AI & fragmented identities heighten enterprise security risks

Enterprises are facing mounting challenges in managing identity-related security alerts, with new research finding that investigating a single critical incident now consumes an average of 11 hours.

The study conducted by Enterprise Strategy Group highlights how the growing complexity and fragmentation of digital identities across modern technology platforms are compounding risks for organisations, particularly as artificial intelligence (AI) becomes more embedded in business operations.

Complex digital environments

Organisational digital identities are now distributed across a broad array of cloud services, developer platforms, identity providers and infrastructure resources. These fragmented systems create blind spots for security teams, making it difficult to trace unauthorised or suspicious activities by both human and AI actors. According to the research, this fragmentation is inhibiting the productivity of both engineers and security professionals, as each new system introduces more potential vulnerabilities.

The rise of AI introduces another challenging dimension. The study notes that rapid advances in AI are outpacing enterprise security governance, expanding attack vectors and exposing cracks in traditional security defences.

When it only takes minutes for threat actors to move laterally across your infrastructure, 11 hours to investigate an identity-related incident simply isn't good enough. As we move deeper into the age of AI, we must remember that AI dramatically lowers the cost of identity attacks, and we must expect the frequency of them to increase. We must improve the trustworthiness of computing environments. We can only achieve this by eliminating anonymity and human error, and by unifying identity to simplify policy enforcement and enhance visibility of what each identity is doing.

These comments from Ev Kontsevoy, Chief Executive Officer of Teleport, underscore the challenges facing enterprises in maintaining secure digital environments while using diverse platforms and tools.

The human cost and risk of fragmented identities

The research finds that security teams rely on an average of 11 different tools to trace the root cause of identity-related security incidents. This dependence on multiple, often uncoordinated tools further slows investigations and heightens the difficulty of detecting malicious activity. Fragmented toolsets mean teams lack a singular source of truth when it comes to identifying what identities are doing across complex environments.

The prevalence of credential theft, a major vulnerability in identity security, is also rising. Enterprises report that credential theft is now responsible for one in five data breaches, with a 160% surge in compromised credentials observed in the current year. The study points to the relative ease with which criminals can obtain valid access credentials such as passwords and API keys, allowing them to impersonate legitimate users and potentially avoid detection for longer periods.

The impact of AI on identity risk

With nearly half of businesses (44%) now having deployed AI, concerns are mounting regarding the creation of new silos, particularly those involving AI agents with potentially over-privileged access to sensitive infrastructures. More than half (52%) of survey respondents identified data privacy issues as the leading security risk associated with AI integration. This heightened concern reflects the difficulty in monitoring and controlling how AI technologies interact with existing identity management systems.

Todd Thiemann, Principal Analyst at Enterprise Strategy Group, commented on the growing complexity facing cybersecurity teams:

Most cybersecurity solutions only see part of the picture. Few organizations understand the scale of the threat, let alone how quickly malicious actors can move laterally and disrupt systems. Each application expands a company's security and compliance surface area, often faster than they can govern it, and few are easily integrated with identity tools. This leaves blind spots, orphaned accounts, inconsistent access privileges, and gaps in auditability, which significantly raises the risk of breaches and regulatory penalties.

Calls for new approaches to identity security

Given the increasing risks arising from complex IT landscapes and identity silos, Kontsevoy suggests a shift away from traditional, secret-based identity management towards unified, cryptographically secured identities. He explains:

The blind spots created by complex IT aren't just a danger to security. They're bottlenecking the productivity of engineers and security professionals. They need a way to quickly answer vital questions. Who accessed database X and with what permissions? Is this behavior unusual for the identity in question? What's the full summary of what an identity did in a single session across platforms? To answer these questions, we need a different approach to cybersecurity, one that isn't based on secrets and siloed identities, but on combining unified, cryptographic identity with just-in-time access. That's how we minimize the attack surface.

The research surveyed 370 IT and cybersecurity decision makers at organisations across a range of industries, with the vast majority (96%) representing enterprises of 1,000 employees or more. The findings reflect widespread and cross-sectoral apprehension about identity security in the era of cloud computing and AI.

In response to the identified needs, Teleport has released Identity Security, described as the first solution to provide complete visibility into identity-related activities, enabling much faster identification of risky behaviours compared to the previous reliance on fragmented log analysis or custom-built correlation systems.