Non-Human Identity | Breaking Cybersecurity News | The Hacker News

Identity sprawl, agentic AI risk, and the path to NHI governance maturity When security leaders talk about identity risk, the conversation almost always centers on humans: Privileged users, compromised accounts, insider threats. But for most enterprises, the greater risk has already shifted. And it has nothing to do with your employees. Non-human identities (NHIs) — service accounts, API keys, OAuth tokens, SSH keys, RPA bots, cloud workload credentials and AI agents — are the fastest-growing, least-governed attack surface in the modern enterprise. And the industry is beginning to reckon with what that means. $4.88M Global average cost of a data breach — IBM Cost of a Data Breach 2024 The scope of the problem The numbers are striking. Research from Rubrik Zero Labs puts the NHI-to-human identity ratio at 45:1 in the modern enterprise. For cloud-native and DevOps environments, Entro Labs H1 2025 research puts that figure at 144:1.  These identities are not passive: They au...

The conversation around Anthropic's Claude Mythos Preview has understandably centered on zero-days. If AI systems can identify and exploit vulnerabilities across every operating system and browser at scale, defenders have to assume that exploit timelines will keep compressing. But for CISOs, the harder question is how long exposed access credentials remain valid after defenders discover the exposure. Credentials determine how far an attacker can move, how long they can persist, and how difficult containment becomes. A vulnerability just gets them in the door. That gap between time-to-exploit and time-to-revoke is where many organizations are most exposed. GitGuardian's State of Secret Sprawl report shows 64% of valid secrets detected in 2022 were still active and exploitable four years later in an environment where exploitation now collapses to hours. Vulnerabilities get attackers in the door, but credentials decide how far they go. The Mythos-ready briefing , developed b...