AI agents as threat multipliers
Why CISOs should rethink now
Based on findings from the Rubrik Zero Labs report “Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats”.
AI agents are currently on everyone’s lips: Their rapid integration into business processes is fundamentally changing the threat landscape. With every new AI-based workflow, additional non-human identities (NHIs) and agent-based access points are created – a development that dramatically expands the attack surface of many companies. The latest Rubrik Zero Labs report shows: Identity security is becoming a strategic risk for corporate management.
AI agents increase attack surface – and decrease recoverability
According to the Rubrik Zero Labs report, 89% of organisations have already integrated AI agents into their identity infrastructures, and NHIs are now growing over 80 times faster than human accounts. At the same time, 58% of CISOs expect at least half of all attacks to use AI agents in the next twelve months.
This dynamic is accompanied by a declining ability to recover quickly: only 28% of companies believe they will be able to recover from a security incident within 12 hours (previous year: 43%). In the case of ransomware attacks, 89% paid a ransom to get back to work at all.
The report puts it in a nutshell: Attackers no longer break in, they simply log in with stolen access data. Compromised agent identities create an overlooked Achilles’ heel that previous IAM models do not cover.
AI agents as a governance gap: New tasks for CISOs
The explosive growth of NHIs is leading to identity flows that are difficult to control, dynamic authorisations and an almost unmanageable number of autonomous access instances.
The consequence: Classical identity and access management (IAM) is no longer sufficient.
This is also reflected in the market movement:
- 87% of companies are changing their IAM provider or are planning to do so.
- 58% cite security concerns as the main reason.
This creates a new area of responsibility for CISOs: the introduction of governance-based control mechanisms specifically for AI agents – including transparent authorisation models, telemetry and identity resilience.
What CISOs and information security managers should do now
-
- Complete inventory and classification of all NHIs & AI agents
Transparency about agent identities, credential usage and authorisations is a basic requirement for any protective measure
- Complete inventory and classification of all NHIs & AI agents
Strict rightsising models and zero-trust controls for agents
AI agents must only be granted the minimum necessary authorisations; automated secrets rotation and logging must be mandatory.
- Establish identity resilience as the core of incident response
Recovery processes for compromised identities – human or AI-based – must be tested, time-optimised and integrated into the cyber resilience strategy.
Conclusion
AI agents present security managers with new identity-based risks. The study by Rubrik Zero Labs clearly shows that companies are increasingly coming under pressure where they are most vulnerable, namely with identities that are not visible enough, are too widely authorised or are technically difficult to control.
For CISOs, this means: Identity security must be fundamentally rethought in the age of AI agents – preventively, operationally and resiliently.
As the first global standard for AI management systems, ISO 42001 provides valuable guidelines for the responsible development and use of AI systems. CIS Certification offers both training and certification to the standard for AI. Our team looks forward to your enquiry!
Reference:
Rubric Zero Labs, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, 2024/2025.
Full report: https://zerolabs.rubrik.com/reports/the-identity-crisis
More news
