Identity security planning is becoming more focused on scale, governance, and operational strain, according to the Identity Security Outlook 2026 report. The ManageEngine research draws on responses from 515 identity and security leaders in the United States and Canada and reflects budget holders and practitioners who manage day-to-day identity systems. The findings point to three forces shaping near-term strategy: growth in non-human identities, uneven use of AI in identity operations, and sustained momentum toward vendor consolidation.
Non-human identities dominate identity growth
The report shows that machine identities now outnumber human identities by wide margins across most organizations. Service accounts, API keys, bots, agents, and certificates continue to multiply as automation, cloud platforms, and DevOps pipelines expand. Nearly half of surveyed organizations report machine-to-human ratios above 100:1, and some sectors report ratios reaching 500:1.
This growth places pressure on identity teams that rely on manual processes. Only 12 percent of respondents report automated life cycle management for machine identities. Many organizations depend on ad hoc tracking or periodic reviews. Survey data links high machine identity ratios with increased operational risk when discovery, ownership, and expiration policies remain inconsistent.
Researchers also highlights a gap between executive perception and practitioner experience. Senior leaders often report high levels of visibility into machine identities. Practitioners report lower confidence in tracking coverage and governance depth. Aggregated dashboards and compliance metrics contribute to this gap by emphasizing coverage counts without context about privilege levels or account activity.
AI adoption remains uneven across identity programs
AI appears widely across identity roadmaps, with 91 percent of organizations piloting or using AI in identity and access management functions. Organization-wide deployment remains limited, with only 7 percent reporting broad operational use. Most deployments remain confined to specific functions such as anomaly detection or automated provisioning.
The report identifies a measurable optimism gap. About two-thirds of respondents express confidence in AI’s future value for identity security. Fewer than half report positive outcomes today. This difference reflects implementation challenges tied to data quality, explainability, and integration complexity. Identity teams require traceable reasoning when AI systems recommend access changes or flag anomalous behavior. Regulatory expectations reinforce this requirement.
Skill availability also influences AI outcomes. Identity security AI requires combined expertise in IAM operations and data science disciplines. Survey responses suggest many organizations pursue AI to extend limited staff capacity. Implementation still requires tuning, monitoring, and ongoing governance by skilled personnel.
Fragmented identity stacks drive consolidation plans
Tool fragmentation continues to shape operational workload. Nearly three quarters of organizations operate multiple identity platforms, and one in three report spending more time managing vendors than managing privileged users. The report describes a complexity threshold that emerges once a second or third identity system enters the environment. Integration effort, policy coordination, and training overhead increase at that point.
Vendor consolidation has moved from debate to planning and execution. Seventy-six percent of respondents report active consolidation or evaluation efforts. Support spans executive leadership and operational management, though motivations differ. Executives often focus on governance consistency and cost structure. Practitioners focus on reducing coordination overhead and workflow friction.
Execution challenges remain. Migration complexity, contract timing, and resource constraints slow progress. Organizations further along in consolidation efforts report phased timelines measured in years and rely on temporary staffing or external expertise to protect operational stability during transitions.
Budgets remain stable with shifting priorities
Identity security budgets show stability across regions. More than 90 percent of respondents expect budgets to grow or remain steady through 2026. Reported budget reductions often stem from platform rationalization and licensing consolidation. Survey data links these changes to reallocation patterns rather than reduced identity coverage.
Investment priorities emphasize integration, AI analytics, zero trust initiatives, and non-human identity governance. Consolidation ranks lower as a standalone line item since many organizations treat it as an architectural outcome rather than a discrete purchase. The report also notes alignment between reported challenges and spending plans, particularly around governance gaps and compliance pressure.
Talent scarcity shapes architectural decisions
Across sections, the report returns to workforce constraints. Shortages of experienced IAM professionals influence decisions around consolidation, automation, and AI adoption. Organizations report difficulty hiring specialists for fragmented stacks that require platform-specific expertise. Simplified architectures reduce training burden and enable teams to focus on monitoring and response activities.
“When non-human identities outnumber humans by orders of magnitude, the likes of which we see today, traditional governance approaches collapse. Organizations must fundamentally rethink how they manage and secure these identities before the scale becomes completely unmanageable,” said Ramanathan Kannabiran, director of product management at ManageEngine.
Download: Strengthening Identity Security whitepaper