A recent report by CyberArk has highlighted a troubling trend in cybersecurity: the rapid growth of machine identities, coupled with the adoption of artificial intelligence (AI) and cloud-native innovations, is leaving organisations increasingly vulnerable to attacks. The 2025 State of Machine Identity Security Report reveals that 81% of security leaders consider securing machine identities crucial for safeguarding the future of AI.
Top machine identity concerns
The report indicates a worrying rise in security incidents related to machine identities, such as certificates, keys, secrets, and access tokens. A staggering 72% of organisations have experienced at least one certificate-related outage in the past year, a significant increase from previous years, while 50% of security leaders reported incidents or breaches due to compromised machine identities.
As machine identities proliferate, organisations face mounting challenges in managing them effectively. The report underscores that siloed security strategies create additional risks, leading to costly outages and breaches. Notably, 51% of respondents reported delays in application launches due to machine identity compromises, while 44% experienced outages that negatively impacted customer experience.
Key findings
- Surge in Outages: Nearly three-quarters of respondents (72%) have suffered at least one machine identity-related outage in the past year, with 67% experiencing such outages monthly and 45% weekly.
- Compromised Identities: Half of security leaders reported incidents linked to compromised machine identities, resulting in significant business impacts.
- Rapid Growth: Machine identities are expected to outnumber human identities significantly, with 79% of security leaders anticipating a potential 150% increase in the next year.
- AI Threats: With AI systems becoming prime targets for cyberattacks, 81% of security leaders stress the importance of robust machine identity security to protect these systems.
- Maturity Gap: Despite 92% of security leaders indicating they have some form of machine identity security program, many lack maturity and cohesive strategies.
“Machine identities of all kinds will continue to skyrocket over the next year, bringing not only greater complexity but also increased risks,” said Kurt Sand, general manager of machine identity security at CyberArk. He emphasised the urgency for organisations to adopt comprehensive machine identity security strategies, stating, “Cybercriminals are increasingly targeting machine identities to exploit vulnerabilities, compromise systems, and disrupt critical infrastructure.”
As the landscape of cybersecurity evolves, the need for effective management of machine identities has never been more critical. Security leaders must act swiftly to mitigate risks associated with this growing threat.
