• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
non human identities: how to address the expanding security risk

Non-Human Identities: How to Address the Expanding Security Risk

You are here: Home / General Cyber Security News / Non-Human Identities: How to Address the Expanding Security Risk
June 12, 2025

Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security platform is here to close the gap.

Enterprises are Losing Track of Their Machine Identities

Machine identities–service accounts, API keys, bots, automation, and workload identities–that now outnumber humans by up to 100:1 are in fact a massive blind spot in companies’ security landscape:

Without robust governance, NHIs become a prime target for attackers. Orphaned credentials, over-privileged accounts, and “zombie” secrets are proliferating—especially as organizations accelerate cloud adoption, integrate AI-powered agents, and automate their infrastructure.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Secrets Sprawl: The New Attack Surface

GitGuardian’s research shows that 70% of valid secrets detected in public repositories in 2022 remained active in 2025—a three-year window of vulnerability. These aren’t just theoretical risks. Breaches at organizations like the U.S. Department of the Treasury, Toyota, and The New York Times all began with a leaked or unmanaged machine identity.

The problem isn’t just about volume. Secrets and credentials are scattered across code, CI/CD pipelines, cloud environments, and ticketing systems— environments outside traditional security perimeters.

This proliferation of unmanaged secrets has caught the attention of security frameworks worldwide. The newly released OWASP Top 10 Non-Human Identity Risks for 2025 specifically calls out ‘Secret Leakage’ as the #2 risk, noting that compromised credentials are implicated in over 80% of breaches.

Why Secrets Managers Alone Aren’t Enough

Traditional secrets managers (like HashiCorp Vault, CyberArk, AWS Secrets Manager, and Azure Key Vault) are essential for secure storage—but they don’t address the full lifecycle of NHI governance. They can’t discover secrets outside the vault, lack context around permissions, and don’t automate remediation when secrets are leaked or misused.

GitGuardian’s own analysis found that organizations using secrets managers are in fact more prone to secrets leakage. The secrets leakage incidence of repositories leveraging secrets managers is 5.1% compared with 4.6% for public repositories without secrets managers in place. And to add to this point, repositories with secret managers are more likely to handle sensitive information, increasing the risk of exposure.

The Platform Filling the NHI Security Gap

To address these challenges, organizations must adopt a unified IAM strategy that

empowers DevOps and SRE teams to effectively govern and secure NHIs, on top of the deployment of secrets management solutions (vaults and or secrets managers). This requires investing in solutions that provide comprehensive secrets discovery, centralized visibility, and automated governance capabilities. By leveraging tools that can map relationships between secrets, enforce consistent policies, and streamline rotation and remediation processes, DevOps and SRE teams can reduce the burden of secrets lifecycle management and focus on delivering value to the business.

GitGuardian’s NHI Security Platform is designed to address these exact blind spots and risks. Here’s how:

1. Discovery and Inventory: Finding the Invisible

Manual discovery of machine identities is a lost battle. Secrets exist across repositories, CI/CD pipelines, ticketing systems, messengers, and cloud environments—often in places security teams don’t monitor. Traditional approaches can’t keep pace with the dynamic nature of modern infrastructure, leading to incomplete inventories.

GitGuardian’s automated discovery continuously scans these environments, maintaining a real-time inventory enriched with contextual metadata. This centralized view serves as the foundation for effective governance.

2. Onboarding and Provisioning: Securing from Day One

Inconsistent provisioning processes create immediate risks—misconfigurations, over-permissioned identities, and manual errors. Organizations need standardized workflows that enforce the least privilege access and integrate with centralized secrets management.

A unified platform ensures consistency across teams and provides real-time visibility into permissions, maintaining a secure and compliant ecosystem from the start.

3. Continuous Monitoring: Staying Ahead of Threats

Modern enterprises face a monitoring nightmare: machine identities interact across dozens of systems, each with separate logging mechanisms. With organizations averaging six different secret management instances (according to “Voice of Practitioners: The State of Secrets in AppSec”), maintaining consistent policies becomes nearly impossible.

GitGuardian aggregates and normalizes usage data from multiple sources, providing centralized visibility. Advanced analytics and anomaly detection enable rapid response to high-risk events and policy violations.

4. Rotation and Remediation: Keeping Credentials Fresh

The stakes are high: CyberArk reports that 72% of organizations experienced certificate-related outages in the past year, with 34% suffering multiple incidents. Managing rotation at scale is complex, especially with system dependencies and inconsistent schedules.

GitGuardian integrates with popular secrets managers, providing contextual insights to identify owners and streamline remediation, minimizing security incident impact.

5. Decommissioning: Eliminating Zombie Credentials

Unused or stale identities accumulate as “zombie” credentials—prime targets for attackers. Fragmented tooling and inconsistent processes make proper offboarding difficult, leading to persistent security gaps.

GitGuardian’s continuous monitoring identifies candidates for decommissioning.

See GitGuardian’s NHI Security Platform in action with our interactive demo. Discover key features that security teams and IAM leaders love ⬇️

Compliance and Zero Trust: A Modern Mandate

Frameworks like PCI DSS 4.0 and NIST now explicitly demand strong controls for machine identities—enforcing least privilege, secure onboarding, and continuous monitoring. GitGuardian’s platform is built with these requirements in mind, helping organizations stay compliant as regulations evolve.

Conclusion: Don’t Wait for a Breach

The stakes are high: financial loss, reputational damage, compliance failure, and—most critically—loss of control over the digital infrastructure that powers your business.

Forward-thinking CISOs are bringing NHIs into their IAM strategy now. GitGuardian’s platform is the comprehensive, automated solution for discovering, managing, and securing all your machine identities—before attackers do.

Join us on June 25 for a 20-minute live demo of GitGuardian NHI Security to see how GitGuardian can help you:

  • Get visibility over all NHI secrets across your infrastructure
  • Improve your security hygiene
  • Reduce breaches resulting from mismanaged identities

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «connectwise to rotate screenconnect code signing certificates due to security ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
Next Post: Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction zero click ai vulnerability exposes microsoft 365 copilot data without user»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.