A lot has been written about AI in cybersecurity over the past year. Most of it tends to focus on the same things – prompt injection, hallucinations, model manipulation, deepfakes, adversarial attacks. And to be clear, those risks matter. But when CISOs talk about AI privately – or at least honestly – they often don’t start with the model at all.
For many security leaders, the real challenge with AI doesn’t feel like science fiction. It feels like an identity crisis.
What CISOs Are Actually Worried About
In a recent discussion among security leaders, the concerns around AI were surprisingly practical. The conversation wasn’t dominated by fears of AI “going rogue.”
Instead, CISOs kept returning to familiar operational issues: over-permissioned service accounts, forgotten API keys, machine identities nobody remembers creating, teams experimenting with AI tools outside formal governance, and workflows that somehow made it into production before anyone really stopped to ask who owned them.
In other words:
AI may be introducing new capabilities – but it is exposing old governance weaknesses, and does it at machine speed. The challenge isn’t simply securing AI models. It’s understanding how AI operates inside existing identity ecosystems.
The Human-Machine Identity Blur
A recent academic paper introduces a term for this emerging challenge: The Human-Machine Identity Blur.
The research describes a growing overlap between people and AI assistants, autonomous agents and machine identities, APIs and cloud workloads. As these systems begin acting on one another’s behalf, the traditional boundary between human and machine starts to fade, and identity stops being something binary. It is no longer human or machine. Instead, it becomes more like a spectrum: human-driven, AI-assisted, partially autonomous, fully automated.
And somewhere in that chain, accountability starts to get blurry.
Human vs Machine: Does It Still Make Sense?
Most Identity and Access Management (IAM) programs were designed for relatively clear boundaries: employees join, roles are assigned, systems get provisioned, permissions are reviewed, and eventually access gets removed.
Today, that model is starting to feel less straightforward. An employee may delegate tasks to an AI assistant that:
- Queries internal systems
- Retrieves sensitive data
- Triggers business workflows
- Generates or deploys code
- Accesses third-party APIs
At that point, asking whether an identity is “human” or “machine” starts to feel outdated. What used to be a fairly straightforward access event can now involve multiple identities, several systems, inherited permissions, and ownership spread across teams that may not even realize they’re part of the same chain. Technically, all of them were involved. Operationally, that’s where many organizations start losing clarity.
Numbers Don’t Lie: Why Machine Identity Risk Is No Longer Theoretical
The research backs up what many practitioners are already feeling. According to the paper, machine identities now outnumber human identities by roughly 43 to 1 in the average enterprise. Even more concerning, half of organizations reported security incidents related to compromised machine identities in the past year.
Figure source: Janani, K. (2025), The Human-Machine Identity Blur: A Unified Framework for Cybersecurity Risk Management in 2025, arXiv:2503.18255.
What’s even more revealing is ownership.
Figure source: Janani, K. (2025), The Human-Machine Identity Blur: A Unified Framework for Cybersecurity Risk Management in 2025, arXiv:2503.18255.
Responsibility for these identities is often split across security teams, developers, platform engineers, cloud teams, and sometimes nobody in particular. Which means the identities growing the fastest are often the ones receiving the least consistent governance.
From Identity Management to Identity Governance
For years, identity management was mostly about one question: Who has access?
That question still matters, but in AI-driven environments, it no longer tells the whole story. Today, security teams are increasingly being forced to ask something more complex: Who is actually acting inside the environment, on whose behalf, using what permissions, and with how much autonomy?
This changes how organizations think about accountability, monitoring, risk, and even trust itself. From static identity management to continuous identity governance.
In practice, this means:
- Mapping human-to-machine delegation chains
- Applying least privilege to machine identities
- Monitoring behavioral changes across both human and non-human accounts
- Creating accountability across identity lifecycles
In other words, the conversation is starting to move away from static identity management and toward continuous identity governance.
Enough AI Talk: The Practical Shift for CISOs
Organizations that will succeed with AI won’t necessarily be the ones deploying the most AI tools.
They’ll be the ones that can answer, in real time:
- Who initiated this action?
- Which identities were involved?
- What permissions were inherited?
- What systems were affected?
- What business risk does this create?
Most organizations already have logs, alerts, dashboards, and identity tools. What they often lack is the ability to connect those signals fast enough to understand what’s actually happening – and what requires action now.
This is where AI becomes operationally valuable – not as another alert engine, but as a decision-support layer.
Conclusion
AI didn’t create identity chaos; it exposed how fragmented identity governance already was.
For CISOs, the practical takeaway is clear – securing AI isn’t only about protecting models. It’s about governing the identities AI inherits, creates, and operates through.
The organizations that recognize this shift early will move beyond AI experimentation and toward AI-enabled operational resilience.
For Further Reading
This blog post was based on the insights presented in: Janani, Kush. “The human-machine identity blur: A unified framework for cybersecurity risk management in 2025.” arXiv preprint arXiv:2503.18255 (2025). https://doi.org/10.48550/arXiv.2503.18255
