Did you ever notice that right around the time you finally learned to build and remember a strong password, the people who sell identity security quietly stopped caring whether you had one?
For twenty years, “identity security” centered around you. Your login. The password you reused. The phishing email you clicked at 4:55 on a Friday. Every product, every awareness poster, every mandatory training video assumed the weakest account in the building belonged to a person — and the person was the customer.
Then came AI, and somebody did the math on the machines, and built a trade show around the answer.
Next week a few thousand identity professionals fly into Mandalay Bay for Identiverse, the industry’s biggest annual gathering, and spend a remarkable amount of it talking about non-human identities and the rise of AI bots.
The numbers behind NHI are fuzzy. We are told that the real human identities and our decades-long struggle for a passwordless digital world will have to make room for non-human hordes.
Vendors and consultancies estimate that the non-human accounts on a typical network, such as service accounts, API keys, OAuth grants, cloud roles, bots, and the new swarm of AI agents, outnumber the human ones by 80 to 1. KPMG landed on that figure in its 2026 report. The common framing at this year’s EIC put it at 25 to 50 times. When the people selling the solution can’t agree within a factor of three, that’s not a measurement, it’s a opportunity to nip the problem at the bud and cash in.
Follow the money and the pivot looks less like a discovery than a gold rush. Non-human identity has become one of the most fundable phrases in cybersecurity since “zero trust,” and the accelerant is agentic AI: every autonomous agent an enterprise switches on needs its own credentials, and enterprises are switching them on by the thousand. Oasis Security, barely two years out of stealth, raised $120 million in early 2026 to govern machine and AI-agent access, bringing its total to $190 million. CrowdStrike paid $627.9 million for a startup called SGNL to orchestrate it. MarketsandMarkets pegs the non-human identity space at $9.45 billion in 2024, on its way to $18.71 billion by 2029. As one Sequoia partner put it, identity is the new perimeter and non-human identity is the gaping hole in it. That’s venture-speak for: there’s a lot of money in that hole.
Meanwhile, your reused password feel like a rounding error in your own network.
Why does that matter? Because every one of those NHI accounts links to a database, a cloud console, a file full of customer records. The agents no one could count are the ones nobody is guarding. Unlike us, they never click a bad link. Nobody sends them a “reset your password” reminder either.
Attackers have noticed that the forgotten, over-permissioned machine account is now the easiest door in the building.
Verizon’s 2026 Data Breach Investigations Report found that stolen credentials, the perennial number-one way attackers got in the door, fell to 13% of initial-access cases, down from 22% the year before. For the first time, plain unpatched vulnerabilities (31%) beat the stolen password outright. The human login, the thing two decades of products were built to defend, is fading as the front door.
Don’t mistake that for progress. The credential didn’t get safer. The front door moved. Credentials still turn up in 39% of all breach chains. They’re just not the human’s password anymore. They’re the token the chatbot uses.
Last August, attackers tracked as UNC6395 didn’t use a traditional phish. They stole OAuth tokens — the standing credentials a sales chatbot named Drift used to talk to Salesforce — and over roughly ten days quietly exported data from more than 700 organizations. The victim list read like a security-conference speaker lineup: Cloudflare, Zscaler, Palo Alto Networks, Proofpoint, Tanium. Companies that sell identity protection for a living got robbed through the identity of a robot. The virtual bouncer guarding the front door didn’t fall for anything. The NHI had a valid token, broad permissions, and nobody watching it. The attackers then combed the records for more keys to do it again somewhere else.
Did you ever notice the machine never forgets its password, never reuses it, never clicks the bad link — and gets breached anyway, because nobody thought to check what it was allowed to touch?
Walk the Identiverse program and the priorities rotate before your eyes. Two years ago the marquee fight was killing the password — passkeys, World Passkey Day, the annual sermon that this would finally be the year passwords died. In 2026 that got demoted to one of four content pillars, while non-human and agentic identity — which had no track at all a couple of cycles ago — got its own standalone summit. The password’s funeral moved from the keynote stage to a breakout room.
Every vendor made the same turn in lockstep. Saviynt now sells “the identity security platform for the AI era.” AppViewX offers “agentic governance.” Token Security compressed it to a slogan: “AI security is identity security.” It is, in many cases, the product you bought in 2019 with a new noun on the brochure. SailPoint sent a speaker to Identiverse whose title is “Sr. Director, Global Agentic AI” — a job that didn’t exist two years ago.
Here’s the part that defies logic. When an AI agent acts, it inherits the access of whoever built it — including, as Saviynt’s own report points out, privileges that “often exceed those of their human creators.”
So maybe this isn’t machines versus people. It isn’t a Venn diagram with a sliver of overlap. The problem is the entire circle. The agent only has power because a human handed it over. When its token gets stolen, it’s your authority being spent and your data walking out the door — the machine is just the getaway car.
The DBIR found that only 23% of third-party vendors had fully fixed missing or misconfigured multi-factor authentication on their cloud accounts, and that it took a median of eight months to clean up even half of those identity-hygiene problems. Eight months. The machines reproduce by the thousand; the cleanup crew moves at the speed of a permit office.
I don’t begrudge anyone the pivot. The breach data is real, the sprawl is real, and somebody has to babysit ten billion API keys. But notice who’s left holding the short end.
When the Drift token was stolen, Salesloft revoked it, the vendors rotated their secrets, and the machines got clean credentials. The people in those records got nothing to rotate. You can re-key a service account in an afternoon. You can’t re-issue a human being. The machine recovers; you just get added to a list.
