As artificial intelligence and quantum computing technologies advance at breakneck speeds, organisations are facing an unexpected cybersecurity challenge: a surge in machine identities that outpaces current security capabilities. Recent research by identity management provider CyberArk reveals that the rapid adoption of AI-driven systems and cloud-native innovations is leading to an explosion of machine identities—certificates, keys, secrets, and access tokens—that, if left unprotected, could open the door to cyberattacks and data breaches.
The Rise of Machine Identities
Machine identities are digital credentials that authenticate devices, applications, and automated processes. Traditionally, security efforts have focused on human identities; however, as companies increasingly adopt AI tools and digital automation, the number of machine identities within an organisation has grown dramatically. According to CyberArk’s research, machine identities now outnumber human identities by about 45:1—far exceeding the roughly 5:1 ratio that many security leaders initially believed. This rapid proliferation is driven by several factors:
READ MORE: Life in the old dog yet: how biotech firms are looking to extend the lives of our pets
- Rising AI Adoption: Generative AI models and other intelligent systems continuously connect disparate datasets, with each interaction secured by a machine identity.
- Cloud-Native Innovations: The move to cloud-based platforms and services often involves the creation of short-lived, dynamically generated identities.
- Shorter Lifespans: Unlike human credentials that remain relatively static, machine identities are frequently created and retired, making them difficult to track and secure.
The Growing Threat Landscape
As AI systems become increasingly integral to operations, they also emerge as prime targets for cyberattacks. CyberArk’s research shows that 77% of security leaders in Australia believe machine identity security is crucial for safeguarding the future of AI. This is not surprising given the complexity of securing digital interactions in an era where cybercriminals continuously evolve their tactics.
Machine identities are particularly vulnerable because of inherent weaknesses, such as unprotected API keys and the malicious signing of code certificates. These vulnerabilities, when exploited, can lead to severe business impacts. The CyberArk report highlights several alarming statistics:
- Outages: Over 69% of respondents experienced at least one certificate-related outage in the past year, with 63% reporting outages on a monthly basis and 33% on a weekly basis.
- Security Incidents: Approximately 41% of security leaders reported breaches or security incidents linked to compromised machine identities, with 45% of these incidents attributed to SSL/TLS certificate issues—12% above the global average.
- Business Impact: These compromises have led to delays in application launches (48%), unauthorised access to sensitive data or networks (40%), and outages impacting customer experience (29%).
These figures underscore a critical point: despite the growing importance of machine identity security, many organisations still underestimate the risks and complexities involved in protecting these digital assets.
The Quantum Computing Challenge
Adding to the urgency is the emerging threat of quantum computing. Quantum computers, with their ability to solve complex problems exponentially faster than classical computers, pose a significant risk to current encryption standards. Larger organisations, in particular, will soon need to address the challenge of replacing hundreds of thousands of machine identities with quantum-resistant alternatives.
Kurt Sand, General Manager of Machine Identity Security at CyberArk, warns, “The journey to becoming quantum-proof must start now. In the coming year, companies will start replacing untrusted certificate authorities as part of their transition to quantum-resilient systems.” This transition is essential to safeguard sensitive data and ensure that critical systems remain secure in the face of evolving computational capabilities.
The Disconnect Between Perception and Reality
One of the most striking revelations from CyberArk’s study is the significant disconnect between the perceived and actual number of machine identities. While many survey respondents estimated a human-to-machine identity ratio of about 5:1, the reality is much more extreme at roughly 45:1. This gap highlights how quickly organisations are accumulating machine identities without correspondingly robust security measures.
Furthermore, more than 81% of Australian security leaders expect the number of machine identities to increase, with nearly 73% predicting growth of up to 50%, and 6% expecting growth to exceed 50%. This explosive growth rate demands a proactive approach to machine identity security before the gap widens further, leaving organisations even more vulnerable to cyberattacks.
Challenges in Securing Machine Identities
Despite the high level of concern among security professionals, only 89% of respondents reported having some form of machine identity security program in place. Yet, these programs are far from mature. The most common challenges identified include:
- Lack of a Cohesive Strategy (39%): Many organisations do not have a unified, comprehensive plan for managing machine identities.
- Expired Certificates (39%): Outdated or expired certificates can lead to service disruptions and outages, compromising business operations.
- Inability to Quickly Revoke Compromised Identities (37%): Swift detection and revocation of compromised machine identities remain major hurdles, leaving systems exposed to potential breaches.
The complexity of managing machine identities—compounded by their sheer volume and short lifespans—makes them much more difficult to secure than human identities.
AI: Both a Challenge and a Part of the Solution
Interestingly, while AI is partly responsible for the surge in machine identities, it is also a critical component in addressing the security gap. AI-powered co-pilots and machine learning algorithms are increasingly being used to automate routine identity management tasks, thereby reducing manual effort and accelerating the deployment of security measures across enterprises.
These advanced tools can monitor machine identities in real time, detecting anomalies such as unauthorised access, privilege escalation, or lateral movement within networks. By flagging suspicious behavior early, AI systems help security teams intervene before a minor breach can escalate into a major incident.
CyberArk, for instance, has integrated AI-powered threat detection into its security framework. This system continuously scans machine identities and the associated network activities to prevent unauthorised access and mitigate risks proactively. Furthermore, CyberArk’s recent acquisition of Venafi—a company renowned for its expertise in machine identity security—has significantly bolstered its ability to provide robust protection for automated processes, AI agents, and enterprise systems.
Toward a Quantum-Resilient Future
The looming threat of quantum computing adds another layer of urgency to the machine identity security challenge. As quantum technologies evolve, they will eventually render current encryption methods obsolete. Organisations must begin the transition to quantum-resistant systems now, replacing vulnerable certificates and digital keys with ones that can withstand quantum-level attacks. This transition is not a simple update but a fundamental overhaul of the cryptographic foundations that secure digital communications.
Kurt Sand emphasizes that the replacement of untrusted certificate authorities (CAs) is a critical first step in this journey. “In the coming year, companies will start replacing these untrusted CAs as part of their transition to quantum-resilient systems,” he notes. Without such measures, the gap between the proliferation of machine identities and the security measures in place will only continue to widen, leaving organisations exposed to increasingly sophisticated cyber threats.
The Road Ahead for Organisations
For organisations to navigate this rapidly evolving landscape, a multi-pronged approach is essential:
- Adopt Advanced AI Solutions: Integrating AI-powered automation can help security teams manage the growing number of machine identities more efficiently. These systems should focus on real-time monitoring, anomaly detection, and the swift revocation of compromised identities.
- Modernise Security Programs: Companies must invest in modernising their machine identity security programs. This involves not only updating legacy systems but also developing a cohesive strategy that addresses the entire lifecycle of machine identities—from creation to retirement.
- Transition to Quantum-Resilient Systems: The shift to quantum-resistant cryptography is critical. Organisations should begin replacing current certificate authorities and implementing new encryption standards to protect against future quantum attacks.
- Enhance Transparency and Monitoring: Providing clear, accessible disclosures about machine identity management practices can help bridge the gap between perception and reality. Regular audits and continuous monitoring are necessary to ensure that security measures remain effective amid rapid technological changes.
Conclusion: A Call for Urgent Action
The rapid adoption of AI and advances in quantum computing have created an unprecedented surge in machine identities, exposing a critical security gap within organisations worldwide. CyberArk’s research underscores that while machine identities offer immense potential for enabling advanced technologies, their rapid proliferation and inherent vulnerabilities pose significant risks to sensitive data and systems.
With machine identities now outnumbering human identities by an alarming 45:1 ratio—and with security leaders predicting further exponential growth—the need for robust, modernised security strategies has never been greater. The integration of AI into identity management is already showing promise, yet it is clear that additional measures, including the transition to quantum-resilient systems, are essential to safeguard the future of digital security.
As the technology landscape continues to evolve, organisations must act swiftly and decisively to address these challenges. Failing to do so could leave them vulnerable to increasingly sophisticated cyberattacks, with potentially catastrophic consequences for both business operations and customer trust.
The journey toward securing machine identities is complex and fraught with challenges, but it is also an opportunity for innovation and progress. By harnessing the power of AI and preparing for the quantum era, companies can build a resilient security infrastructure that not only protects sensitive data but also drives competitive advantage in an increasingly digital world.
