The proliferation of non-human identities
97% of non-human identities (NHIs) have excessive privileges, increasing unauthorized access and broadening the attack surface, according to Entro Security’s 2025 State of Non-Human Identities and Secrets in Cybersecurity report.
92% of organizations expose NHIs to third parties, resulting in unauthorized access if third-party security practices are not aligned with organizational standards.
Surprisingly, 44% of tokens are exposed in the wild, being sent or stored over platforms like Teams, Jira tickets, Confluence pages, code commits, and more. This careless practice puts sensitive information at risk of interception and exposure, highlighting the urgent need for better security practices.
Key findings
The research reveals trends in handling both human and NHIs, with significant misconfigurations and risks prevalent across organizations:
- For each human identity, there are an average of 92 non-human identities. An overwhelming number of non-human identities increases the complexity of identity management and the potential for security vulnerabilities
- 91% of former employee tokens remain active, leaving organizations vulnerable to potential security breaches
- 50% of organizations are onboarding new vaults without proper security approval which can introduce vulnerabilities and misconfigurations from the outset
- 73% of vaults are misconfigured, also leading to unauthorized access and exposure of sensitive data and compromised systems
- 60% of NHIs are being overused, with the same NHI being utilized by more than one application, increasing the risk of a single point of failure and widespread compromise if exposed
- 62% of all secrets are duplicated and stored in multiple locations, causing unnecessary redundancy and increasing the risk of accidental exposure
- 71% of non-human identities are not rotated within the recommended time frames, increasing the risk of compromise over time
This report’s data has been collected from millions of secrets and NHIs in companies across industries, from startups to Fortune 100 companies.