Dangerous: AI, Cloud Creating New Cyberattack Surface, But Indian Firms Prioritising Speed Over Security

Organisations are inadvertently creating a new identity-centric attack surface through growing use of artificial intelligence and cloud. Machine identities are mostly unknown and uncontrolled within organisations, while the primary roadblocks to agentic AI adoption involve security concerns around external manipulation and sensitive access. 

This signals the emergence of a new and potent identity security challenge, according to a new report by identity security provider CyberArk.

Machine identities, driven by cloud and AI, now vastly outnumber human identities within organisations and nearly half have sensitive or privileged access. However, many enterprises leave both human and machine access to critical systems under-secured. Study findings indicate:

• There are 82 machine identities for every human in organisations worldwide.

• In 88% of organisations, the definition of a ‘privileged user’ applies solely to human identities—but 42% of machine identities have privileged or sensitive access.

• More than half (58%) do not have identity security controls in place to secure cloud infrastructure and workloads.

• Over three-fourth (76%) of organisations experienced at least two successful identity-centric breaches in the past 12 months, ranging from phishing and vishing attacks including deepfakes, compromised privileged access to identity and third-party identity theft.

Sanctioned and unsanctioned adoption of AI and large language models is amplifying cybersecurity risks for enterprises. The study shows that:

• AI will drive the creation of the greatest number of new identities with privileged and sensitive access in 2025.

• The majority (68%) of organisations lack identity security controls for AI.

• Over a third (37%) cannot secure shadow AI usage in their organisation.

• AI agent adoption roadblocks include manipulation and sensitive access concerns.

According to the study, most organisations face increased privilege-related compliance pressure:

• Sixty eight percent of Indian respondents say identity silos are a root cause of organisational cybersecurity risk.

• Over three-fourth (77%) of Indian security professionals agree their organisations prioritise business efficiencies over cybersecurity.

• Human and machine identities—many of them with privileged access—are expected to double in 2025.

• A vast majority (85%) of Indian organisations are under increased pressure from insurers mandating enhanced privilege controls.

“The rapid adoption of AI in India’s dynamic business environment has introduced complex challenges when it comes to managing machine identities and their privileged access,” said Rohan Vaidya, area vice president, SAARC and India, CyberArk. “As AI-driven processes gain momentum, security leaders in India must rethink their identity security strategies to address the growing risk of unmanaged identities, both human and machine.”