CyberArk research exposes major gaps in privileged access security

New research from CyberArk reveals a stark gap between organizational confidence and actual practice in securing privileged access, with just 1% of firms having fully implemented a "Just-in-Time" model despite the rapid adoption of AI and cloud services, according to Security Brief Australia.

The study of 500 U.S. professionals found that 91% of organizations still have at least half of their privileged access as "always-on," granting persistent, standing privileges that reflect outdated IT models. This comes as AI and non-human identities, such as service accounts and software bots, become pervasive, with 45% of respondents applying the same controls to AI agents as humans and 33% lacking clear AI access policies altogether, creating a significant new blind spot.

CyberArk CEO Matt Cohen stated that the nature of privileged access "has fundamentally changed," arguing that industry-wide modernization is overdue. The research also highlights the routine problem of "shadow privilege," with 54% of organizations discovering unmanaged privileged accounts weekly, and a tension between security and speed, as 63% of employees admit to bypassing controls to work faster.