AI-driven automation is accelerating the proliferation of machine identities, exposing them to costly outages and security risks, while organizations are struggling to keep up.

Machine identities – digital entities used to identify, authenticate, and authorise machines, devices, and infrastructure – represent a broad category that includes any digital identity not associated with or operated by a human.

Machine identity is similar to human identity in many ways. For humans, we need to authenticate to systems by identifying ourselves using personally identifiable things such as our name, national identity number or passport. For machines, if they want to communicate with one another, they need to identify who they are through certificates or shared secrets to authenticate to other systems.

However, with AI-driven automation accelerating the proliferation of machine identities, organizations are struggling to keep up with preventing costly outages and security risks. CyberArk’s 2025 State of Machine Identity Security Report revealed a sharp rise in security incidents linked to compromised machine identities.

As organizations work to prepare for shorter certificate lifespans, authenticate cloud native workloads, safeguard AI models and ready themselves for quantum computing, they recognize that machine identity security must be a cornerstone of their enterprise security strategy.

CybersecAsia discussed some of the key findings from the 2025 State of Machine Identity Security Report with Lim Teck Wee, Area Vice President, ASEAN, CyberArk.

What are the key challenges organizations face in managing machine identities?

Lim: While 94% of APAC security leaders report some form of machine identity security program in the CyberArk 2025 State of Machine Identity Security Report, many of these programs lack maturity.

Another challenge which organizations face is in terms of how they can adapt to the shorter life-cycle of machine identity. At the same time, the attackers are still not stopping, and they are still continuing to look for ways to steal the identities and data of organizations and disrupt their businesses. All these are areas where machine identities become very front and center in terms of the priorities of organizations that they need to secure.

How different is machine identity from human identity? What do organizations need to take note of to protect machine identities as compared to traditional identity-based threats?

Lim: In machine identity attacks, attackers could manipulate keys or exploit stolen certificates to impersonate legitimate machines, evade authentication protocols, and gain unauthorized entry to sensitive resources.

Unlike human identities, machine identities cannot utilize authentication capabilities such as multi-factor authentication (MFA) using biometrics, a memorized password or an identity card or mobile phone.

Machine identities pose different security challenges, and instead use digital certificates, SSH keys, IP addresses, and other unique characteristics associated with the workload or container, together with secrets or other credentials to provide authentication. Thus, it is crucial that organizations automate the issuance, rotation, and revocation of machine identities to improve the visibility and scale of their management capabilities.

This sheer scale is driven by several factors, including the rise of artificial intelligence (AI), cloud-native technologies, as well as the shrinking lifespans of machine credentials in today’s fast-paced development cycles.

As organizations adopt more AI technologies, there are more systems being developed and, therefore, more machine communications. This results in the proliferation of machine identities. We have seen an increasing number of attacks as well.

CyberArk’s 2025 State of Machine Identity Security Report shows that 78% of the APAC security leaders reported incidents of breaches linked to compromised machine identities in the last year. This has led to delays in application launches (51%), unauthorized access to sensitive data or networks (51%) as well as outages impacting customer experience (37%).

85% of Asia Pacific security leaders anticipate the number of machine identities in their organizations to increase by as much as 150% over the next year. Why is this growth happening so rapidly, and what are the security implications?

Lim: Machine identities now outnumber human identities by an overwhelming margin. According to CyberArk’s 2025 Identity Security Landscape report, there are 82 machine identities for every human identity in APAC organizations.

This sheer scale is driven by several factors, including the rise of artificial intelligence (AI), cloud-native technologies, as well as the shrinking lifespans of machine credentials in today’s fast-paced development cycles.

As organizations adopt more AI technologies, there are more systems being developed and, therefore, more machine communications. This results in the proliferation of machine identities. We have seen an increasing number of attacks as well.

CyberArk’s 2025 State of Machine Identity Security Report shows that 78% of the APAC security leaders reported incidents of breaches linked to compromised machine identities in the last year. This has led to delays in application launches (51%), unauthorized access to sensitive data or networks (51%) as well as outages impacting customer experience (37%).

How can businesses build a mature, end-to-end machine identity security strategy to mitigate the risks?

Lim: Companies are looking at a programmatic approach in terms of machine identity security. Having visibility is key to ensuring organizations understand and know where all the machine identities are in their organization. In addition, organizations need to start thinking about emerging threats such as quantum computing given the advancement of technology.

Some of the best practices we have seen are implementing least privilege and regular audits. Organizations need to secure the credentials or the passwords that need to be rotated from time to time in a more regular fashion, much like the way we manage our passwords.

As the number of machine identities continues to grow and outnumber human identities, this will become a crucial part of organizations’ core strategy to secure their identities.