Semperis, an identity-driven cyber resilience and crisis response company, published results of a multi-industry global study of 1,100 organizations with the aim of understanding AI’s effect on the attack surface of identity systems such as Active Directory, Entra ID and Okta. The study shows that AI is quietly redrawing the boundaries of global identity attack surfaces and organizations are giving AI agents the keys to critical systems faster than they are putting guardrails around those new identities.
The ‘State of Identity Security in the AI Era’ study found that 74% of organizations in the U.S., U.K., France, Germany, Spain, Italy, Singapore and Australia believe AI will increase attacks on identity infrastructure. In addition, 93% already use or plan to use AI agents for sensitive security tasks such as password resets and VPN access. Ninety-two percent say AI is installed on at least some local machines with access to SSH and encryption keys, yet globally only 32% are very confident they could regain control if AI exposes admin credentials. In the US, 53% of companies expressed confidence in regaining control, and in France, the number plummeted to 12%.
“The accelerated use of AI is introducing a bevy of new agents— each with its own non-human identity (NHI)— throughout global enterprises and many companies are just way too optimistic about their ability to recover their identity infrastructure following a breach, even as they expand this landscape of NHIs,” said Alex Weinert, Semperis Chief Product Officer.
Globally, only 65% of organizations say AI identities are fully registered, authenticated and authorized in a formal system, and 6% admit they do not track them at all. In organizations that do track AI identities, 57% use the same system as for human identities, while 43% authenticate and authorize them using a separate system.
“What is striking about the Semperis AI study is not just how quickly AI is being integrated into identity systems but how unprepared many organizations are to recover when things go wrong. Introducing AI at the identity layer offers operational advantages, but it must be accompanied by guardrails, observability and recovery readiness. It is a new dimension of an old question, really: Are you resilient enough to respond in the event of critical disruption,” said Grace Cassy, Partner, Ten Eleven Ventures.
A concerning revelation from the study is that AI is being placed close to sensitive identity infrastructure, and too few organizations are prepared for the potential consequences. More than a quarter of surveyed organizations (29%) already use AI agents to manage security‑related help desk tickets including password resets and VPN access. Another 65% intend to do so within the next year. In parallel, 92% of respondents say that some percent of their workforce has AI installed on local machines where it can access SSH and encryption keys.
“The pattern of global organizations overestimating how quickly they can recover from a cyberattack is real, especially when identity is within the blast radius. On paper, organizations have plans and backups; in practice, identity failures turn technical incidents into prolonged business crises, exposing a dangerous gap between perceived resilience and reality,” said Chris Inglis, the first U.S. National Cyber Director and Semperis Strategic Advisor.
On the plus side, 83% of respondents indicated that AI identity governance is a priority for them in the coming months.
Organizations should treat AI agents explicitly as non-human identities within the identity fabric and apply least-privilege, just-enough, and just-in-time access controls to them with the same rigor used for human users. Security teams should also separate trust boundaries between agents and humans where appropriate to reduce the risk of lateral movement and privilege abuse.
Researchers further recommended using UEBA-style analytics to identify anomalous or ‘zombie’ agent behavior that may indicate compromise or misuse. Organizations should also ensure they can rapidly restore identity systems to a trusted state following a breach or compromise.
