Enhanced assessment delivers deeper visibility into human, non-human, and AI identity risks while helping organizations align remediation efforts with security frameworks
BeyondTrust has announced a significant expansion of its Identity Security Risk Assessment (ISRA), introducing a new five-pillar framework designed to help organizations identify, prioritize, and remediate identity-related security risks across human, non-human, and AI identities.
The enhanced assessment, a feature of BeyondTrust Identity Security Insights, comes as enterprises face growing challenges in managing increasingly complex identity environments spanning cloud, SaaS, hybrid infrastructure, and AI-driven automation. The company said the updated framework provides organizations with a comprehensive view of their identity attack surface, enabling security teams to uncover hidden risks and strengthen security posture more effectively.
“Understanding who has access is no longer enough. Organizations need visibility into what has access, how those privileges connect, and where threat actors can exploit those relationships to move laterally through an environment.”
— Morey Haber, Chief Security Advisor, BeyondTrust
Built around five analytical pillars, the enhanced ISRA evaluates identity environments through Environment Overview, True Privilege, Security Themes, AI Security and Emerging Themes, and Findings Explorer. Together, these pillars help organizations gain visibility into identity hygiene issues, privilege escalation paths, AI-related exposures, and emerging attack vectors that are often missed by traditional security tools.
A notable addition is the AI Security and Emerging Themes pillar, which identifies risks associated with the growing adoption of AI technologies, including shadow AI agents, unauthenticated models, exposed secrets, and other identity-related vulnerabilities. The company noted that these risks frequently remain invisible to conventional identity and security platforms.
The new Findings Explorer capability consolidates detections and recommendations into a single interface while mapping remediation guidance to widely adopted frameworks such as NIST 800-53 and MITRE ATT&CK. This enables organizations to better align identity security initiatives with broader cybersecurity and compliance objectives.
“Machine identities, secrets, and AI agents often outnumber people by orders of magnitude, creating new attack paths that security teams struggle to see,” said Morey Haber, Chief Security Advisor at BeyondTrust. “Organizations need a more connected view of identity risk to understand how privileges interact across increasingly complex environments.”
According to BeyondTrust, the enhanced assessment is available free of charge and can typically be deployed in less than an hour, with findings delivered within 24 hours. The company said the offering serves as a foundational step toward continuous identity security by providing organizations with a prioritized roadmap for risk reduction and ongoing security improvement.
