Insights from RSA Conference attendees highlight visibility and control challenges as AI-driven access expands within organizations
Keeper Security, the leading zero-trust and zero-knowledge identity security and Privileged Access Management (PAM) platform, highlights a widening gap in enterprise security as organizations expand the access of non-human and AI-driven identities without the visibility and controls required to secure them. Insightsย gathered from a survey of 109 cybersecurity professionals conducted on-site at RSA Conference 2026 in San Francisco show that Non-Human Identities (NHIs), including service accounts, API keys, automation and AI-powered tools, are now deeply embedded in modern infrastructure and frequently operate with privileged access. Nearly half (46%) of respondents report that AI-powered tools have access to critical systems and data, and 76% say those identities are not consistently governed under privileged access policies.
Visibility remains a primary challenge. Only 28% of organizations report full visibility into NHIs across cloud, on-premises and SaaS environments, while 53% identify lack of visibility into AI, automation and machine access as their top risk. Without centralized visibility, security teams cannot consistently enforce least-privilege access or monitor how identities are used, increasing the likelihood of excessive privileges and unmanaged access.
Also Read:ย CIO Influence Interview with Gihan Munasinghe, CTO of One Identity
Security Models Are Not Keeping Pace With Identity Growth
The findings also highlight gaps in governance and operations. Many organizations continue to manage NHIs across multiple tools and teams, resulting in inconsistent policies and fragmented ownership. As the number of machine and AI-driven identities grows, this approach makes it more difficult to maintain control over access to critical systems.
Only 26% of organizations report using automated detection and response to monitor NHI activity. Most continue to rely on manual processes that are not designed to scale in environments driven by automation and continuous system-to-system interaction. More than 40% of respondents report experiencing a security incident involving non-human identities or credentials in the past year, while 32% are unsure whether such an incident has occurred, highlighting ongoing detection gaps.
“AI and automation are expanding how systems interact and access an organization’s data,” said Darren Guccione, CEO and Co-founder, Keeper Security. “That shift introduces new complexity around identity, and requires a unified approach to visibility and control across both human and non-human access.”
RSA Conference (RSAC) is one of the world’s most influential cybersecurity events, drawing thousands of practitioners, CISOs, CIOs and security professionals annually to San Francisco. As a premier forum for addressing emerging digital threats, from AI-driven attacks and ransomware to cloud security and regulatory compliance, RSAC provides an ideal setting to capture real-time insights from the cybersecurity community. The survey gathered responses directly from attendees, offering a firsthand look at how today’s security leaders are thinking about the challenges and priorities shaping the industry.
As enterprise environments become more automated and interconnected, securing NHIs is becoming essential to maintaining control over access to critical systems and data. Modern PAM addresses this challenge by providing centralized visibility, enforcing least-privilege access and enabling continuous monitoring across both human and non-human identities. Keeper’s platform,ย KeeperPAM, unifies password management, secrets management and privileged access controls in a single zero-trust, zero-knowledge architecture, helping organizations secure all identities and reduce risk across their environments.
Catch more CIO Insights:ย CIO as Orchestrator of Cross-Functional Digital Strategy
[To share your insights with us, please write toย psen@itechseries.com ]
