Articles about machine identities

Machine identities have proliferated in recent years, but while they offer convenience they also introduce new vulnerabilities.

We spoke to Ev Kontsevoy, Teleport CEO, to learm more about the problem of securing machine IDs and what enterprises can do to address it.

Continue reading →

Adversaries are weaponizing GenAI to scale operations and accelerate cyberattacks -- as well as increasingly targeting the autonomous AI agents reshaping enterprise operations. This is among the findings of CrowdStrike’s 2025 Threat Hunting Report.

The report reveals how threat actors are targeting tools used to build AI agents -- gaining access, stealing credentials, and deploying malware -- a clear sign that autonomous systems and machine identities have become a key part of the enterprise attack surface.

Continue reading →

Are you ready to welcome our new machine overlords? Okay, that might be a bit drastic, but the latest report from Sysdig reveals that there are now 40,000x more machine identities than human identities.

This has led to a greatly expanded attack surface as machine IDs are 7.5 times more risky, a dangerous liability given that nearly 40 percent of breaches start with credential exploitation.

Continue reading →

Identity is at the root of most cyberattacks, but although we're seeing greater adoption of things like biometrics we still rely heavily on passwords.

There's added complication in the form of soaring numbers of machine identities too. Here's what some industry leaders think the identity landscape has in store for 2025.

Continue reading →

New research shows 88 percent of security leaders believe machine identities, specifically access tokens and their connected service accounts, are the next big target for attackers.

The survey from Venafi of 800 security and IT decision-makers from large organizations across the US, UK, France and Germany, finds 56 percent have experienced a security incident related to machine identities using service accounts in the last year.

Continue reading →

As AI continues to evolve, it will enable machines to communicate in new, dynamic, autonomous ways without human intervention.

This machine-to-machine growth has a huge potential to impact industries from smart factories to energy. We spoke to John Kim, CEO of API communication specialist Sendbird, to discuss these changes and how they will affect business.

Continue reading →

Most cybersecurity incidents start with some sort of identity compromise, whether that identity is human or machine.

In order to help organizations gain visibility into their identity security posture Anetac is setting up a community to serve as a collaborative space where cybersecurity leaders, practitioners, and researchers can learn and engage with experts on identity vulnerabilities related to human and non-human identities.

Continue reading →

The days when businesses operated within a defined perimeter that could be neatly protected by a firewall are long gone. Today’s enterprises are dynamic. In the era of cloud native, infrastructure is completely distributed -- from the traditional datacenter to multicloud instances, from physical servers and VMs to microservice-based applications and containerized workloads.

This change in how businesses operate necessitates a shift in how we defend. The old adage of "Trust but verify" has been replaced by, "authenticate everything all the time," otherwise known as "zero trust". Zero trust dictates that security teams must focus on each of the connection points on the network -- from the datacenter to the cloud to the endpoint, every connection must be verified and authenticated.

Continue reading →

Although the death of the password has been predicted for many years, older technology still clings on when it comes to verifying identities.

But that's changing, particularly with the massive growth in the numbers of machine IDs. Here is what some industry experts think we'll see from the identity world in 2023.

Continue reading →

Spotify users recently experienced an event that is becoming all-too familiar to digital consumers. They were left unable to listen to their favorite podcasts for hours after an TLS certificate at the streaming giant expired. Although certificates, or "machine identities," like these are intended to provide a backbone of trust across the online world, they are also increasingly challenging for organizations to manage. Digital transformation is driving an unprecedented expansion of machine identity volumes across the globe. That’s bad news for the security teams tasked with managing them. When even one expires, it can lead to chaos.

Spotify is certainly not the first big-name brand impacted in this way. And it definitely won’t be the last. The message is clear: brands need a more efficient, automated way to manage these identities if they want to optimize cybersecurity and service uptime.

Continue reading →