Security vulnerabilities in hybrid identity environments are proving difficult to manage, with organizations experiencing declining security performance, according to the 2025 Purple Knight Report from Semperis, reports Security Brief Australia.
Based on assessments using the Purple Knight tool, the average initial security score dropped from 72 to 61 out of 100 year-over-year, signaling growing gaps in defending platforms like Active Directory, Entra ID, and Okta. Mid-sized organizations fared worst, averaging a score of 52, while government and retail sectors scored lowest among industries. The weakest areas included Active Directory infrastructure and account security. "Hybrid identity environments are complex, and threat actors know it," said Sean Deuby, Principal Technologist at Semperis. However, organizations following Purple Knight's remediation guidance saw average improvements of 21 points, with some gaining up to 61 points. With endorsements from the Five Eyes alliance and over 45,000 deployments, Purple Knight has become a trusted benchmark for strengthening identity security amid rising threats.
Based on assessments using the Purple Knight tool, the average initial security score dropped from 72 to 61 out of 100 year-over-year, signaling growing gaps in defending platforms like Active Directory, Entra ID, and Okta. Mid-sized organizations fared worst, averaging a score of 52, while government and retail sectors scored lowest among industries. The weakest areas included Active Directory infrastructure and account security. "Hybrid identity environments are complex, and threat actors know it," said Sean Deuby, Principal Technologist at Semperis. However, organizations following Purple Knight's remediation guidance saw average improvements of 21 points, with some gaining up to 61 points. With endorsements from the Five Eyes alliance and over 45,000 deployments, Purple Knight has become a trusted benchmark for strengthening identity security amid rising threats.
