2026年人工智能时代的安全访问：构建面向人类与AI的统一访问策略研究报告

Secure access in the age of AI Building a unified access strategy for humans and AI AI is rapidly reshaping how work gets done.As organizations embed GenAI and AI agentsinto daily workflows, identity and networkaccess is becoming even more central tohow organizations both operate and protectthemselves. At the same time, these forcesthat enable innovation are also expandingenterprise risk. The number of identities, Disconnected systems and vendor fragmentationleave security teams more reactive than theywant to be, often responding to incidentsrather than preventing them. As AI adoption In response, security leaders are working toshift their approach to remove gaps and fosterbetter integration. They are implementingstrategies that enhance visibility, improve As in 2025, Microsoft partnered with HypothesisGroup, an insights, design, and strategy agency,on a two-stage research project to understandhow these trends are evolving—and what it With AI, everything moves at machinespeed, including the exploitation ofvulnerabilities. The best way to protect AI andsecure against AI is by using AI. To do this, Phase 1: Quantitative Survey In January 2026, a survey was conducted inthe United States among 305 professionals atenterprise organizations with decision-makingauthority over identity and/or network access To understand how security teams arenavigating this new reality, we conducted afollow-up study to our2025 research.Thisyear, we examined not only identity andnetwork access security overall, but how Phase 2: Qualitative InterviewsIn February 2026, Hypothesis Group conductedqualitative interviews with senior level US Our findings reveal organizations are stillgrappling with tool sprawl as well as thechallenge of implementing the right controls Key Findings 2 3 Fragmentedidentityand network accessenvironmentscontinue to limit Using the sameaccess tools forhumans and AI agents Toeliminatesecurity gaps andsimplify accessenvironments, 5 Identity access solutions Network access solutions Are consolidatingidentity and network access 97% of organizationsexperienced incidents, Are using the same solutionsto manage access for humanemployees and AI agents •Improved efficiencyand experience•Securing all identities at once 53% Accidental 67% 55%+ Those with 6+ solutions: of those with samesolutions have AI agentscurrently deployed 58% had malicious incidents(vs. 47% those with <6) Are using AI for accessmanagementto: 45% say limitedvisibility into GenAI willresult in more incidents(vs. 22% those with <6) •Improve organization’soverall security• Increase productivity•Improve visibilityinto access risks 34% of those with differentsolutionshave trouble integrating pointsolutions to secure agents Leaders anticipate moreaccess incidents due to AI 1 The Evolving Access Landscape Organizations still grapplewith vendor and solution sprawl Year over year, the number of identityand network access solutions deployed byorganizations remains largely unchanged.On average, organizations continue touse five identity access solutions and four As vendor and solution sprawl increase, sodoes management overhead. Each additionalsolution requires additional resourcing tointegrate and maintain, resulting in siloed Organizations saythey have too many Access managementsolutions are Access incidentsremain widespread,spanning humanerror, malicious Despite investment in access managementtools, security incidents continue toaffect nearly every organization. Securityleaders feel the consequences firsthand, As training and controls for safe AIusage lag behind employee adoption(sanctioned or otherwise), organizationsare reporting a near even split betweenintentional and accidental misuse. Currently, traditional identity-based attacksremain the most common entry point forcompromise.91%oforganizationsreportexperiencing traditional or non-AI identity However, as AI introduces new attack vectors,leadersarereportingthat70%oftheirincidents are AI-related, highlighting how Taken together, these trends show thatgiven the evolving threat landscape, thefundamentals of identity and network securityare more critical than ever as organizations “A high number of our databreaches are because ofidentity and access that wascompromised which gives CISO, Manufacturing AI sprawl isreshaping accessmanagement andraising the bar for Over half of all leaders expect identity- andnetwork-related incidents to increase asGenAI and AI agent adoption continues toaccelerate. New and evolving attack surfaces,overprovisioned agents (who often inheritpermissions from overprovisioned humans), As GenAI tools and AI agents increaseacross organizations, leaders agree it iscritical to make them available in a secureand scalable way. Yet rapid adoption is 6 in 10Leaders anticipate moreaccess incidents due to AI agentsand employee use of GenAI Leaders are workingto make GenAI toolsavailable in a secureand scalable way 61% in 2025 Leaders s