Identity has become the new battleground in cybersecurity. This is not a metaphor: according to a new report from Rubrik Zero Labs, 90% of global leaders identify identity attacks as their top concern. Amid the rapid adoption of artificial intelligence and autonomous agents in organizations, IT and security teams are beginning to realize that protecting data alone is no longer enough: you must also protect who—or what— accesses it.
The report, titled “Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats”, paints an uncomfortable picture: as the number of digital identities within companies—users, service accounts, APIs, AI agents—increases, the actual ability to recover after an identity breach is deteriorating.
Rubrik, known for its focus on cyber resilience and data protection, delivers a clear message: identity is now the weakest link, and identity resilience will be critical to surviving the next generation of attacks.
From “Breaking In” to “Logging In with Password”: The Model Shift
The study highlights a vivid comment from Andrew Albrech, CISO of Domino’s: you can invest in all kinds of technologies, but if someone tricks tech support into giving an administrator password, “the game is over.” That’s the core problem: attackers no longer need to exploit complex technical vulnerabilities if they can leverage an inadequately protected identity.
Rubrik Zero Labs emphasizes three trends that explain the current concern:
- AI generates massive volumes of data and more entry points.
Every new model, agent, or automated workflow involves more credentials, tokens, and permissions that need managing. - Organizations still rely on siloed tools.
Separate solutions for backup, identity management, EDR, SIEM, or incident response that don’t communicate well with each other. - Heterogeneous and complex infrastructure by design.
On-premises environments, public cloud, SaaS, and hybrid scenarios coexist, with identities moving and inheriting permissions across all of them.
In this context, Rubrik advocates that the only way to regain control is to build a strategic identity resilience framework: not only detecting and blocking attacks but also being able to audit, reverse malicious changes, and quickly restore identity systems like Active Directory or other identity providers.
The Silent Explosion of Non-Human Identities and AI Agents
One of the most striking data points in the report is that, according to industry reports, non-human identities (NHIs) already outnumber human users by approximately 82 to 1. That is, for every employee, there are dozens of service accounts, API keys, AI agents, or automated processes with access to sensitive data.
Rubrik’s study confirms that most organizations have already opened the door to this new landscape:
- 89% of IT and security leaders state they have fully or partially integrated AI agents into their identity infrastructure.
- The remaining 10% plan to do so in the near future.
- More than half (58%) believe that within the next year, at least half of the cyberattacks they handle will be AI-driven, meaning attacks where AI itself helps automate intrusion, lateral movement, or credential exploitation.
Rubrik summarizes the situation with a strong statement: “attackers are no longer forcing the door—they are already logged in.”
If an AI agent credential or a service account is compromised, an attacker can mass access data and systems without immediate suspicion because the traffic appears legitimate.
Organizations Reorganizing: More Talent and Changing IAM Providers
In response, CIOs and CISOs are not standing still. The report reveals a coordinated reaction:
- 89% of organizations plan to hire specialized personnel in the next 12 months to improve identity management, infrastructure, and security.
- 87% are changing their identity and access management (IAM) providers or have active plans to do so.
- In 58% of cases, security is the main reason for the change, ahead of cost or feature considerations.
This indicates that identity management has shifted from a compliance requirement to a strategic pillar for security and business continuity.
Kavitha Mariappan, Rubrik’s Chief Transformation Officer, summarizes: managing identities in the AI era has become extremely complex, especially with the labyrinth of NHIs. A single compromised credential can open the entire organization’s doors.
The Bad News: Declining Confidence in Recovery Capabilities
The report not only discusses risks but also the actual recovery capacity. The numbers are concerning:
- In 2024, 43% of respondents believed they could fully recover from an incident within 12 hours or less.
- By 2025, that confidence drops to 28%.
- 58% expect they would need two days or more to return to normal operations after a significant breach.
- Among those affected by ransomware in the past year, 89% report having paid a ransom to recover data or halt the attack.
This paints an uncomfortable scenario: as attack surfaces grow, confidence in recovery diminishes. Rubrik emphasizes that identity resilience must be integrated into the cybersecurity strategy, not treated as an isolated module.
Towards a Holistic Resilience: Unified Data, Identities, and Recovery
Rubrik advocates that in increasingly automated threat environments, organizations need platforms capable of unifying data, identities, and recovery within a single control plane. Their approach revolves around Rubrik Security Cloud and Rubrik Agent Cloud, designed to deploy “trusted” AI agents that monitor actions, enforce safeguards in real time, and allow undoing malicious behaviors or errors.
The core idea: when an identity attack occurs, restoring from backup isn’t enough. You must also be able to:
- Identify compromised credentials and entities.
- Audit and reverse malicious changes in identity systems.
- Recover data from “clean” points prior to the attack.
- Execute all these actions swiftly to minimize business impact.
This approach is what Rubrik calls Identity Resilience: the capacity to anticipate, withstand, and recover from threats related to both human and non-human identities in a world where AI agents are part of daily operations.
A Global Issue, Measured Worldwide
The Rubrik Zero Labs study, conducted by Wakefield Research, surveyed 1,625 IT security leaders across companies with more than 500 employees in the United States, Europe (UK, France, Germany, Italy, Netherlands), and Asia-Pacific (Japan, Australia, Singapore, India). Fieldwork was conducted between September 18 and 29, 2025.
The results reveal a global trend: identity is the new perimeter, and the explosion of AI agents and NHIs is forcing a complete redesign of defenses.
For security teams, the message is clear: it’s not a matter of if an identity attack will happen, but when—and what their organization’s actual recovery capacity will be when it does.
Frequently Asked Questions about Identity Resilience and AI Agents
1. What is identity resilience in enterprise cybersecurity?
Identity resilience is an organization’s ability to resist, detect, and recover from attacks focused on credentials, user accounts, service accounts, and identity management systems (such as Active Directory or other IdPs). It’s not just about preventing unauthorized access but also encompasses the ability to audit changes, revert malicious configurations, and rapidly restore authentication services after an incident.
2. How do AI agents and non-human identities impact the attack surface?
AI agents and NHIs—such as service accounts, API keys, or bots—multiply the number of entities with permissions within an organization. Many operate silently in the background with broad access to data and systems. If one of these identities is compromised, an attacker can move silently and automate lateral movement across the infrastructure, making detection harder and potentially increasing attack impact.
3. What practical steps can companies take to improve resilience against identity attacks and ransomware?
Key measures include inventorying all human and non-human identities, applying the principle of least privilege, strengthening multi-factor authentication, segmenting critical identity systems, integrating IAM logs with security operations, and most importantly, having a specific backup and recovery strategy for identity systems. Conducting recovery simulations and predefining prioritized data and services for restoration can also reduce downtime.
4. What role do platforms like Rubrik Security Cloud and Rubrik Agent Cloud play in protecting identities and data in the AI era?
These platforms aim to combine data protection, threat monitoring, identity management, and advanced recovery capabilities within a unified environment. For Rubrik Agent Cloud, the focus is on AI agents: discovering them, auditing their actions, applying policies in real time, and automatically reverting harmful changes. The goal is to enable organizations to adopt AI boldly, with a control framework that reduces risks related to identity and access abuses.
via: rubrik