The non-human identity governance vacuum
Machine and AI-agent identities now outnumber humans about 45 to 1, and most enterprises have no policy to provision or retire them. NHI is the fastest-growing unmanaged attack surface, and the binding control is inventory, not perimeter.
Holding·reviewed5 Jun 2026·next+77dBottom line. The Cloud Security Alliance puts non-human identities at roughly 45 to 1 over human users, and 78% of organisations have no documented policy to create or retire AI identities. Sophos ties weak NHI management to 41% of identity incidents. The reading is consistent across both: the machine-identity problem is now a scale-and-governance problem, and the first control that matters is an inventory with a lifecycle, not another perimeter tool.
Three datasets published within four weeks of each other in May 2026 describe the same gap from different angles. The Cloud Security Alliance’s 20 May 2026 whitepaper, The Non-Human Identity Governance Vacuum, reports that non-human identities now outnumber human users by an average of 45 to 1, rising to 144 to 1 in cloud-native environments, and that 78% of organisations have no documented policy for creating or removing AI identities, 51% report no clear ownership of AI identities, and only 20% have a formal process to offboard and revoke API keys. Sophos’s State of Identity Security 2026, a survey of 5,000 security leaders across 17 countries published 12 May 2026, found 71% suffered at least one identity-related breach in the past year at a mean recovery cost of $1.64 million, with weak NHI management cited in 41% of incidents.
The CISO who ran the Sophos research put the mechanism plainly:
“AI agents are being granted privileges faster than security teams can track them, and organizations that fail to get ahead of this will find it an increasingly costly gap to close.”
— Ross McKerchar, Chief Information Security Officer, Sophos, on the 12 May 2026 findings.
| Source (2026) | Finding | Figure |
|---|---|---|
| CSA, 20 May | NHI-to-human ratio (average) | 45 to 1 |
| CSA, 20 May | No policy to create or retire AI identities | 78% |
| CSA, 20 May | Formal API-key offboarding process | 20% |
| Sophos, 12 May | Identity incidents involving weak NHI | 41% |
| Sophos, 12 May | Mean breach recovery cost | $1.64M |
| Gartner, 28 Apr | Agents per Fortune 500 firm by 2028 | 150,000 |
Sources: CSA, Sophos, Gartner.
Identity governance built for humans does not survive a 45:1 ratio
The throughline across the three datasets is that the controls enterprises have were designed for a human lifecycle. Provisioning, joiner-mover-leaver, periodic access review and offboarding all assume an identity that exists for years and belongs to a person with a manager. A non-human identity breaks every one of those assumptions: an AI agent’s credential can be minted in a continuous-integration job and orphaned the same afternoon, with no owner, no review date and no offboarding trigger.
Gartner’s 28 Apr 2026 projection that an average Fortune 500 firm will run over 150,000 agents by 2028, up from fewer than 15 in 2025, with only 13% of organisations believing they have adequate agent governance, is the same gap stated as a forward curve. The identities are multiplying on an agent timescale; the governance is still on a human one. That mismatch is the vacuum, and it shows up in the architecture work we cover in the agent identity and IAM read and the non-human identity for AI agents piece.
The exposures are old; the scale is new
For a CISO, the uncomfortable detail is that none of this is a novel attack technique. The exposures Sophos names, API keys stored in code, static credentials, orphaned service accounts, have been on every cloud-security checklist for a decade. What changed is volume and velocity. At a 45 to 1 ratio, the long tail of forgotten machine credentials is no longer a hygiene nuisance; it is the largest unmanaged surface in the estate, and AI agents are extending it faster than any prior class of workload.
The reason the gap persists is the one the data keeps pointing at: there is no inventory. You cannot rotate, scope or revoke a credential you do not know exists, and 78% of organisations cannot list their AI identities to a policy. The procurement-side version of this gap shows up in the NHI procurement clause gap read, and the build-or-buy version in the Okta-versus-specialist NHI vendors comparison.
The first move is not a purchase
The first control is an inventory with an owner and a lifecycle, not a new detection product bolted onto the perimeter. Gartner’s own six-step sequence starts the same way: establish governance policy, then build a centralised agent inventory, then define an identity, permission and lifecycle model before anything else. The order matters, because monitoring and remediation only work against a known population.
One unhedged line for the security leader: treat every non-human identity as having a defined owner and an expiry by default, and treat anything that cannot be assigned one as a finding, not a footnote. That single rule, applied at creation time, is what closes the vacuum, and it is cheaper than any breach in the Sophos cost column. The discovery discipline that feeds it is the same one in the shadow-AI discovery playbook.
Holding-up note
The primary claim of this piece (that non-human identities now outnumber human identities by roughly an order of magnitude while most enterprises lack any provisioning or offboarding policy for them, making NHI the fastest-growing unmanaged attack surface, and that the binding control is inventory and lifecycle governance rather than perimeter security) is on a 90-day review cadence. Three kinds of evidence would move the verdict: a subsequent large-sample dataset showing the NHI-to-human ratio or the policy-gap figures compressing materially; a standards or platform shift (for example, broadly adopted workload-identity attestation) that makes lifecycle governance a default rather than a project; or breach data showing perimeter controls, not inventory, are what separates the affected from the unaffected. The Holding-up record for AM-204 captures what changes, dated. Figures are from the CSA, Sophos and Gartner as of 5 Jun 2026.
Cite this article
Pick a citation format. Click to copy.
Spotted an error? See corrections policy →
Reasoned disagreement is a first-class signal here. Every review cycle weighs documented dissent; material dissent becomes part of the article's change history. This is not a corrections form — use /corrections/ for factual errors.
Non-human identity →
How enterprise IT manages AI agents as first-class identities — lifecycle, credentials, procurement clauses, audit. 4 other pieces in this pillar.