Identity Security Market Matures as AI-Driven Risks Surge Ahead of World Identity Management Day 2026
The identity security landscape has undergone significant transformation over the past year, highlighted by major acquisitions such as Palo Alto Networks’ $25 billion purchase of CyberArk and CrowdStrike’s acquisition of SGNL for $740 million. These developments indicate a pivotal shift in the industry, recognizing identity as a distinct discipline rather than merely a feature within a broader security framework. This evolution is underscored by the growing prevalence of machine identities, which now vastly outnumber human identities. Credential-based attacks have surpassed traditional malware as the primary method of infiltration, while AI-generated identity fraud has emerged as a pressing concern, exemplified by recent cases where fabricated documents were allegedly used to secure approximately $1 billion in fraudulent loans.
The Rise of Agentic Identity Security
The emergence of agentic identity security introduces a new layer of complexity to the identity conversation. AI agents are increasingly accessing systems, making decisions, and acting on behalf of organizations. This shift necessitates a focus on ensuring that these agents receive only the access they require, while continuously verifying compliance with established boundaries. Achieving this level of security demands real-time correlation of identity events across various platforms, including Single Sign-On (SSO) providers, cloud Identity and Access Management (IAM) systems, application logs, and privileged access tools. Traditional Security Information and Event Management (SIEM) platforms often lack the speed and scalability needed for this task. As we approach 2026, safeguarding identities will require a comprehensive approach that encompasses human, machine, and agent identities.
John Cannava, CIO at Ping Identity, emphasizes that the urgency surrounding Identity Management Day has intensified this year. Organizations are not only managing human identities but also grappling with the governance of AI systems as they assume increasingly autonomous roles. The impact of AI on identity management is likely to be more profound than anticipated, necessitating an evolution in security strategies.
Continuous Evaluation of Access
In this new paradigm, the login process is no longer the sole security boundary; access must be continuously assessed and enforced. In agentic systems, risk does not cease at sign-in; it evolves dynamically as users and systems interact. Identity verification can no longer be a one-time event; it must be an ongoing process, particularly during high-impact actions. This shift has led to the growing importance of zero trust and decentralized identity frameworks, which aim to mitigate risks while allowing businesses to operate efficiently. As AI-driven attacks increasingly target centralized data and attempt to impersonate legitimate users, organizations must eliminate single points of failure and verify every access request in real time, regardless of the source.
Art Gilliland, CEO of Delinea, notes that the focus must remain on securing the workforce, maintaining customer trust, and delivering seamless digital experiences. The future of identity security hinges on the ability to adapt to this dynamic, continuous model of trust.
The AI Security Paradox
Non-human identities, particularly AI agents, are rapidly becoming a significant source of enterprise risk. A recent survey revealed that while 83% of Australian organizations claim readiness for AI-driven automation at scale, 40% acknowledge shortcomings in their identity governance for AI systems. This discrepancy arises from a common misconception: teams often treat AI agents as tools rather than privileged users. This creates what has been termed the “AI security paradox,” where organizations accelerate their AI initiatives without adequately controlling access to sensitive resources. This oversight can lead to dangerous blind spots, unchecked privileges, and a lack of accountability for actions taken by AI agents.
Anthony Daniel, Managing Director for Australia, New Zealand, and the Pacific Islands at WatchGuard Technologies, highlights that modern cybercriminals often bypass traditional hacking methods, opting instead to log in using stolen credentials. Attackers exploit identity to gain access, utilizing encrypted channels and legitimate tools to blend into trusted environments. Once inside, they can navigate systems laterally without triggering alarms, rendering conventional defenses ineffective. According to WatchGuard’s Internet Security Report, there has been a staggering 1,548% increase in new, unique malware, alongside a rise in threats designed to evade detection. With 96% of malware now delivered over encrypted channels, visibility is diminishing while the capabilities of attackers continue to expand.
Shifting Focus to Identity Risk Management
This Identity Management Day calls for a paradigm shift from access management to identity risk management. Organizations must continuously assess behavior, context, and intent, connecting identity with endpoint and network signals to detect potential compromises earlier. In an environment where attackers can easily masquerade as legitimate users, identity is no longer just a component of the attack chain; it is where the attack begins and where control must be established.
Sean Deuby, Principal Technologist at Semperis, underscores the evolving nature of identity. The rapid rise of AI and its impact on non-human identities has brought unprecedented attention to identity security. However, the challenges faced today echo long-standing issues in identity management. The priority for IT has always been to enable business operations, often at the expense of managing the identity components created for that purpose.
The reality is that identity governance and administration (IGA) often become an afterthought unless mandated by regulatory requirements. This neglect has persisted throughout the history of IT. The accumulation of daily decisions regarding identity management can lead organizations to possess thousands of under-regulated non-human identities (NHIs), commonly referred to as service accounts. These NHIs are frequently overprivileged, underprotected, and neglected, making them attractive targets for threat actors.
As organizations increasingly rely on cloud services and AI technologies, the risks associated with NHIs are magnified. The rapid proliferation of these identities outpaces that of human identities, creating a significant security challenge. Organizations must take immediate action to implement controls and discover existing identities within their systems. Understanding the scope of these risks is crucial, as organizations cannot effectively manage what they do not know exists.
In conclusion, the identity security market is evolving rapidly, driven by technological advancements and the increasing complexity of identity management. Organizations must adapt their strategies to address the unique challenges posed by AI and non-human identities. As the landscape continues to shift, the focus must remain on securing identities in a manner that supports both operational efficiency and robust security measures.
Source: www.cyberdaily.au
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
