> News > Agentic AI Becomes the Top Priority for Security Teams

Agentic AI Becomes the Top Priority for Security Teams

November 16, 2025 • By Arne Schoenmakers

Autonomous AI agents are rapidly becoming the largest attack surface; research shows identity resilience is now the top priority.

Agentic AI Becomes the Top Priority for Security Teams

Rubrik Zero Labs has published new research showing that autonomous AI agents are rapidly becoming the primary attack surface. The report, titled The Identity Crisis, analysed 1,625 IT and security decision-makers worldwide.

Key figures

  • 90% cite identity attacks as their biggest concern

  • 89% have already integrated AI agents into their identity infrastructure or plan to do so within 12 months

  • 58% expect that within a year half or more of all attacks will be driven by agentic AI

The numbers signal a shift from 'break-in' to 'log-in': attackers are abusing legitimate privileges instead of exploiting system vulnerabilities.

Non-human identities are multiplying

According to the report, non-human identities (NHIs)—API keys, service accounts and AI agents—now vastly outnumber human users. This exponentially enlarges the attack surface and puts traditional IAM tools under pressure. Only 30% of respondents believe they could fully restore all identity services within 12 hours of an attack; last year that figure was 43%.

Implications for organisations

  1. IAM, DevOps secrets and AI governance need to be combined into a single identity-resilience plan.

  2. Stricter lifecycle governance for NHIs is essential, including automatic rotation and just-in-time access.

  3. Offline back-ups of directory services will be critical to speed up recovery and limit ransomware scenarios.

  4. Audits are shifting from network boundaries to identity controls and recovery readiness.

Recommended actions

  • Immediately inventory all NHIs and their privileges.

  • Implement automated provisioning and revocation.

  • Harden logging so that actions by humans and agents can be traced separately.

  • Rehearse recovery scenarios specifically for identity compromise and measure mean time to recover (MTTR).

  • Apply zero-trust principles consistently to both human and non-human identities.

Context video

A concise explainer from Rubrik Zero Labs on data and identity risks in the AI era is available on YouTube: https://www.youtube.com/watch?v=M9N8f2CEduQ

Sources

  • Rubrik Zero Labs, The Identity Crisis – 15 November 2025

  • Rubrik press release, "Identity resilience imperative as AI wave floods the workplace"

  • CSO Online, analysis of identity challenges with agentic AI (15 November 2025)

Thank you for your message!

We will contact you as soon as possible.

Let's connect?

Do you have questions about this article or our services? Get in touch!

Feel like a cup of coffee?

Whether you have a new idea or an existing system that needs attention?

We are happy to have a conversation with you.

Call, email, or message us on WhatsApp.

Bart Schreurs
Business Development Manager
06 54671577 bart@spartner.nl
Bart Schreurs

We have received your message. We will contact you shortly. Something went wrong sending your message. Please check all the fields.

© 2025 Spartner