Meta News

Eliminating 'Ghost Identities' to Protect Enterprise Data

Summary: A webinar will show how to find and eliminate 'Ghost Identities' that pose a significant risk, as compromised services and APIs caused 68% of cloud breaches in 2024.

The Danger of "Ghost Identities": How Non-Human Accounts Became the Biggest Cloud Risk

In the current cybersecurity landscape, a silent threat has emerged that surpasses phishing and weak passwords: non-human identities (NHI). According to recent data, in 2024, compromised service accounts and forgotten API keys were responsible for 68% of cloud security breaches.

What are Non-Human Identities?

They are automated credentials necessary for systems to communicate with each other without manual intervention. This includes:

  • Service accounts and API tokens.

  • AI agent connections (which have multiplied exponentially).

  • OAuth permissions and access keys to infrastructure.

The problem lies in the scale: for every employee in an organization, there are between 40 and 50 automated credentials. Many of these remain active with administrator privileges long after projects have ended, becoming "ghost identities".

The Attacker's Playbook

Hackers no longer need to "break" in; they simply use the keys that companies leave forgotten. The attack cycle usually follows this pattern:

  1. Discovery: The attacker finds an exposed API token or key in a misconfigured repository or system.

  2. Lateral Movement: Because many NHI have excessive privileges, a single compromised token allows the attacker to move across the entire corporate environment.

  3. Persistence: The average dwell time of these intrusions exceeds 200 days, as traditional identity management (IAM) tools are designed to monitor people, not machines.

How to Eliminate These Vulnerabilities

To combat this risk, experts recommend a proactive approach divided into three pillars:

  1. Total Discovery Scanning: Conduct a complete inventory of every non-human identity in the environment, without exceptions.

  2. "Right-sizing" Framework (Permission Adjustment): Apply the principle of least privilege, ensuring that service accounts and AI integrations have only the strictly necessary access.

  3. Automated Lifecycle Policies: Implement systems that automatically revoke inactive or "dead" credentials before an attacker can find them.

Conclusion

Cybersecurity in 2026 demands a change of mindset. Companies must stop focusing exclusively on human identity and start managing the vast ecosystem of machines and AI agents operating in their networks. The key is not just securing access, but clearing the trail of "keys" that should no longer exist.

Key facts

  • 68% of cloud breaches in 2024 were due to non-human credentials.
  • There are 40 to 50 automated credentials per employee in an organization.
  • The average dwell time of intrusions using these identities exceeds 200 days.
  • Attackers exploit unmanaged keys for lateral movement.

Why it matters

Allowing unmanaged non-human credentials significantly increases the attack surface. If these assets are exploited, they can provide access to sensitive data, even without the need for a sophisticated attack method. Ignoring this class of identity can lead to the massive loss of critical corporate data.

X profile@thehackersnewshttps://twitter.com/thehackersnews
Embedded content for: Eliminating 'Ghost Identities' to Protect Enterprise Data
Tags:
API Security Inteligencia Artificial Cloud Security Cuentas de Servicio

Structured details

  • Industry: cybersecurity
  • Source type: media
  • Claim status: confirmed
  • Verification: claimed_by_source
  • Entities: The Hacker News

Source: https://thehackernews.com/2026/04/webinar-find-and-eliminate-orphaned-non.html

Published on