We locked the entrance door. The again door has been open this complete time.
Why the NHI explosion is completely different this time
Machine identities should not new. What modified is the speed. 5 years in the past, a typical enterprise utility was a monolith speaking to a database. Right now, that very same utility is 50 microservices, every needing credentials to speak to the others. Each Kubernetes pod that spins up throughout auto-scaling creates workload identities. Each GitHub Actions workflow generates tokens. Each Terraform run provisions service principals. I watched a single deployment pipeline create extra machine identities in 20 minutes than our complete firm had human customers.
Then got here agentic AI, and the issue accelerated once more. These should not chatbots answering questions. They’re methods authorised to execute instructions, transfer manufacturing information, modify configurations and set off downstream workflows autonomously. Microsoft Copilot has entry to your SharePoint. GitHub Copilot can decide to your repos. The AI assistant your advertising and marketing crew simply deployed can pull buyer information from Salesforce. One Identification is predicting 2026 will see the primary main breach traced again to an over-privileged AI agent. The terrifying half? It is not going to seem like an assault. It is going to look precisely just like the system doing what it was designed to do.
