Permiso’s 2026 State of Identity Security Report, reeals that identity-related incidents now account for up to 75% of all security breaches.
This alarming trend emphasizes the urgent need for improved visibility and management of identities within organisations. The survey, conducted among over 500 security and identity professionals, highlights a dramatic decline in confidence regarding visibility, which has plummeted by 47 points. A staggering 91% of respondents anticipate explosive growth in AI-generated identities in the coming year.
The report indicates that 77% of organisations recognise identity compromise as the dominant threat vector. While 95% claim confidence in tracking non-human identities—such as service accounts and API keys—only 43% can proactively identify identity-based risks before they escalate into security incidents.
Less than half (46%) assert they have comprehensive visibility over all identities in their environment, showcasing a critical gap in identity management.
“Organisations are finally being honest about what they can't see,” remarked Jason Martin, co-CEO at Permiso. The report illustrates that the lack of real-time visibility hampers the ability to detect suspicious activities. Alarmingly, 71% of organisations believe that had they improved identity visibility, they could have prevented a substantial portion of their security incidents.
The rise of AI introduces further complications. With 95% of organisations indicating that AI systems can create or modify identities independently, and 91% expecting an increase in AI-generated identities, the situation is poised to worsen. Presently, 92% of firms have AI agents accessing production data, with 39% noting these systems can access 26-50% of sensitive information.
“Organizations lack visibility into which AI systems have access, what permissions they hold, or what they are doing with the data,” explained Paul Nguyen, co-CEO at Permiso. This lack of monitoring poses new risks, as many organizations juggle 3-10 separate tools for identity visibility, often leading to extensive manual correlation efforts.
The operational impact of these challenges is formidable. With 60% of organisations facing annual labour costs ranging from $31,000 to $125,000 for manual processes that could otherwise be automated, the efficiency of security teams is severely compromised.
Most organisations cannot quickly assess threat levels or understand the full scope of attacks, leaving them vulnerable to lateral movements by cybercriminals.
As a crucial measure to tackle these issues, nearly 90% of organisations plan to boost their identity security investments in 2026, suggesting an industry-wide recognition of the urgent need for improved identity management and monitoring.
