Translation result.
[Digital Today AI Reporter] Security experts warn that the rapid spread of AI agents and APIs has triggered a surge in non-human accounts (NHIs), creating a new blind spot in corporate security.
On the 31st of last month (local time), IT outlet IT Home reported that non-human accounts outnumber human accounts by tens of times in corporate environments, yet many of these NHIs lack sufficient management or oversight. As cloud environments and AI-agent deployments expand, analysts say existing security controls are not keeping pace with the emerging threats.
NHIs encompass digital credentials—API keys, service accounts, OAuth tokens, automation accounts, and AI agents—that access systems without direct human control. The report says these identities have proliferated rapidly alongside automation and AI adoption, with excessive privileges and weak governance cited as primary risk factors.
The report points to actual incidents: attackers targeting U.S. government agencies used undeleted cloud signing keys as an access vector, and the Okta breach involved leaked service accounts that led to widespread customer impact. Researchers also uncovered vulnerabilities in open-source AI-agent platforms and developer tools, heightening concerns about credential theft and privilege escalation.
Experts say AI agents are moving beyond simple automation to autonomous decision-making and task execution, meaning traditional access controls are no longer sufficient. They call for new security frameworks that include API hardening, strict least-privilege enforcement, secrets management, continuous behavior monitoring, and rigorous software supply-chain audits.
Most Commented