primary driver.
Yet confidence in recovery remains shaky:
- Only 28% believe they can fully recover from a cyber incident in 12 hours or less, down from 43% in 2024.
- 58% expect recovery to take at least two days to restore full operations.
- Among organizations hit by ransomware in the past year, 89% paid a ransom.
Identity Resilience: From Nice-to-Have to Critical
The Rubrik report emphasizes that IAM tools alone are no longer enough. Organizations must adopt a comprehensive identity resilience strategy, incorporating AI-aware monitoring, rapid recovery procedures, and safeguards for both human and non-human identities.
As AI adoption accelerates across enterprises, CIOs and CISOs are being forced to rethink identity management, balancing innovation with risk mitigation. The stakes are clear: in a world dominated by AI agents, a single compromised credential can have catastrophic consequences.
Power Tomorrow’s Intelligence — Build It with TechEdgeAI
