- The evolution and proliferation of NHI tooling has led to an environment where governance often struggles to keep pace.
- These identities often outnumber human users and can be difficult to monitor as a result.
- Proper oversight should include monitoring, rotation, and decommissioning of these entities.
Machine identities are proliferating faster than most teams can govern them, creating blind spots in access management.
Modern digital infrastructure is increasingly built on technologies designed to improve speed, scalability, and efficiency; cloud services, AI, automation, Continuous Integration/Continuous Development (CI/CD), APIs, and Software as Service (SaaS) integrations are multiplying machine identities faster than most teams can inventory or govern them. However, even as they may seem relatively invisible, these tools have led to a plethora of non-human identities in the workplace – oftentimes under managed and forgotten.
The growth of NHIs has led to the considerable outpacing of organizations’ ability to properly inventory, manage, and secure them. According to the Entro’s NHI & Secrets Risk Report, there has been a 44% increase in NHIs in 2025 compared to 2024, according to the NHI & Secrets Risk Report, illustrating just how rapidly this attack surface has expanded.
In this analysis we’ll discuss the following vectors of attack:
- SaaS Integrations
- CI/CD
- AI Driven Services and Agents
SaaS Integrations
SaaS integrations are a standard part of most workflows and help with integration across toolsets. However, with each integration comes additional credentials, tokens, and secrets. When SaaS integrations are not managed properly, this can lead to a larger attack surface.
The scale of this issue continues to grow – in 2024, GitGuardian detected 23.8 million new hardcoded secrets added to public GitHub repositories. This shows how NHIs, like SaaS integrations, can multiply the attack surface for credential and access, leading to a higher chance of secrets becoming compromised.
CI/CD
CI/CD pipelines can help accelerate software delivery but can also create additional vectors for threat actor interference. The 2025 Shai Hulud npm attack demonstrated how CI/CD pipelines can be compromised through dependencies and injecting malicious code. As an Analysis by Unit 42 notes, attacks like this can leave entities vulnerable and “cripple an enterprise's entire CI/CD pipeline” which can “potentially lock out internal systems”, again turning NHIs used to boost workflow into cyber risk.
AI Driven Services and Agents
The rise of AI has further exacerbated these long-standing challenges. While AI can provide many advantages, the National Cyber Security Centre (NCSC) notes it also has disadvantages, including a susceptibility to prompt-injection attacks and data poisoning. As organizations continue to adopt AI-driven tools, they introduce new identities, data flows, and vulnerabilities – often without corresponding governance frameworks. This results in a compounding risk in which tools intended to create efficiency result in complex ecosystems which then become difficult to secure.
National policy on AI currently prioritizes “technological growth and development over precautionary oversight.” While this allows for easier adoption and expansion of AI tools, it also places a greater burden on individual organizations to create risk management policies addressing AI’s effect on cybersecurity.
As convenient as automation can be, it is also important to acknowledge it often makes errors or contains inaccuracies as can be the case with popular AI automation. According to a study published by Georgetown University’s Center for Security and Emerging Technology, one of the best ways to curb risk created by overreliance on automated systems is to “create and maintain qualification standards for user understanding”, design and review policies, and consistently review them. While the human element will never be vulnerability free, these recommendations can help offset much of the risk associated with using NHIs.