New research reveals critical blind spots in non-human identity posture as autonomous systems reshape access dynamics
BeyondTrust, the global leader in identity security, has announced the launch of Secrets Insights, a powerful new capability within its Identity Security Insights™ platform. This expansion addresses the growing threat posed by unmanaged secrets and non-human identities, especially as Agentic AI systems begin to autonomously interact with infrastructure and provision access.
The announcement follows the completion of BeyondTrust’s first wave of Identity Security Risk Assessments, which uncovered alarming trends across industries. Dormant service accounts with privilege were found in over 70% of environments, while reused credentials and overly permissive Entra Service Principals created direct pathways to Global Admin access. These misconfigurations, often invisible to traditional security tools, represent a new frontier of risk.
“Overlooked hygiene issues silently open the door to attackers — and with Agentic AI, the stakes have never been higher.”
— Marc Maiffret, CTO, BeyondTrust
“These identity infrastructure issues aren’t just misconfigurations, they’re invitations,” said Marc Maiffret, CTO at BeyondTrust. “Organizations lack visibility into how compromised accounts can be leveraged to seize control of application secrets, which often carry elevated privileges.”
The rise of Agentic AI — autonomous systems capable of making decisions and provisioning access — amplifies the urgency. Without proper oversight, these systems can unknowingly inherit or create privilege escalation paths, bridging cloud and on-prem environments and exposing sensitive assets.
Secrets Insights brings these hidden risks into full view, offering:
- Discovery of unmanaged secrets across hybrid environments
- Mapping of users with direct and indirect access to secrets
- Risk scoring and prioritization based on exposure and privilege level
- Integration with BeyondTrust Password Safe for automated remediation
The platform now provides deep visibility into secrets such as API keys, service account credentials, and tokens across platforms like Active Directory, Entra ID, AWS, Azure, Okta, GitHub, and more.
BeyondTrust continues to offer complimentary Identity Security Risk Assessments, often completed in under 48 hours, helping organizations chart a path toward Zero Standing Privilege (ZSP) and Just-in-Time (JIT) access.
As automation and AI reshape enterprise infrastructure, BeyondTrust’s latest innovation ensures that the invisible layers of access are no longer overlooked — but actively secured.
