Enterprise Blind Box: Exposing AI Agents in Various Industries

Enterprise Blind Box: Exposing AI Agents in Various Industries

In the rapidly evolving digital landscape, Non-Human Identities (NHIs) have become a common sight. These encompass machine identities like device IDs, microservices, containers, and automation bots, and they are multiplying rapidly, outnumbering human identities by large margins. However, their overly broad permissions and minimal monitoring have made them simple targets for exploitation.

Bradford Peirce, Product Marketing Manager at Okta, is shedding light on this issue, focusing on the retail, manufacturing, and travel and hospitality sectors. The proliferation of NHIs has resulted in over 27 million new ones last year alone.

The critical risks associated with NHIs across industries such as the public sector, healthcare, financial services, and retail mainly revolve around security gaps, lack of accountability, unauthorized access, and compliance challenges.

Security gaps and hidden exposures are a significant concern. With NHIs being invisible, ungoverned, or overprivileged, they create significant security blind spots where secrets—such as API keys and credentials—are leaked or improperly stored across code, pipelines, and collaboration tools. This unchecked proliferation allows attackers to exploit unprotected assets.

Lack of clear ownership and accountability is another major issue, especially in the public sector. With rapidly evolving AI agents and automation tools integrated into workflows, it is often unclear who is responsible for managing these NHIs. This obscurity hinders response to malicious or improper behavior and raises legal and trust concerns.

Unauthorized access to sensitive data is a significant risk in healthcare, where extensive AI adoption involves NHIs accessing sensitive patient data. A majority of healthcare IT professionals regard AI agents as security risks, yet policies to control their access are often lacking, leading to increased vulnerability to ransomware attacks and data breaches.

Regulatory and compliance risks are also prevalent in financial services and other highly regulated industries. Failure to control access and govern NHIs appropriately can result in regulatory penalties and increased audit scrutiny.

Automation-induced proliferation risk is a broad systemic risk across industries as organizations struggle to see, manage, and secure these identities effectively.

In summary, NHIs introduce critical risks including invisibility and overprivileged access leading to secrets leaks, unclear ownership causing accountability gaps, unauthorized access to sensitive data, and compliance failures under regulatory standards—all compounded by rapid AI-driven growth and decentralized management in sectors like public administration, healthcare, finance, and retail.

Despite these challenges, the integration of NHIs is not without its benefits. In financial services, 65% of Americans believe AI can expand access to financial tools for underserved individuals. In retail, generative AI powers virtual try-ons, enabling customers to visualize products within their own environments. In healthcare, 94% of organizations view AI as core to their operations.

However, it is crucial to address the risks. Only 32% of financial firms report having a formal AI governance group, leaving bots, APIs, and automation scripts operating without consistent oversight or defined lifecycle management. In healthcare, a staggering 96% of IT professionals see AI agents as a security risk, yet only 44% of organizations have policies in place to control their behavior.

Okta's Senior Product Marketing Manager for the Federal business, LaRel Rogers, and Staff Product Marketing Manager, Financial Services, Christopher Ottman, are working to address these issues. The webinar "Guess Who IAM" is scheduled for August 26, aimed at helping businesses secure their invisible workforce.

As NHIs continue to proliferate, the ultimate challenge comes with the "chase" NHIs: the most elusive and desirable variants. These are the truly dangerous unknowns, often evolved accounts that transformed from human identities or orphaned accounts left behind after a human deprovisioned, remaining active with elevated access and no owner.

Data privacy and data security are top concerns regarding AI in the retail industry, with 60% and 49% of retailers citing them as concerns, respectively. The digital landscape of organizations is compared to a collection of Labubu blind boxes, each representing an AI agent or automated workflow.

AI is also used in the retail industry to deliver hyper-personalized shopping experiences. 97% of retail and consumer packaged goods companies plan to increase their AI investments next year, and 90% are using or evaluating AI. In the healthcare industry, the expanded attack surface is a prime target for ransomware and data breaches due to the rapid adoption of AI and the sensitive nature of patient data.

As we navigate this digital future, it is essential to strike a balance between harnessing the power of NHIs and mitigating the associated risks. The "Guess Who IAM" webinar is a step in the right direction, offering businesses a chance to secure their invisible workforce and ensure a safer, more accountable digital landscape.

1. Bradford Peirce, from Okta, discusses the rising concerns about Non-Human Identities (NHIs) in retail, manufacturing, and travel and hospitality sectors, highlighting their proliferation.
2. Security gaps and hidden exposures in NHIs create significant security blind spots, leading to leaked or improperly stored secrets and unprotected assets.
3. Lack of clear ownership and accountability for NHIs, especially in the public sector, hampers response to malicious or improper behavior and raises legal and trust concerns.
4. Unauthorized access to sensitive data, such as patient data in healthcare, is a significant risk due to AI adoption and lack of appropriate policies to control access.
5. Regulatory and compliance risks are prevalent in industries like financial services, where failure to manage NHIs appropriately can lead to penalties and increased scrutiny.
6. Automation-induced proliferation risk is a broad systemic concern as organizations struggle to manage and secure rising numbers of NHIs.
7. Despite the challenges, NHIs offer benefits in industries like financial services and retail, such as expanding access to financial tools and powering virtual try-ons.
8. Okta's webinar, "Guess Who IAM," aims to help businesses secure their invisible workforce, addressing issues with NHIs in sectors like public administration, healthcare, finance, and retail.
9. Data privacy and data security are top concerns in the retail industry, with AI being used to deliver hyper-personalized shopping experiences, but also increasing the expanded attack surface for ransomware and data breaches.

Read also: