In today’s rapidly evolving digital landscape, artificial intelligence (AI) is reshaping industries at an unprecedented pace. While this transformation creates opportunities, it also exposes enterprises to sophisticated cyber threats.

The identity security landscape is set to undergo a major shift in 2025, as AI accelerates the creation of non-human identities (NHIs) at an unprecedented scale. NHIs, often referred to as service accounts, already outnumber human identities in enterprises, however, AI-driven automation is multiplying them even further. This is introducing new security risks, making real-time monitoring and proactive threat detection essential to prevent escalating vulnerabilities.

Tim Eades, CEO and Co-Founder of Anetac, recently joined TFiR’s Secure By Design to discuss the escalating security challenges posed by AI, the crucial role of non-human identities, and how enterprises can fortify their defenses against emerging threats.

AI’s Dual Impact on Cybersecurity

“The world of security is being turned upside down by AI. Honestly, I think AI is bigger than the cloud. It’s bigger than mobile. It’s as big as the internet,” Eades says. “AI makes the good hacker great and the great hacker scale,” Eades adds, highlighting the dual nature of AI in cybersecurity. Attackers can now automate and scale their exploits faster than ever, creating a critical need for enterprises to respond at machine speed.

AI-driven attacks are becoming more sophisticated, widespread, and difficult to detect. Conversely, AI also empowers security teams with new capabilities to automate threat detection, optimize response strategies, and improve identity management.

Organizations across multiple industries have already experienced breaches due to compromised service accounts. The increasing sophistication of AI-powered attacks means enterprises need to deploy solutions that automate continuous monitoring and instant threat response. By integrating with existing security investments like CyberArk and Okta, Anetac helps enterprises strengthen their identity security without adding operational complexity.

From an entrepreneurial perspective, AI is a game-changer. “It has never been cheaper to build a cybersecurity company,” Eades notes. AI enables the rapid development of agent architectures, policy enforcement mechanisms, and security automation tools that can disrupt legacy vendors. However, to succeed in this space, startups must focus on training AI models effectively and ensuring they evolve to counteract emerging threats.

The Growing Threat of Non-Human Identities

Anetac was founded to tackle a fundamental yet often overlooked problem in cybersecurity: securing non-human identities. These identities, such as service accounts and API tokens, exist in a staggering ratio of 30 to 40 non-human identities per human user in an enterprise. “Non-human identities — let’s call them service accounts — are a soft underbelly for organizations. It’s largely a hygiene issue. What they often find on-premises is ugly and hard,” Eades explains.

Service accounts often remain active for decades, hardcoded into applications with little oversight. Enterprises struggle to track these identities, assess their business context, or disable them without disrupting critical operations. Eades emphasizes that any effective solution must address both on-premise and cloud-based environments to ensure comprehensive protection.

A Ubiquitous Security Challenge

Non-human identity security is not confined to any single industry. “It’s an everyone problem, not a someone problem,” Eades states. From financial institutions and healthcare providers to telcos and shipping companies, organizations across all sectors face similar challenges. This widespread nature of the issue underscores the necessity for scalable, automated solutions that integrate seamlessly into existing security frameworks.

The Need for a Streaming-Based Approach

Traditional, static security solutions fail to detect the dynamic behaviors of non-human identities. “If a service account has its credentials elevated at 2:00 AM and reduced at 2:30 AM, a static solution would never see it,” Eades points out. To address this, Anetac employs a streaming-based approach that continuously monitors identity behaviors over time. This method ensures real-time visibility into identity activities, enabling security teams to detect and mitigate risks before they escalate into full-blown breaches.

Integrating with Existing Security Investments

One of Anetac’s key differentiators is its ability to enhance, rather than replace, existing security investments. Enterprises have already spent millions on Privileged Access Management (PAM), Identity Access Management (IAM), and Single Sign-On (SSO) solutions. “We don’t want to pick a fight with CyberArk, Ping, or Okta. We want to make them better and smarter by integrating into these solutions,” Eades explains. By feeding real-time insights into these platforms, organizations can maximize the value of their existing security infrastructure without adding operational burden.

Building a Security-Conscious Culture

Technology alone cannot solve cybersecurity challenges—culture plays a pivotal role. Eades emphasizes the importance of fostering curiosity and continuous learning within organizations. “Create an environment where teams break up part of their days to invest in education and learning. Attend conferences, meetups, and engage with the cybersecurity community,” he advises.

Additionally, leveraging collective intelligence through Information Sharing and Analysis Centers (ISACs) can help enterprises stay ahead of emerging threats. “The wisdom of the crowd is going to be super important in this battle,” Eades concludes.

Conclusion

Eades predicts that identity security will become even more critical in 2025, as AI-driven systems continue to generate an ever-growing number of service accounts. Organizations need to be proactive in tackling this challenge, investing in scalable security measures that integrate real-time threat intelligence. Partnering with Information Sharing and Analysis Centers (ISACs) and fostering a culture of continuous learning will be key to staying ahead of emerging threats. Eades emphasizes the need to balance innovation with stability so that enterprises can embrace new technologies while maintaining strong security foundations.

Guest: Tim Eades
Company: Anetac
Show: Secure by Design

This summary was written by Emily Nicholls.