Only 1% of Organizations Have Fully Adopted Just-in-Time Privileged Access as AI-Driven Identities Rapidly Increase

CyberArk, the global leader in identity security, announced findings from new research revealing a significant gap between organizations’ confidence in their privileged access programs and the reality of their day-to-day practices as AI rapidly expands the identity-centric attack surface.

Despite 76% of organizations stating their privileged access management (PAM) strategies are ready for AI, cloud and hybrid environments, many continue to rely heavily on always-on access assumptions that were designed for far less dynamic operating environments.

Cyber Technology Insights: Radiant Logic Launches AI-Driven Remediation to Reduce the Attack Surface

Organizations Overestimate Their Readiness for AI and Cloud

The study, which surveyed 500 U.S. practitioners in PAM, identity and infrastructure roles, shows that while modernization efforts are underway, very few organizations have adopted adaptive, time-bound access models aligned with Zero Trust principles. Key findings include:

Only 1% have fully implemented a modern Just-in-Time (JIT) privileged access model.
91% report that at least half of their privileged access is always-on, providing unrestricted, persistent access to sensitive systems.
45% apply the same privileged access controls to AI agents as they do to human identities.
33% say they lack clear AI access policies.

Cyber Technology Insights: 2026 Cybersecurity Warning: AI Identities Will Be the Next Big Threat

Shadow Privilege and Tool Sprawl Accelerate Risk

The research highlights the widespread and growing issue of ‘shadow privilege’ — unmanaged, unknown or unnecessary privileged accounts and secrets that accumulate silently over time.

54% of organizations uncover unmanaged privileged accounts and secrets every week.
88% manage two or more identity security tools, creating fragmentation that introduces blind spots.
66% say traditional privileged access reviews delay projects.
63% admit employees bypass controls to move faster.

“Dynamic, evolving environments mean the nature of privileged access — and how to secure it — has fundamentally changed,” said Matt Cohen, CEO of CyberArk. “With only one percent of organizations having fully implemented a Just-in-Time access model, it’s clear that industry-wide modernization is overdue. As AI agents and non-human identities take on increasingly sensitive tasks, applying the right privilege controls to each identity — and governing every privileged action — is now essential.”

To reduce risk while supporting innovation at scale, organizations should focus on evolving how privileged access is applied without abandoning foundational controls:

Minimize standing privileges by implementing dynamic, risk-based access.
Adopt automated and orchestrated Just-in-Time access for high-risk or sensitive actions.
Apply appropriate privilege controls across human, machine and AI identities, based on context and risk.
Simplify and consolidate identity platforms to improve visibility and governance.

Cyber Technology Insights: Doppel Recognized on Fortune Cyber 60 for Advancing AI-Driven Social Engineering Defense

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com

Tags: AI, AI Agents, AI identities, CyberArk, Hybrid Environments, security tools

Only 1% of Organizations Have Fully Adopted Just-in-Time Privileged Access as AI-Driven Identities Rapidly Increase

Organizations Overestimate Their Readiness for AI and Cloud

Shadow Privilege and Tool Sprawl Accelerate Risk

CyberTech Media Room

Share With

Recent Posts

Weekly Cybertech Roundup: Highlights of the Week | 09 Jan 2025

Scale Computing’s AI-Ready Edge Solutions for In-Store Retail at NRF ’26

ISG to Assess Cybersecurity Services and Solutions Providers