Identity

Ghosts in the Machines: NHIs spread terror this Halloween  

Share
Futuristic ghost-like figures amid neon lights, representing AI, digital technology, and cybersecurity concepts in a virtual space.

COMMENTARY: From ghouls and ghosts to vampires and zombies, Halloween’s scariest objects are usually not human. This year, cybersecurity’s monsters are in the machines as non-human identities (NHIs) have emerged as the newest cyber terrors.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

NHI threats are very real and like a zombie apocalypse, are everywhere. So, beware! Here are three frightening trends around NHIs that need priority action in 2025:

Attacks on NHIs are the most devasting to organizations

It’s easy to chuckle about zombies, but the threat of undying NHIs to enterprise security is nothing to laugh about. IBM researchers found non-human identity based attacks are the second most frequent type of attack and the most devastating to organizations. Our own research shows there are an average of 92 non-human identities for each human identity. Yet, 91% of former employee tokens remain active, leaving organizations vulnerable to potential security breaches. Even 40% of current real, valid secrets are not being used by any application workloads, and 97% of NHIs have excessive privileges, representing an unnecessary huge risk exposure. Our researchers also uncovered the record for the oldest, active secret: a more than 20-year-old NHI token. To mitigate these risks, organizations must implement stricter controls and regular audits of NHIs and secrets management practices, ensure timely rotation of identities and revocation of access for former employees, reduce the overuse and duplication of secrets, and avoid exposing them in insecure environments.

Security teams must prioritize AI security

The use of AI to automate workflows, processes and even generate code will invariably require them to create their own sets of NHIs to do their jobs. What makes this worrisome is that attacks on large language models (LLMs) take less than one minute to complete on average, and leak sensitive data 90% of the time when successful, according to Pillar Security research. The findings, based on telemetry data and real-life attack examples from more than 2,000 AI applications, show LLM jailbreaks successfully bypass model guardrails in one out of every five attempts. The speed and ease of LLM exploits demonstrate the risks posed by the growing Generative AI (GenAI) attack surface are real. And suddenly, AI-based apps and code are everywhere. As organizations rush to embrace AI for the benefits it brings, they must equally recognize how it expands the attack surface and prioritize AI cybersecurity, especially for NHIs.  It is the main attack vector for LLM's and compromising a single LLM provides access to potentially thousands of NHIs.

CISO budget requests need new approaches

Year-after-year the specter of unfunded budget requests presents a top-of-mind concern for CISOs. PwC’s 2025 Global Digital Trust Insights survey sheds some light on why this problem will persist. Fewer than half of CEOs say their CISOs are involved to a large extent with strategic planning, board reporting and overseeing tech deployments. And, only 15% of organizations measure the financial impact of cyber risks to a significant extent, according to the research.

Given these realities, significant gaps between budget asks and gets will continue. Achieving cyber resilience at an enterprise level is critical, and getting there will require CISOs and their teams to find ways to do more with less.

Security teams can get it done by evolving better practices and automating processes. Take the example of NHIs. We have been advising customers on ways to reduce resource and budget strain in 2025 by prioritizing based on access levels and the importance of the processes they support. It’s now possible to automate the necessary processes of discovery, audits, access reviews and secrets rotations, which used to take one or two weeks per NHI.

Like most Halloween stories, it’s possible to defeat these non-human monsters. In the face of ongoing budget limitations, CISOs will have to double down on finding ways like these to improve efficiencies and automate processes. Organizations that rise to the challenge will prevail.

For those that don't respond: scary times are ahead.

Itzik Alvas, co-founder and CEO, Entro Security

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.