Preparing for identity attacks: what steps do you need to take?

Identity has become the central control plane for modern security. Indeed, according to Omdia, 75 percent of companies have increased their budgets around identity management in 2026, compared to 57 percent in 2025.

This increase is driven largely by agentic AI, as AI agents need identities and permissions to function. However, effective identity security now requires understanding how identity operates across the full environment, not within a single system.

The SANS Institute found that 68 percent of organizations can detect identity problems within 24 hours, but only 55 percent of companies can respond within that same timeframe. That gap matters because attackers operate inside that window, chaining access before remediation occurs. Understanding the risk is the starting point.

For partners, helping customers to spot gaps in their identity security is an opportunity. As environments become more fragmented and identity becomes the primary attack surface, how can you help your customers get ahead of these risks?

Latest Videos From

The future is hybrid

In the past, Microsoft Active Directory was the one place that controlled access and identity across the enterprise. That centralization made it a high-value target.

Today, identity is distributed. Developer identities and permissions live in GitHub. Endpoint platforms like Jamf manage device-linked access. Cloud identity providers such as Okta and JumpCloud extend identity across SaaS and infrastructure.

The result is more fragmentation across IT and the creation of trust relationships between systems. For example, a developer account in GitHub can use OpenID Connect to access cloud services and provision resources. In effect, one system is asserting identity into another. This is where risk begins to compound.

When an identity in one location has permissions in another, that identity becomes a dependency. Over time, identities accumulate permissions beyond their original purpose. For example, a developer account might have needed temporary deployment access but still retains full administrative rights. Alternatively, it may inherit access through group membership that exceeds what the individual account would otherwise receive.

In these environments, risk is rarely obvious when viewed system by system. The important question is not what an identity can access directly, but what it can reach through relationships. That is also exactly how attackers operate.

Responding to the identity challenge

Agentic AI has accelerated this problem. IDC forecasts that 40 percent of Global 2000 jobs will involve agentic AI by the end of 2026, while Gartner predicts that 40% of enterprise applications will embed task-specific AI agents by 2026, up from less than 5% in 2025. Gartner also predicts that 25 percent of these applications will experience multiple security issues annually.

Non-human identities (NHIs) have expanded rapidly alongside this shift. Managing them alongside human users requires an understanding of assigned permissions, how those permissions propagate, how they map to human operators, and how they evolve.

For partners, the starting point is establishing visibility into identities and their relationships. Looking at accounts and permissions provides a baseline. From there, the focus shifts to identifying which combinations of access create meaningful risk.

This involves prioritising remediation based on reachable impact, reducing misconfigurations, excessive privilege, and unintended access paths. This is not a one-time exercise with customers. Identity systems change continuously, especially with AI-driven automation. Static assessments degrade quickly in dynamic environments. This is particularly true for those non-human identities, where access is often not revisited.

Continuous visibility reduces both detection time and the gap between detection and remediation. Partners can also help customers protect critical assets by establishing priority zones where identity controls are more tightly enforced. This shifts security from reactive to structural. Coupled with regular reporting on identity changes, this creates a more effective and durable security model.

As enterprises expand AI and automation, identity becomes more critical. Just enumerating access is not sufficient to make systems more secure. Security depends on understanding how that access can be abused, as well as reducing the conditions that make abuse consequential.

Attackers do not compromise identities in isolation. They exploit relationships, using delegated rights, inherited roles, and cross-platform trust to move laterally and escalate privileges.