Keeper Security Research Reveals 89% of IT Leaders Struggle to Manage Growing Identity Footprint Amid AI Expansion

New global study of 3,200 cybersecurity decision-makers finds AI adoption is accelerating identity sprawl, with 96% reporting disconnected tools are creating exploitable security gaps

Keeper Security, the leading zero-trust and zero-knowledge identity security and Privileged Access Management (PAM) platform, releases its latest global insight report, “Identity Security at Machine Speed.” The study examines the challenges cybersecurity decision-makers face as identity ecosystems expand to include humans and a growing number of Non-Human Identities (NHIs), and finds that legacy tools and unchecked Artificial Intelligence (AI) adoption are widening security gaps that attackers exploit.

Conducted with 3,200 cybersecurity decision-makers and senior IT leaders across the United States, Europe, Asia-Pacific and the Middle East, the research explores how the rapidly expanding identity ecosystem, spanning employees, contractors, third parties and machine accounts, is reshaping enterprise security strategy.

Among the key findings:

• Identity sprawl is a near-universal challenge: Nearly nine out of ten (89%) senior IT leaders report that managing the growing identity footprint is challenging, reflecting the scale and complexity of modern security environments.
• Control is fragmented, not consolidated: Identity authority is often distributed across systems, with no single cybersecurity control plane. Globally, 96% cited disconnected or poorly integrated security tools as creating exploitable gaps.
• Detection of unauthorized activity is lagging: In 72% of organizations, credential misuse is not detected in real time, with most taking hours, and in some cases, days or weeks to identify unauthorized privileged access.

Also Read: CIO Influence Interview with Gihan Munasinghe, CTO of One Identity

As AI adoption accelerates, new governance gaps emerge:

• AI usage is multiplying NHIs: 43% of respondents globally identify AI-related NHI management and security as a top identity governance gap. That figure climbs to 51% among U.S. respondents, suggesting American enterprises are feeling the pressure of machine identity growth more acutely than their global counterparts.
• Employee AI use is a top concern: Over half (56%) of respondents are concerned about employees inadvertently exposing sensitive information to AI systems – a figure that rises to 67% among U.S. respondents, who also report higher-than-average concern about lack of visibility into employee AI tool usage (47% vs. 42% globally).
• Shadow AI creates blind spots: A lack of visibility into the AI tools employees use was identified as a significant governance gap by 42% of organizations globally.

U.S. respondents reflect particular urgency, with 73% citing disconnected or poorly integrated tools as creating exploitable gaps, compared with 63% globally. More than a third also report attempted cyber attacks occurring daily or even more frequently, nearly double the rate of some peer markets.

“AI agents, service accounts and machine identities radically outnumber human users in many environments. Most organizations lack the capabilities in their current identity security stack to govern them. Every unmanaged identity is a prime target for attackers,” said Darren Guccione, CEO and Co-founder of Keeper Security. “Given the accelerated proliferation of AI and machine identities within enterprise infrastructure, the implementation of pervasive identity governance with real-time detection and least-privilege enforcement is essential.”

Keeper delivers a zero-trust, zero-knowledge identity security and PAM platform designed for modern enterprise environments where AI adoption is accelerating and machine identities are proliferating at scale. KeeperPAM integrates enterprise password management, secrets management, privileged session management and endpoint privilege management with AI-driven threat detection and response. The platform enables organizations ranging from Fortune 100 enterprises to federal agencies to protect sensitive data, streamline compliance and reduce the risk of damaging breaches.