ConductorOne has released its second annual report, the 2025 Future of Identity Security, revealing how security leaders are tackling today’s identity security challenges and preparing for a future increasingly influenced by AI agents.
Based on a survey of nearly 500 security leaders in the U.S., the study highlights a significant shift towards the adoption of agentic AI, despite concerns about its associated risks.
The findings reveal that an overwhelming 89% of respondents intend to implement AI agents in their security operations within the next two years. This push for AI integration is often driven from the top, with 43% of respondents noting that their board or executive team is actively advocating for enhanced AI adoption in security practices.
Remarkably, 98% of participants indicated that their planned deployments of agentic AI would extend beyond non-critical tasks, even as 83% expressed concerns regarding the risks posed by such technology.
“When you think about identity in 2025, you can’t ignore the impact of AI agents. Boards are pushing for it, employees are excited to use it, and security leaders see the potential of agentic AI to supercharge operations,” stated Alex Bovee, CEO and co-founder of ConductorOne.
“Rather than hesitating, security leaders are accelerating their efforts to harness AI for enhanced productivity and the delivery of previously unattainable outcomes.” Alex Bovee
Key findings
- Rising identity attacks: A staggering 82% of respondents reported experiencing at least one cyberattack or data breach in the past year, attributed to improper access or over-privileged users—an increase from 77% in 2024. In response, 84% of organisations are increasing their Identity and Access Management (IAM) budgets, signalling a commitment to addressing these urgent threats.
- Pressure on security leaders: Preventing cyber threats is the primary pressure faced by security professionals, with over a quarter reporting high or very high stress levels due to the burden of ensuring security.
- Urgency of Non-Human Identities (NHIs): A significant 93% of security leaders view the risks associated with NHIs as urgent, with 24% categorising these risks as “extremely urgent.” More than half prioritise NHI security on par with, or higher than, traditional human user security.
- Top use cases for AI agents: Security leaders identified network monitoring and analysis (49%), Security Operations Centre (SOC) automation (47%), and access requests/account provisioning (46%) as the top areas for AI implementation.
- System complexity challenges: For the second consecutive year, 50% of respondents cited existing system complexity as the biggest challenge in IAM.
- Focus on security improvement: A total of 77% stated that their foremost IAM priority for the upcoming year is to enhance security, followed by reducing risk (60%) and achieving compliance (50%).
The report underscores a clear correlation between the urgency of identity security issues and the increasing willingness of security leaders to adopt agentic AI solutions.
Those who experienced multiple identity compromises in the past year were 17% more likely to consider AI for identity and access controls, illustrating a proactive approach to mitigating risks in an evolving digital landscape.