Entro Security Labs Unveils Non-Human Identity Research

Entro Security, pioneer of the award-winning Non-Human Identity (NHI) and Secrets Management platform, released its research report, “2025 State of Non-Human Identities and Secrets in Cybersecurity.” The Entro Security Lab found that 97% of NHIs have excessive privileges increasing unauthorized access and broadening the attack surface, and 92% of organizations are exposing NHIs to third parties, also resulting in unauthorized access if third-party security practices are not aligned with organizational standards. Surprisingly, 44% of tokens are exposed in the wild, being sent or stored over platforms like Teams, Jira tickets, Confluence pages, code commits and more. Such practices put sensitive information at serious risk of being intercepted and exposed–the root of all secrets and non-human identity breaches.

Cyber Technology News : WTW Unveils Industry-First Document Protection Platform

Entro Security Labs’ research reveals alarming trends in the handling of both human and NHIs, with significant misconfigurations and risks prevalent across organizations. Key findings include:

For each human identity, there are an average of 92 non-human identities. An overwhelming number of non-human identities increases the complexity of identity management and the potential for security vulnerabilities
91% of former employee tokens remain active, leaving organizations vulnerable to potential security breaches
50% of organizations are onboarding new vaults without proper security approval which can introduce vulnerabilities and misconfigurations from the outset
73% of vaults are misconfigured, also leading to unauthorized access and exposure of sensitive data and compromised systems
60% of NHIs are being overused, with the same NHI being utilized by more than one application, increasing the risk of a single point of failure and widespread compromise if exposed
62% of all secrets are duplicated and stored in multiple locations, causing unnecessary redundancy and increasing the risk of accidental exposure
71% of non-human identities are not rotated within the recommended time frames, increasing the risk of compromise over time

Additional findings are discussed in the report and reveal a critical need for organizations to reassess their NHIs and secrets management practices.

Cyber Technology News : Eviden boosts Sweden’s Berzelius AI supercomputer performance again

Data from this report has been collected using a mixed-methods approach, integrating quantitative data analysis with qualitative insights derived from industry observations. The quantitative component focuses on statistical analysis of security incidents and vulnerabilities, while the qualitative aspect provides context and interpretation of these findings within the broader cybersecurity landscape. The data sources include proprietary data from Entro’s cybersecurity infrastructure, secondary data from publicly available industry reports and survey data from IT and security professionals.

To share your insights, please write to us at news@intentamplify.com

Tags: AI in cybersecurity, CISOs, cloud security, Cybersecurity, Cybersecurity technology, Cybertech news, IT news

devanand.m

CyberTech Media Room is a community of seasoned Cybersecurity Technology Specialists with over 50+ years of experience in safeguarding digital infrastructures across diverse industries. With a deep understanding of emerging cyber threats and the latest in security technologies, the team specializes in developing and implementing cutting-edge solutions to protect critical data, networks, and applications. Passionate about AI-driven cybersecurity, cloud security, and risk management, CyberTech Media Room works with both startups and global enterprises to navigate the evolving cybersecurity landscape. In addition to technical expertise, the team is an advocate for open-source security tools, data privacy, and security education. When not working with clients to bolster their security posture, [Author Name] enjoys speaking at industry events, writing thought leadership articles, and mentoring the next generation of cybersecurity professionals.