The 2026 Identity Security Report finds widespread identity governance gaps, rising non-human identity risk, and pressure to relax controls as organizations scale AI.
Key Takeaways
- 87% of respondents said their identity security posture is ready to support AI-driven automation at scale. However, 46% report that their identity governance is lacking when it comes to AI systems
- 90% report identity visibility gaps across all environments, with AI systems being the leading cause (51%)
- 53% regularly encounter unauthorized or “shadow AI” tools accessing company systems
- 90% say security teams face pressure to loosen access controls to support AI
- 92% believe AI will increase identity-related threats in the future
Delinea’s 2026 Identity Security Report finds that companies are accelerating AI adoption while lacking the guardrails needed to manage identity security risks. And the gap is widening.
High Confidence In AI Security Masks Weak Identity Governance
The main theme throughout the report is the gap between perceived readiness and the actual capability to identify non-human identities (NHIs). While 87% of respondents said their identity security posture can support AI-driven automation at scale, 46% said their identity governance around AI systems is deficient.
The report states that organizations “express high confidence in their security readiness for AI while simultaneously admitting they lack the fundamentals to back up that confidence.”
This gap is evident in how organizations manage non-human identities (NHIs), including AI agents, bots, and service accounts. While 82% of respondents said they are confident in their ability to identify NHIs accessing production systems, only 30% actually validate those identities or their activity in real time.
Identity Visibility Gaps Limit Oversight
90% of organizations reported some level of identity visibility gap, meaning they do not have a complete or continuous view of which users, systems, or AI agents have access to their environments, what permissions they hold, or how they use that access. These gaps span cloud infrastructure, software-as-a-service (SaaS) integrations, and AI-related systems, where identities, particularly NHIs, can be created, granted access, or operate without full tracking, validation, or monitoring.
Further, AI expansion is directly contributing to increased identity-related risk. 42% of respondents said AI growth was a top driver of increased NHI risk over the past 12 months, ahead of automation and cloud-native workload growth.
Respondents also cited concerns about excessive autonomy or privilege (38%), limited auditability (35%), and rapid identity proliferation (32%) tied to AI systems.
Shadow AI Widens The Gap
More than half of organizations (53%) reported regularly encountering unauthorized AI tools or agents accessing company systems. And as the report says, “that’s just the ones they’re detecting,” as detection remains limited, with only 28% of respondents able to identify such activity in real time.
Pressure To Accelerate AI Drives Relaxation Of Security Controls
Pressure to scale AI is influencing security decisions. 90% of organizations said security teams are under pressure to loosen access controls to support AI-driven automation, with 20% reporting strong pressure.
Standing Access And Legacy Credentials Increase Identity Risk Exposure
73% of respondents said standing access for NHIs and AI agents increases risk, and yet 74% said it is necessary to meet operational requirements.
Organizations are more than twice as likely to rely on long-lived credentials (35%) than on just-in-time access models (17%), with only 8% using ephemeral access controls.
AI Is Expected To Amplify Identity-Based Cyber Threats
92% of respondents said AI will amplify identity-related threats in the coming years, with credential-based attacks and privileged account compromise identified as leading concerns.
The report surveyed 2,001 information technology (IT) decision-makers across the United States, the United Kingdom, Germany, France, Australia, Singapore, and India.
