(TLP:CLEAR) Non-Human Identities (NHIs) Are Growing Faster Than Most Security Programs

Summary: The ONE-ISAC recently shared a blog piece on the RSA Conference’s blog, noting that non-human identities (NHIs) are growing faster than most organizations can properly inventory and govern. The post indicates that modern cloud services, AI-driven platforms, CI/CD pipelines, APIs, and SaaS integrations are significantly expanding the machine identity attack surface. According to Entro’s NHI & Secrets Risk Report, NHIs increased by 44% in 2025 compared to 2024. The analysis also highlights risks associated with hardcoded secrets, SaaS credential sprawl, CI/CD compromise, AI-enabled automation, and inadequate governance surrounding machine identities.

Analyst Note: This topic is growing more relevant to the water sector as utilities increasingly rely on non-human identities to support operations. These identities often possess persistent privileged access but may not receive the same oversight or lifecycle management as traditional user accounts. As utilities continue adopting SaaS platforms, AI-enabled tools, and interconnected operational environments, unmanaged machine identities may create additional attack surface and increase the risk of credential compromise, unauthorized access, and supply chain exposure.

Original Source: https://www.rsaconference.com/library/blog/non-human-identities-nhis-are-growing-faster-than-most-security-programs

Related WaterISAC PIRs: 6, 8, 11