New research conducted by Cybersecurity Insiders in partnership with Saviynt reveals that artificial intelligence (AI) identities are increasingly active in core enterprise systems, often lacking proper governance and oversight. This study highlights the urgent need for improved visibility and control over these non-human identities.
AI Access to Core Systems
The report indicates that 71% of Chief Information Security Officers (CISOs) and senior security leaders acknowledge AI tools accessing critical systems like Salesforce and SAP. However, only 16% of these leaders believe that this access is effectively governed. The findings underscore a pressing issue in managing AI within enterprise environments.
Additionally, 75% of organizations surveyed have identified unauthorized AI tools operating within their networks. This points to a growing challenge in maintaining control over technological environments increasingly influenced by AI.
Visibility Gaps in AI Identities
A significant 92% of respondents admit to lacking full visibility into AI identities operating within their systems. Furthermore, 95% express concerns over their capacity to detect or address potential misuse of these identities. This visibility gap poses a substantial risk to organizational security and accountability.
Holger Schulze, founder of Cybersecurity Insiders, emphasizes the critical nature of this issue, stating, “AI already integrates deeply with business-critical systems, often with minimal oversight, which security teams may not approve. Without identifying and managing these accounts properly, organizations lose control over their operational environments.”
Challenges in Policy Enforcement
Current enforcement of access policies for AI identities remains low, with 86% of surveyed entities not enforcing formal policies. Merely 5% of security leaders feel prepared to manage a compromised AI agent effectively. This lack of preparedness highlights the need for robust security frameworks tailored to AI.
The report suggests that as AI continues to integrate into SaaS and cloud workflows, CISOs should prioritize ongoing discovery, classification, and monitoring of machine identities. This approach is essential for maintaining the security standards necessary in today’s digital landscape.
For more detailed insights, the full report is available for download. Cybersecurity Insiders continues to provide valuable research and analysis, helping organizations navigate the complexities of enterprise cybersecurity.
