This is Part 3 of Sage IT’s AI Security Series. Read Part 1: “AI Destroys. AI Shields.” | Part 2: “Your Employees Fed Your Trade Secrets to AI.”
In Part 1, we showed how AI is weaponizing cyberattacks at an unprecedented scale. In Part 2, we showed how your own employees are creating data exposure through shadow AI adoption. Now we turn to the attack vector that connects both problems, and that is rarely monitored in most enterprises.
In January 2024, a nation-state threat group called Midnight Blizzard breached Microsoft’s corporate environment. They didn’t phish an employee. They didn’t exploit a zero-day vulnerability. They compromised a legacy OAuth application, a forgotten, unmanaged non-human identity that had full privileges to access Microsoft’s production environment.
The result: unauthorized access to corporate email accounts of senior Microsoft leadership and exfiltration of sensitive communications.
Microsoft. A company that literally builds identity security products. Breached through an identity nobody was watching.
In October 2025, the Crimson Collective breached Red Hat’s self-managed GitLab instance used by its consulting division. The attackers exfiltrated 570 GB of compressed data from over 28,000 private repositories, including approximately 800 Customer Engagement Reports containing infrastructure configurations, authentication tokens, API keys, database connection strings, and deployment details from client environments.
Red Hat confirmed the breach publicly. FINRA issued a formal cybersecurity advisory urging financial firms to assess their exposure. The leaked data reportedly referenced organizations across every sector: financial services, technology, telecommunications, government agencies, and healthcare. One breach. One consulting platform. Eight hundred organizations potentially exposed.
How did it happen? Embedded credentials, non-human identities, accumulated in repositories over years of consulting engagements. Those credentials became authentication vectors into customer environments.
And in late 2025, researchers discovered that a single leaked GitHub access token from a Home Depot employee had been publicly accessible for over a year, granting read and write access to hundreds of private source code repositories and connected cloud infrastructure. Despite multiple external alerts, the token remained active for months.
This isn’t an isolated incident.
These breaches share exactly one thing in common: the attacker came in through a non-human identity.
The Identity Crisis Nobody Is Talking About
For the past two decades, the identity security industry has been laser-focused on human users. We built MFA. We deployed passwordless authentication. We implemented privileged access management. We created zero-trust architectures that verify every human access request.
And we completely ignored the other 98% of identities in the enterprise.
Non-human identities, service accounts, API keys, OAuth tokens, service principals, certificates, webhooks, and bot credentials outnumber human users by 25 to 50 times in a modern enterprise. Research from Astrix Security puts the number at approximately 45,000 NHIs for every 1,000 human employees.
These identities run your CI/CD pipelines. They connect your SaaS applications. They power your cloud automation. They enable your AI agents to access production data. They are the connective tissue of every modern enterprise.
And the vast majority of them have never been audited, never expire, and operate with permissions that would make your CISO lose sleep if your CISO knew they existed.
Why NHIs Are the Perfect Attack Vector
Attackers have figured out what most security teams haven’t: compromising a machine identity is easier, quieter, and more valuable than targeting a human.
They don’t require phishing. You can’t phish a service account. But you can find its credentials hardcoded in a public GitHub repository, embedded in a Docker container image, or stored in an environment variable file left on an exposed server. In late 2025, Flare researchers discovered more than 10,000 Docker Hub container images leaking production API keys, cloud tokens, and CI/CD credentials pushed into public repositories, often unintentionally by developers at major enterprises.
They bypass MFA. Non-human identities authenticate with static credentials, API keys, client secrets, certificates. There is no second factor. There is no push notification. The credential is the identity.
They don’t trigger behavioral alerts. Your UEBA system knows what “normal” looks like for a human user, login times, locations, access patterns. For a service account that runs 24/7 from a cloud IP, there is no “abnormal.” An attacker using a compromised service account looks identical to the legitimate automation. This is precisely the scenario we described in Part 1, where AI-powered behavioral detection becomes essential for defending against threats that bypass traditional security.
They persist indefinitely. When an employee leaves, HR triggers offboarding. Access is revoked. When a service account is no longer needed, what happens? In most organizations: nothing. Research from Entro Security found that 97% of NHIs have excessive privileges. Just 0.01% of machine identities control 80% of cloud resources.
The security industry is converging on a clear consensus: machine identities will become the primary breach vector in cloud environments in 2026. Tenable predicts it. Delinea predicts it. One Identity predicts it. CSO Online has called it the biggest security blind spot of the year.
The AI Agent Multiplier
If the NHI problem wasn’t alarming enough, AI agents are about to pour gasoline on it.
Every AI agent deployed in your enterprise needs non-human identities to function. Microsoft Copilot requires access to your SharePoint, OneDrive, email, and calendar. GitHub Copilot connects to your repositories. Your marketing team’s AI assistant pulls data from Salesforce. Your operations team’s AI agent writes to production databases.
Each of these agents inherits permissions that are often granted hastily, rarely reviewed, and never revoked. They operate autonomously, making decisions about what data to access, what actions to take, and what systems to query, all authenticated by NHI credentials that most security teams have never inventoried.
This is where Parts 2 and 3 of this series converge. In Part 2, we described the shadow AI problem, employees adopting unauthorized AI tools that create data exposure. Every one of those shadow AI tools creates non-human identities: OAuth tokens connecting to your CRM, API keys accessing your repositories, service accounts reading your cloud storage. The shadow AI problem IS a non-human identity problem. They are two faces of the same risk.
DTEX’s 2026 Cost of Insider Risks Report found that 44% of firms agree that malicious use of AI agents will increase data theft risk, yet nearly half reported minimal or no visibility into agent activity. Only 19% classify AI agents as equivalent to human insiders for governance purposes.
One Identity has predicted that 2026 will see the first major breach traced directly to an over-privileged AI agent. The terrifying part: it won’t look like an attack. It will look exactly like the system doing what it was designed to do.
The OWASP NHI Top 10: A Wake-Up Call
In December 2025, OWASP published its first-ever Non-Human Identity Top 10, a framework ranking the most critical NHI security risks. This is the organization behind the Web Application Top 10 that defined application security standards for two decades. The fact that they’ve now published an NHI-specific framework signals that this problem has reached critical mass.
The top risks include: improper offboarding of NHIs, secret leakage in code and configuration, overprivileged NHIs with broad access, insecure authentication methods, and insufficient monitoring and logging of NHI activity.
Every item on this list is a finding we see in every enterprise assessment we conduct. Not some. Every.
What Your Organization Needs to Do Now
Step 1: Discover your NHI universe. You cannot secure what you cannot see. Pull a complete inventory of service accounts from your identity providers (Entra ID, Okta, AWS IAM, GCP IAM). Map all OAuth grants across your SaaS ecosystem. Identify every API key, webhook, and service principal connected to AI systems. Most organizations that attempt this for the first time are shocked by the volume and by how many NHIs belong to former employees, canceled projects, and decommissioned systems.
Step 2: Assess the risk. For every NHI, determine: What permissions does it have? When was it last used? Are its credentials static or rotating? Does it have an owner? Is it connected to an AI system? NHIs that are dormant, orphaned, overprivileged, or connected to AI services should be flagged as critical risk.
Step 3: Establish lifecycle governance. Treat NHIs like human employees. They need onboarding (provisioned with minimum permissions), regular access reviews (are these permissions still needed?), and offboarding (decommission when no longer needed). Implement automated credential rotation. Replace long-lived secrets with short-lived tokens wherever possible.
Step 4: Monitor continuously. Integrate NHI behavioral monitoring into your SOC operations. Alert on: credential usage from unusual locations, scope expansion of OAuth tokens, dormant NHIs suddenly becoming active, and NHI activity outside approved time windows. As we outlined in Part 1’s discussion of AI-powered defense, behavioral anomaly detection is the most effective way to catch compromised machine identities, because traditional security tools were never designed to watch them.
The Clock Is Running
The gap between human identity security maturity and non-human identity security maturity is the largest vulnerability in enterprise cybersecurity today. It’s not a future risk. Breaches are happening now, at Microsoft, at Red Hat, at Home Depot, at hundreds of organizations that haven’t made headlines yet.
The organizations that act now, that inventory their NHIs, assess their risk, and build governance before a breach forces their hand, will be the ones that don’t end up explaining to their board how a forgotten service account from a cancelled project brought down the house.
The ghosts are already in the machine. It’s time to turn on the lights
Coming next in Part 4: Sage IT launches its AI Security Practice, the answer to everything this series has uncovered.
