E60 - The Identities You're Not Managing Are the Ones Getting Compromised

By FIR Risk Advisory | Cybersecurity Fraud Intelligence

Weekly Risk Intelligence Brief  

Source: CyberArk — 2025 State of Machine Identity Security

The 30-Second Brief  

CyberArk’s 2025 report on machine identity security reveals a growing crisis hiding in plain sight. 50% of organizations experienced security incidents tied to machine identity compromise in the past year. Machine identities — API keys, certificates, service accounts, workload credentials — now vastly outnumber human identities. Yet only 23% of organizations prioritize them.

The result: 72% had certificate-related outages last year. Weekly outages jumped from 12% to 45% in three years. This is cyber debt compounding in real time.

The Machine Identity Explosion  

Machine Identities Now Dominate  

Every API, microservice, workload, container, and AI model requires unique credentials. Machine identities vastly outnumber human identities across enterprise ecosystems — and 79% of organizations expect up to 150% growth in machine identities this year alone.

The attack surface is expanding faster than most security teams can track it.

INTEL [TREND]: Machine identities are growing at 150% annually in most organizations, vastly outnumbering human identities. Yet only 23% prioritize machine identity security. This creates an expanding, ungoverned attack surface that threat actors are actively exploiting — 50% of organizations experienced machine identity compromises in the past year.

The Neglect Tax: Real-World Consequences  

When machine identities are compromised, the impact cascades:

• 51% delayed application launches
• 44% experienced customer-impacting outages
• 43% reported unauthorized data access

These aren’t theoretical risks. They’re operational failures affecting revenue, compliance, and customer trust.

INTEL [VULNERABILITY]: Machine identity compromise is causing measurable business impact — 51% delayed launches, 44% customer outages, 43% unauthorized data access. Organizations that treat machine identities as a secondary concern are accumulating cyber debt that manifests as operational failures.

Certificate Chaos  

72% of organizations had at least one certificate-related outage last year. The trend is accelerating:

• Monthly outages: 26% (2022) → 67% (2025)
• Weekly outages: 12% (2022) → 45% (2025)

And it’s about to get worse: Apple’s planned reduction of TLS certificate lifespan to 47 days by 2028 will compound the challenge in ephemeral cloud-native environments. Manual certificate management at this scale is impossible.

INTEL [SECTOR ALERT]: Certificate-related outages have nearly tripled since 2022, with weekly outages jumping from 12% to 45%. Apple’s planned 47-day TLS certificate lifespan (by 2028) will make manual management impossible. Automate certificate lifecycle management now — before the deadline forces a crisis.

AI Raises the Stakes  

81% of CISOs say securing machine identities is vital to protecting AI models and infrastructure. The conversation is shifting from “using AI safely” to “securing AI itself.”

Every AI model, every agent, every automated pipeline creates machine identities that need governance. As agentic AI deployments scale, so does the machine identity attack surface.

INTEL [GLOBAL RECOMMENDATION]: 81% of CISOs recognize machine identity security as vital to AI infrastructure protection. As agentic AI deployments scale, every AI model and automated pipeline creates new machine identities requiring governance. AI security and machine identity security are converging — treat them as one program.

Programs Exist — Maturity Doesn’t  

92% of organizations have some machine identity security program. But fragmented ownership between security, development, and platform teams means:

• No single team owns the full lifecycle
• Visibility gaps between teams create blind spots
• Automation remains inconsistent across environments

Having a program isn’t the same as having maturity.

What Leaders Should Do Now  

1. Prioritize machine identities alongside human ones — 50% incident rate demands equal treatment. Machine identities need the same governance, monitoring, and lifecycle management as human identities.

2. Automate certificate and credential lifecycle management — With 72% outage rates and shrinking certificate lifespans, manual management is a ticking clock. Invest in automated discovery, rotation, and revocation.

3. Unify ownership — Fragmented responsibility between security, dev, and platform teams creates gaps. Establish clear accountability for machine identity governance.

4. Shift left on AI and quantum threats — 81% of CISOs recognize the AI connection. Start governing AI model identities now, and begin evaluating post-quantum certificate readiness before adversaries force the timeline.

The Bottom Line  

Machine identities are the fastest-growing and least-governed attack surface in enterprise security. 50% incident rate. 72% outage rate. 150% annual growth. And only 23% of organizations prioritize them.

This is cyber debt — and like all debt, it compounds. The organizations that automate machine identity governance now will avoid the cascading outages and breaches that are already hitting half the market. The ones that wait will pay more later.

Find all editions on FIR Risk Tuesday | GitHub