From ghouls and ghosts to vampires and zombies, Halloween’s scariest figures are usually not human. This year, the real monsters are in the machines. Non-Human Identities (NHIs) have become the latest terror lurking within cybersecurity, posing risks that organizations must confront head-on. Like a swarm of digital zombies, these NHIs are multiplying fast. Here are three alarming trends organizations must address in 2025 to prevent being haunted by these non-human threats.

 1. NHIs Pose the Most Devastating Security Threats  

Zombies may be fictional, but the undying nature of NHIs is a real threat. According to IBM, attacks on NHIs are now the second most frequent type of cyberattack—and the impact is devastating. Research reveals that organizations house an average of 92 NHIs for every human identity. Yet, 91% of access tokens belonging to former employees remain active, creating massive security vulnerabilities. Moreover, 97% of NHIs have excessive privileges that expand the risk exposure unnecessarily. Alarming findings show some tokens in use are more than 20 years old, introducing legacy risks that can’t be ignored. Even worse, 40% of valid secrets are sitting idle, untethered to any workload, becoming security time bombs waiting to be exploited.

Organizations need to adopt stricter identity and secrets management practices by:  

• Implementing regular audits and timely rotations for NHIs  
• Revoking access for former employees immediately  
• Reducing the duplication and overuse of secrets  
• Avoiding exposure of sensitive NHIs in unsecured environments  

Without these safeguards, NHIs will continue to haunt organizations, leaving them vulnerable to breaches.

 2. AI Brings New Risks: NHIs in the Crosshairs  

The rise of artificial intelligence (AI) means more NHIs are being created to automate processes and generate code, making cybersecurity even more complex. However, AI-based threats are rising just as fast. According to Pillar Security, attacks on large language models (LLMs) succeed in under a minute, with 90% of successful attempts resulting in leaked sensitive data. With organizations embracing AI at record speeds, these attacks on NHIs will become a prime concern. Research from over 2,000 AI applications shows that LLM jailbreaks bypass security guardrails in 1 out of every 5 attempts. Compromising just one LLM opens doors to thousands of non-human identities, threatening the entire network.

• As AI adoption grows, security teams must prioritize:  
• AI-specific security measures to safeguard NHIs  
• Monitoring for LLM vulnerabilities and exploits  
• Reducing reliance on excessive NHIs generated by AI tools  
• Building resilience into GenAI environments from the start  

The ever-expanding use of AI increases the attack surface dramatically. Organizations need to treat AI security as a priority to prevent NHIs from becoming uncontrollable threats.

 3. CISOs Need Smarter Strategies Amid Budget Constraints  

While the dangers posed by NHIs grow, many CISOs struggle to secure the budget needed to address these risks. A recent PwC survey found that fewer than 50% of CEOs involve their CISOs in strategic planning and board-level discussions. Additionally, only 15% of organizations measure the financial impact of cyber risks effectively, leaving security teams underfunded and unsupported. Faced with limited budgets, security teams will need to evolve. Automating identity management processes is a key strategy. For example, automating NHI audits, access reviews, and token rotations—tasks that previously took weeks—can now be done in hours.

Security teams must also:  

• Prioritize NHI management based on access levels and workload importance  
• Optimize resources by automating repetitive tasks  
• Shift focus toward cost-effective, scalable solutions  

Achieving cyber resilience despite budget limitations will require creativity and efficiency. CISOs who adapt and adopt automated tools will keep NHIs under control and protect their organizations without exhausting their resources.

Exorcising the Non-Human Threats  

Like any good Halloween tale, these non-human monsters can be defeated. By embracing strict identity management practices, prioritizing AI security, and streamlining processes through automation, organizations can conquer the rising NHI threat. With NHIs spreading at an alarming rate, the scariest cybersecurity monsters this year aren’t in haunted houses—they’re in the machines. Security teams that recognize this shift, act decisively, and adapt their strategies will not only survive but thrive in 2025 and beyond. 

Reference: Entro Labs