AI Complicates Identity Management: New Challenges Ahead
▼ Summary
– Identity security is a growing cybersecurity priority, but most organizations are at early maturity levels and rely on manual processes.
– AI-driven and machine identities are expanding rapidly, yet fewer than 40% of organizations currently govern them, creating security risks.
– IAM deployments often face challenges, with only 14% being fully successful and many running over budget or missing deadlines.
– Data fragmentation and poor quality hinder identity management, while unified data and structured processes improve success.
– Advanced organizations use automated, AI-driven identity systems with real-time risk management, but progress is uneven across industries and regions.
The landscape of cybersecurity is rapidly evolving, with identity security emerging as a foundational element for protecting enterprise systems. A recent study reveals that while the importance of identity and access management is widely acknowledged, many organizations struggle to keep pace with new complexities introduced by artificial intelligence and machine identities. This widening gap poses significant risks, making it harder for businesses to implement effective identity controls across global operations.
A substantial majority of organizations remain in the early phases of developing mature identity programs. According to the survey, sixty-three percent of companies operate within the two lowest maturity tiers, relying heavily on manual procedures and basic tools to handle user access. Only a small fraction have achieved higher levels of maturity where identity management becomes automated and responsive to real-time risk. Sectors like technology and finance tend to lead in this area, while industries such as healthcare and manufacturing, along with many organizations in Europe and Latin America, often trail behind.
Progress is not always linear. For every three organizations that improved their identity capabilities over the past year, two actually regressed. This backward movement often reflects not a reduction in effort, but the rising standards for maturity as new requirements, like managing the lifecycle of AI agents, enter the picture.
A major shift is underway in how identities are managed. Where security once centered on human users like employees and contractors, machine identities and AI-driven agents are now expanding faster than any other identity type. These non-human identities frequently operate outside consistent governance frameworks, creating dangerous blind spots. Fewer than 40% of organizations currently govern AI agents, despite expectations that their numbers will grow substantially in the coming years.
Effectively managing these identities demands new strategies. Just-in-time access, dynamic privilege adjustments, and continuous monitoring are becoming essential practices. Without them, machine identities can accumulate unnecessary permissions or remain active long after their usefulness has ended, opening doors for potential attackers.
Even with significant investment, many organizations face hurdles in deployment. Only 14% of respondents described their most recent IAM deployment as completely successful. Nearly half exceeded their budgets, and 60% missed project timelines by at least a month.
A common challenge is application onboarding. Less mature teams often lack full visibility into their application landscape and attempt to integrate too many systems at once, resulting in errors and coverage gaps. As organizations advance, the complexity only increases, those at higher maturity levels manage 3.6 times more applications, each requiring customized integration and governance.
Data quality also plays a critical role. Identity information is frequently scattered across HR platforms, cloud services, and directories. Inconsistent or poorly maintained data undermines access controls and hinders automation. Organizations that prioritize cleaning and standardizing identity data before rolling out new tools see much higher success rates.
Looking ahead, leading organizations are moving toward identity systems that are both adaptive and automated. Artificial intelligence is increasingly used to handle real-time privilege adjustments, detect anomalies, and automate responses. To reach this stage, companies must first strengthen their foundations. Unified identity data and structured deployment processes are essential, as is establishing governance that covers both human and non-human identities.
Identity has become the central control point where security policies are enforced and critical decisions are made. Its future is deeply intertwined with AI-driven governance, enabling enterprises to oversee every type of identity, human, machine, or AI agent, with unified visibility and automated resilience.
(Source: HelpNet Security)
