Non-human identities now center of enterprise risk

Security Brief Australia reports that security leaders marking Identity Management Day are sounding an urgent alarm over the explosive growth of non-human and AI-driven identities, warning that enterprises are rapidly scaling autonomous agent deployments while the governance frameworks needed to constrain their privileged access remain dangerously immature.

Delinea CEO Art Gilliland highlighted a stark "AI security paradox," noting that while 83% of Australian firms claim readiness for automation, 40% admit their identity controls for AI systems are deficient because teams still treat agents "as tools, when they actually behave like privileged users." WatchGuard's Anthony Daniel reinforced the threat shift, observing that attackers now "simply log in" with stolen credentials, exploiting the 96% of malware now concealed within encrypted channels. Ping Identity CIO John Cannava stressed that the traditional login boundary has dissolved, demanding continuous runtime evaluation of every high-impact action.

Meanwhile, ClickHouse executive Paul Davis pointed to recent billion-dollar acquisitions in the identity sector as proof that securing machine and agent identities has become a standalone discipline, requiring real-time correlation across SSO, cloud IAM, and application logs at a scale legacy SIEMs cannot sustain.