AI/ML, Identity

Survey: 92% fail to rotate machine credentials

(Adobe Stock)

A new SANS Institute survey exposes a dangerous asymmetry between the explosive proliferation of non-human identities and the outdated governance mechanisms meant to contain them, leaving enterprises critically exposed as agentic AI systems gain autonomous access to core infrastructure, according to ITPro.

The research found that while three-quarters of organizations are deploying AI agents requiring privileged credentials, five percent of security leaders are completely unaware whether such systems even exist within their environments. The credential hygiene picture is equally bleak: ninety-two percent of firms fail to rotate machine secrets on a standard ninety-day cycle, with many teams paralyzed by the fear that changing a key will trigger cascading service outages.

"Organizations are giving AI systems real decision-making power faster than they're building the governance to control it," warned SANS instructor Richard Greene. Unlike static service accounts, AI agents interpret instructions dynamically and can hallucinate or escalate actions unpredictably. Yet no single protective measure, whether human-in-the-loop approvals, sandboxing, or comprehensive audit logging, is deployed by more than forty percent of respondents, creating a vast and largely unsupervised attack surface populated by autonomous software operating with effectively perpetual credentials.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds