New research from Keeper Security reveals that 89% of IT leaders struggle to manage the growing identity footprint amid AI expansion. The Identity Security at Machine Speed Report features insight from 200 cybersecurity decision-makers and senior IT leaders across Europe, the United States, Asia-Pacific and the Middle East. The study examines the challenges cybersecurity decision-makers face as identity ecosystems expand to include humans and a growing number of Non-Human Identities (NHIs), and finds that legacy tools and unchecked Artificial Intelligence (AI) adoption are widening security gaps that attackers exploit.
The majority (89%) senior UK IT leaders report that managing the growing identity footprint is challenging, which falls in line with the global figure, and reflects the scale and complexity of modern security environments. This consensus masks a specific UK pressure point: more than half (52%) of UK respondents cite AI-driven attacks as a key driver of increased security pressure, the highest figure among European markets surveyed.
Identity authority is often distributed across systems, with no single cybersecurity control plane. Globally, 96% cited disconnected or poorly integrated security tools as creating exploitable gaps. In the UK, 67% of respondents identify this to a moderate or great extent, above the global figure of 63%, which points to integration complexity as a persistent challenge for UK security teams.
UK organisations lead European peers on real-time detection, with 33% identifying credential misuse within minutes – above the global average of 28%. A further 51% detect within hours. However, 14% still take days or longer to identify unauthorised privileged access, representing a meaningful residual risk.
As AI adoption accelerates, new governance gaps emerge. 43% of respondents globally identify AI-related NHI management and security as a top identity governance gap, a figure matched closely by UK respondents at 40%. As AI agents and machine accounts proliferate within UK enterprise environments, the absence of unified governance over non-human identities is creating an expanding attack surface.
Over half (56%) of respondents are concerned about employees inadvertently exposing sensitive information to AI systems, with 55% of UK respondents identifying this as a leading AI security gap. UK organisations also register the highest concern among European markets about AI-driven social engineering and impersonation at 40%, well above the global average of 35%, reflecting heightened awareness of AI-assisted deception as a threat vector.
A lack of visibility into the AI tools employees use was identified as a significant governance gap by 42% of organizations. This sits alongside a broader picture of third-party risk: 34% of UK respondents identify incidents involving third-party vendors or suppliers as a source of increased security pressure, above both the global average of 28% and the figures recorded in Germany and France, highlighting the supply chain dimension of identity risk for UK enterprises.
UK respondents present a picture of above-average threat awareness combined with growing but uneven defensive capability. Over a quarter (27%) report attacks occurring at least weekly. Investment intent is ahead of many markets: 50% of UK respondents are prioritising AI security tools over the next 12 months and 38% plan investment in passwordless or passkey authentication, the highest figure among European markets in the study.
Darren Guccione, CEO and Co-founder of Keeper Security, said: “AI agents, service accounts and machine identities radically outnumber human users in many environments. Most organisations lack the capabilities in their current identity security stack to govern them. Every unmanaged identity is a prime target for attackers. Given the accelerated proliferation of AI and machine identities within enterprise infrastructure, the implementation of pervasive identity governance with real-time detection and least-privilege enforcement is essential.”
