#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

Non-Human Identities | Breaking Cybersecurity News | The Hacker News

Category — Non-Human Identities
Securing Agentic AI: How to Protect the Invisible Identity Access

Securing Agentic AI: How to Protect the Invisible Identity Access

Jul 15, 2025 Automation / Risk Management
AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...
Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories 

Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories 

Jun 30, 2025 Secrets Management / Cloud Security
Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromised secrets . According to reports such as the Verizon DBIR , attackers are more commonly using stolen credentials to gain their initial foothold, rather than exploiting a vulnerability or misconfiguration. Attackers are not just after human identities that they can assume, though. More commonly, they are after Non-Human Identities (NHIs), which outnumber human identities in the enterprise by at least 50 to one . Unlike humans, machines have no good way to achieve multi-factor authentication, and we, for the most part, have been relying on credentials alone, in the form of API keys, bearer tokens, and JWTs.  Traditionally, identity and access management (IAM) has been built on the idea of...
Popular Resources
Articles
Learn How AI, SaaS, and File-Sharing Tools are Leaking Sensitive Data
Articles
Total SaaS Visibility. Total Identity Control. One Powerful Platform—Reco
Articles
This Workflow Turns CrowdStrike Alerts into GitHub Issues—Then Escalates Automatically
Articles
2025's Ultimate Guide to SaaS Identity Protection—Download Free eBook
Expert Insights Articles Videos
Cybersecurity Resources