"Non-Human Identities" from AI Agents Emerge as New Vulnerability for Organizations
AI Agents are generating a vast number of "non-human identities" that traditional human-centric security systems cannot manage, creating new vulnerabilities for hackers.
Cybersecurity firm Netwrix published an analysis (as a sponsored article on BleepingComputer) highlighting that the proliferation of AI Agents, or autonomous AI programs, presents a major challenge to organizational security. These Agents function as "non-human employees" needing identities and data access rights. Yet, most security systems are designed exclusively for human users, leading to an "Identity Security Gap" that is hard to observe and control.
Data from the industry group Non-Human Identity Management Group (NHIMG) indicates that in many organizations, 'machine identities' already outnumber human users by 50 to 1. Furthermore, Netwrix's "2026 Data and Identity Security Report" found that organizations with a significant increase in identities due to AI adoption had a breach rate as high as 43%, emphasizing the heightened risk.
Such vulnerabilities have already occurred, exemplified by the hacker group UNC6395, which leveraged OAuth tokens (digital keys for inter-app identity verification) from the Salesloft Drift application to infiltrate Salesforce systems of multiple companies. This highlights how connections between applications and AI Agents can serve as backdoors for malicious actors.
This trend is further corroborated by other sources; analysis firm Gartner predicts that by 2029, over 50% of successful AI Agent attacks will exploit access control weaknesses. This indicates that traditional Identity and Access Management (IAM) frameworks are no longer adequate for the AI era.
As Thai organizations increasingly adopt AI Agents, the "non-human identity" vulnerability becomes an imminent risk, potentially leading to the leakage of critical company data and customer personal information.