Skip to content
Tech News
← Back to articles

The Replicant in Your Directory: AI Agents and the Identity Security Gap

read original more articles

By Grady Summers, CEO, Netwrix

Security was built for people. AI agents are exposing the gap.

Forty-four years after Blade Runner imagined replicants walking among us, security teams are managing their own version of a non-human workforce.

These replicants already have accounts, permissions, and access to sensitive data. They are AI agents, service accounts, OAuth applications, workload identities, and the growing number of machine identities that already outnumber people in many enterprise environments.

That distinction matters because identity security was built around human behavior. People join companies, change roles, take vacations, and eventually leave. Those lifecycle events became the foundation of identity governance. Machine identities rarely follow that pattern.

According to the Non-Human Identity Management Group, machine identities now outnumber human users by as much as 50 to one in many environments. Some exist for minutes. Others remain active years after the application or automation that created them has been forgotten.

Most organizations still struggle to answer basic questions about who owns them, why they still exist, or what they can access.

Trust scales faster than governance

In 2025, a threat actor tracked as UNC6395 obtained an OAuth token associated with Salesloft's Drift chat integration and used it to move through Salesforce environments across hundreds of organizations.

The token wasn't dangerous because it exploited a software vulnerability. It was dangerous because it was already trusted.

... continue reading