行业研究公司研究宏观策略财报招股书会议纪要 seedance2.0 低空经济 DeepSeek AIGC 大模型

2026身份安全报告：揭开AI竞赛中的隐秘风险

信息技术 2026-03-18 - Delinea 绿毛水怪

研报总结

引言

企业领导者对人工智能的采用充满决心，但传统安全模型未能及时适应自主AI操作模式，导致身份控制被放宽或忽视，引入了重大的身份相关风险。

AI安全信心悖论

87%的受访者认为其身份安全态势足以支持大规模的AI驱动自动化，但46%的受访者承认其AI系统的身份治理存在缺陷。82%的组织非常自信能够发现生产系统中的非人类身份（NHI），但不到三分之一的组织实际实时验证NHI和AI代理的库存使用情况。

身份可见性差距

90%的受访者承认其组织存在身份可见性差距，其中机器和NHI账户（包括AI代理使用）的可见性差距最大。42%的组织表示AI扩展是他们过去12个月NHI风险增加的主要因素之一。

身份弱点在AI中保持不可见的原因

速度优先于治理：为保持竞争优势，企业往往在部署AI时放宽身份控制，导致例外情况、政策执行不一致和未管理的访问权限。90%的组织对安全团队施加压力，要求放宽访问控制以支持AI驱动自动化。
影子AI的泛滥：53%的受访者表示他们经常遇到未经授权的AI工具和代理访问公司系统或数据。79%的受访者表示他们对检测未经授权的AI工具或代理有些信心，但只有28%能够实时检测。
AI驱动未受控制的NHI活动：80%的组织无法始终理解为什么NHI会采取特权操作。74%的组织表示安全团队经常接受NHI和AI代理的永久访问权限，68%认为这是满足正常运行时间预期的必要条件。

身份是AI最大风险的核心

随着治理差距的出现，攻击者越来越多地针对机器和AI身份。92%的组织相信AI将在未来几年放大身份相关威胁，其中凭证填充和密码攻击（33%）以及特权账户妥协（31%）是主要担忧。

降低身份安全摩擦，降低AI风险

可见性优先：不了解就无法保护，不知道访问系统什么的人无法阻止它。
机器速度安全应对机器速度威胁：需要超越人工控制，投资于能够自动发现和映射身份和权限的现代工具。
零永久特权是最终目标：从静态、长期存在的凭证转向即时和短暂的访问模型至关重要。
零信任原则比以往任何时候都更重要：实施最小权限访问控制和微分段，限制代理可以或不能做什么，可以或不能去哪里。
鼓励在隔离环境中进行实验：为早期阶段的实验提供受控空间，以管理内部环境的暴露风险。
从最小权限演变到最小权限自主性：代理应仅拥有执行其任务所需的自主性和权限，不多也不少。

Uncovering the HiddenRisks of the AI Race Contents 1.0Introduction 4.1Speed prioritized over governance4.2Rampant shadow AI 5.0Identity at the core of AI’s biggest risks 6.1Visibility comes first6.2Machine-speed security for machine-speed threats6.3Zero standing privilege is the endgame6.4Zero-trust principles are more important than ever Introduction The AI mandate from business leaders is clear:To remain competitive, you must accelerate AI adoption. Operationally, organizations can’t afford to let security friction hang upagentic AI deployments. Executive teams are under pressure to innovatequickly and keep pace with competitors. Even everyday non-tech workers Unfortunately, legacy security models built for humans aren’t evolvingfast enough to fully monitor new agentic AI operating models. In the rushto innovate, identity controls are often relaxed, inconsistently applied, left To understand how organizations are navigating these challenges, Delineacommissioned Censuswide to run a global survey of 2,001 IT decision-makers who are actively using or piloting AI in their environments across The study finds that in moving to agentic AI operating models,organizationsare introducing substantial identity-related risks—much of which remains The findings reveal that organizations express high confidencein their security readiness for AI while simultaneously admitting They acknowledge gaps in identity discovery, monitoring, and privilegecontrol. Under the strain of the opportunity risks of falling behind in theAI race, risk managers are under constant pressure to loosen identity Clearly, organizations can’t afford to slow down AI adoption. But the studyindicates that identity security must evolve alongside AI adoption. Leadersmust modernize the way they discover and protect access and identity The AI securityconfidence paradox2.0 The survey findings reveal a clear gap in agentic AIpreparedness. Throughout the research, respondents heldtwo conflicting beliefs: Most are highly confident that their This dynamic exposes what we call the “AI security governance is deficient around AI systems. Respondents were twice aslikely to give low marks to their ability to discover and govern identities 2x environments compared to identities accessing legacy systems.The pattern held across multiple lines of questioning. Confidence in discovery and protection of identities in AI environments was consistently For example, while 82% of organizations said they’re very confident in theirability to discover non-human identities (NHIs) with access to productionsystems. Fewer than 1 in 3 organizations actually validate NHI and AI agent This paradoxical thinking indicates organizations may be advancingagentic AI without fully modernizing the identity controls required tosupport it.They may not yet realize the level of risk incurred by agentic AI. Very confident in NHI discovery Validate NHI/AI usage in real time 3.0 The identity visibilitygap: What you don’t Our data shows that most organizations haven’t yet built the mechanisms tofully show them how identities are used, whether by humans or AI agents. An overwhelming amount of respondents admit to 90% The number one gap was machine and NHI accounts, including those usedby AI agents. Respondents reported that theidentity discovery gaps mostlikely to persist over time were in AI-related environments, at nearly Persistent discovery gaps despite existing controls The challenge is that awareness doesn’t always translate into correctiveaction. Many organizations have not yet experienced a security incidentlinked to AI-related identity weaknesses. Without a measurable failure or 42% Most respondents acknowledge they have worries about AI agent access.Approximately 42% of organizations admit that AI expansion is oneof the top factors that has increased their NHI risk in the past 12 months—farmore than increased automation and CI/CD velocity (26%) or growth in cloudnative workloads (26%). Fewer than 1 in 10 said that there’s no particular risk Until they close the visibility gap, these concerns remainvague worries while the threats accumulate unseen in theirenvironments. Without visibility into NHI and AI agent activity, Even more detrimentally, the lack of visibility into machine identities also The business is accepting AI risk to stay competitive, butbecause AI is such a new paradigm, they’re accepting itwithout actually understanding qualitatively or quantitatively Dr. Gerald Auger, Ph.D, head of Simply Cyber Identity type currently creates the largest visibility gap in The fact that NHIs only narrowly beat out workforce identitiesspeaks to another, deeper issue. Organizations haven’t yetperfected identity visibility governance for human users 4.0 Why identityweaknesses in Our survey analysis found three major areas that contribute to thesystemic lack of visibility into AI-related identity risks: Speed prioritized over governance:Innovators accelera

点击免费查看完整报告