The “security at inception” approach proposed by CyberArk redefines how human and machine identities should be protected in the age of AI and cloud computing.
We live in an era where digital identities are growing faster than companies can manage them. According to CyberArk’s latest report, “Identity Security Landscape 2025,” there’s a clear warning: 90% of organizations have experienced at least one identity-related breach.
It’s not just about the volume. The report states that machine identities now outnumber human identities by a ratio of 82 to 1. And with the rise of agentic AI—autonomous agents capable of executing complex tasks independently—the situation becomes even more complicated: these agents will be the main source of new privileged access identities.
CyberArk’s primary critique is devastating: most companies are still applying access controls after resources are already deployed, creating a “security debt” that’s costly, slow to fix, and entirely avoidable.
This security gap isn’t just technical; it’s organizational. While CIOs and CTOs are responsible for creating systems, cloud accounts, and AI agents, the responsibility for safeguarding them lies with CISOs. This disconnect between ownership and security breeds friction and systemic vulnerabilities.
CyberArk’s solution is as logical as it is ambitious: incorporate identity security from the moment a resource is created, rather than retroactively. This approach, called “security at inception,” is supported by five key pillars:
- Privilege without persistence (ZSP): temporary and justified access, never permanent.
- Automatic vaulting: privileged accounts are securely stored from the outset.
- Managed certificates: automated creation, renewal, and centralized governance.
- Secure code validation within the development pipeline (SDLC).
- Complete automation in infrastructure as code (Terraform, Ansible, CI/CD, etc.).
The result is security that scales alongside digital transformation, reduces attack surfaces, and aligns protection with the real speed of business.
CyberArk emphasizes four factors that make this shift urgent:
- Agentic AI: LLM-based agents operating with human-like privileges but without oversight—if not protected from creation, they become autonomous risks.
- Cloud speed: cloud environments are deployed in minutes; manual security can’t keep pace.
- Regulatory pressure: frameworks demanding traceability and control over privileged access.
- Talent shortage in cybersecurity: automation is no longer optional but a necessity.
One of the most alarming warnings from the report is about AI agents creating their own identities—provisioning resources, accessing data, and generating new credentials—all without direct human control. Securing these identities after the fact is as futile as trying to squeeze toothpaste back into the tube.
James Creamer, CyberArk’s Director of CISO Advisory, summarizes:
“The only sustainable way to protect identities in this new landscape is to integrate them into the design from the start. We can’t keep reacting as AI and the cloud advance at this speed.”
For CISOs, adopting this vision requires cultural and technical transformation:
- Moving from fire-fighting to designing secure-by-default environments.
- Collaborating closely with CIOs and CTOs to embed controls from infrastructure.
- Automating identity onboarding and secret policies.
- Measuring protection time from provisioning as a key KPI.
At the same time, development teams gain agility by no longer waiting for manual approvals. It becomes a win-win situation for security, efficiency, and innovation speed.
The core shift CyberArk advocates is philosophical: security should no longer be a phase but an intrinsic attribute from the outset. Just as no one would build a building without a solid foundation, no modern digital architecture can rely on controls added later.
The company also recommends:
- Standardizing Infrastructure as Code (IaC) templates with built-in security.
- Integrating static code analysis tools to validate machine identity best practices.
- Adopting unified platforms for certificate and access management.
- Implementing ephemeral access policies by default.
Many of these measures can be transparent to end-users, especially when properly automated. This way, developers get quick, secure access, and security teams gain visibility, traceability, and compliance.
The challenge remains significant, but as Creamer concludes:
“Only by protecting identities from their creation can we anticipate risks instead of chasing them endlessly.”
In summary, the rise of AI and distributed computing demands a new proactive, automated cybersecurity model. Identities are now the new perimeter, and protecting them from day one will distinguish resilient organizations from potential victims.
via: CyberArk