Non-human identities are multiplying faster than security teams can track them
Non-human identities outnumber humans 80:1 in many orgs, but most teams lack visibility into AI agents' permissions, ownership, or lifecycle management—creating major governance gaps.
Hacker News picked up on a security problem that's gotten out of hand: most organizations now have over 80 non-human identities for every human user. Service accounts, API tokens, AI agents—all operating on their own across company systems.
The AI agents are different from traditional machine identities. They don't just sit there waiting for commands. They query databases, call APIs, make decisions. No human approval needed. Here's what makes this messy: most organizations can't answer basic questions about these identities. Who owns them? What can they access? How do you shut one down when you need to? AI agents typically get deployed with broad permissions and static credentials, then run indefinitely. Nobody plans for when or how to decommission them.
Security teams know how to manage human users—onboarding, offboarding, behavioral monitoring. But autonomous systems don't log in like people do. They don't get offboarded when someone leaves. They don't follow predictable patterns. Legal and product teams need to figure out who owns what before this gets completely out of control. The time to sort this out is now, not later.
The Hacker News
