The rate of data breaches at companies that widely use Artificial Intelligence tools is significantly higher than the rate at companies that don’t, 43% compared with 11% over the past 12 months, Netwrix said. Artificial Intelligence tools such as agents significantly increase organizations’ “identity footprint,” creating more gaps that hackers can exploit. At the same time, Netwrix found that the companies using Artificial Intelligence the most widely are also the ones taking identity management the most seriously.
Netwrix’s findings highlight the security risks of the sprawling web of user accounts and other identities that companies must create to use agents, copilots and other Artificial Intelligence tools. “Artificial Intelligence agents are now acting on behalf of humans against sensitive data,” Netwrix researchers wrote. “Non-human identities need the same operational rigor long applied to privileged human access.” Roughly three-quarters lack “a single, unified view of sensitive data and which identities have access to it,” researchers said. More than half of organizations lack an up-to-date database of sensitive data, 71% can’t quickly determine which identities can access which data and 70% don’t have a security strategy linking data protection with identity governance.
Identity management is far from a new challenge for enterprises, but Artificial Intelligence has magnified it, and companies are not always keeping pace. Three-quarters of organizations aren’t fully overseeing what Artificial Intelligence identities are doing in their systems, even as 41% say they’re letting Artificial Intelligence agents access sensitive data and perform vital tasks. Three-quarters of incidents in which hackers access sensitive data involve compromises of identities or misconfigured account permissions. Seventy-six percent of organizations can’t immediately revoke inactive accounts’ data access, and 72% say their accounts have excessive permissions or they’re unsure which permissions their accounts have. Roughly two-thirds of organizations said they believe at least some of their accounts have unnecessary access to vital data. Only one-quarter of companies said they were fully confident in their ability to detect potentially dangerous account access permissions. The report is based on a worldwide survey of 2,317 security professionals at 1,889 organizations in 60 industries.
