AI and quantum computing widen the machine identity security gap – Partner Content

Unfortunately, gaps in machine identity security may allow attackers to access sensitive data and systems, making an effective cybersecurity strategy a key priority, according to identity management provider CyberArk.

Machine identities include certificates, keys, secrets and access tokens. They are exploding within organisations amid rising AI adoption, cloud native innovations and shorter machine identity lifespans. With generative AI and agentic concepts working by connecting disparate datasets–with each connection secured by an identity–AI looms large on the machine identity threat horizon. 

AI systems a growing target for cyberattacks

CyberArk research reveals that, as AI systems become a growing target for cyberattacks, 77% of security leaders in Australia believe machine identity security will play a vital role in securing the future of AI. Seventy-seven percent say securing AI models from manipulation and theft means putting greater emphasis on the need for machine identity authentication and authorisation.

Kurt Sand, GM of Machine Identity Security at CyberArk, also pointed out that larger organisations will have to address the issue of replacing potentially hundreds of thousands of identities with identities resistant to powerful quantum computing assaults on encryption. “The journey to becoming quantum-proof must start now,” said Sand. “In the coming year, companies will start replacing untrusted certificate authorities (CAs) as part of their transition to quantum-resilient systems.” 

CyberArk points to weaknesses in machine identity security, such as unprotected API keys and the malicious signing of code certificates, as presenting opportunities to penetrate organisations’ environments. 

Research conducted by the vendor revealed the frequency of outages had surged dramatically, with more than two-thirds (69%) of respondents experiencing at least one certificate-related outage in the past year. Sixty three percent were experiencing outages monthly and one third (33%) weekly. The business impacts of machine identity-related compromises were substantial. Two-fifths (41%) of security leaders reported security incidents or breaches linked to compromised machine identities in the last year, with 45% of those caused by SSL/TLS certificates – 12% above the global average. 

These led to delays in application launches (48%), unauthorised access to sensitive data or networks (40%) and outages impacting customer experience (29%).

“Despite its urgency and importance, security teams continue to underestimate the significance of protecting machine identities,” said Sand. “And when they do tackle the issue, they find it harder to address than securing human identities.”

Unfortunately, the gap between machine identity growth and security capability is only likely to grow as AI and quantum computing take-up continues.

The CyberArk research points out the scale of the disconnect between perception and reality in machine identity proliferation. It revealed machine identities outnumbered human identities by about 45:1, considerably above the ratio of about 5:1 that most survey respondents believed was the case.  

That ratio is unlikely to remain static, with more than four fifths (81%) of Australian security leaders expecting the number of machine identities to increase. Nearly three quarters (73%) predict machine identities will grow by up to 50% and 6% forecast growth of more than 50%.  

While 89% of security leaders reported some type of machine identity security program, considerable work needs to be done to modernise and mature these programs. Respondents reveal the lack of a cohesive machine identity security strategy as their biggest concern (39%), followed by expired certificates leading to service disruptions and outages (39%) and the inability to quickly find and revoke compromised identities (37%).

AI part of the solution

However, while AI is contributing to the issue of securing machine identities, it is also part of the solution. AI-powered co-pilots increase the efficiency of security teams by automating routine identity management tasks, reducing manual effort and accelerating security adoption across enterprises. In addition, AI and machine learning can detect anomalies in machine identity usage, identifying unauthorised or suspicious behaviours such as privilege escalation or lateral movement, in real time.  

CyberArk has integrated AI-powered threat detection into its security framework to monitor machine identities, prevent unauthorised access and mitigate risks before they escalate. The vendor is leveraging AI-driven automation to empower employees and developers while maintaining strict governance over machine identities and permissions.

In addition, CyberArk’s recent acquisition of Venafi strengthens its machine identity security capabilities, ensuring robust protection for automated processes, AI agents, and enterprise systems.

For more information, download a copy of Cyberark’s State of Machine Identity Security Report.