Insights from RSA Conference attendees highlight visibility and control challenges as AI-driven access expands within organizations
SAN FRANCISCO – Keeper Security, the leading zero-trust and zero-knowledge identity security and Privileged Access Management (PAM) platform, today highlights a widening gap in enterprise security as organizations expand the access of non-human and AI-driven identities without the visibility and controls required to secure them. Insights gathered from a survey of 109 cybersecurity professionals conducted on-site at RSA Conference 2026 in San Francisco show that Non-Human Identities (NHIs), including service accounts, API keys, automation and AI-powered tools, are now deeply embedded in modern infrastructure and frequently operate with privileged access. Nearly half (46%) of respondents report that AI-powered tools have access to critical systems and data, and 76% say those identities are not consistently governed under privileged access policies.
Visibility remains a primary challenge. Only 28% of organizations report full visibility into NHIs across cloud, on-premises and SaaS environments, while 53% identify lack of visibility into AI, automation and machine access as their top risk. Without centralized visibility, security teams cannot consistently enforce least-privilege access or monitor how identities are used, increasing the likelihood of excessive privileges and unmanaged access.
Security Models Are Not Keeping Pace With Identity Growth
The findings also highlight gaps in governance and operations. Many organizations continue to manage NHIs across multiple tools and teams, resulting in inconsistent policies and fragmented ownership. As the number of machine and AI-driven identities grows, this approach makes it more difficult to maintain control over access to critical systems.
Only 26% of organizations report using automated detection and response to monitor NHI activity. Most continue to rely on manual processes that are not designed to scale in environments driven by automation and continuous system-to-system interaction. More than 40% of respondents report experiencing a security incident involving non-human identities or credentials in the past year, while 32% are unsure whether such an incident has occurred, highlighting ongoing detection gaps.
“AI and automation are expanding how systems interact and access an organization’s data,” said Darren Guccione, CEO and Co-founder, Keeper Security. “That shift introduces new complexity around identity, and requires a unified approach to visibility and control across both human and non-human access.”
RSA Conference (RSAC) is one of the world’s most influential cybersecurity events, drawing thousands of practitioners, CISOs, CIOs and security professionals annually to San Francisco. As a premier forum for addressing emerging digital threats, from AI-driven attacks and ransomware to cloud security and regulatory compliance, RSAC provides an ideal setting to capture real-time insights from the cybersecurity community. The survey gathered responses directly from attendees, offering a firsthand look at how today’s security leaders are thinking about the challenges and priorities shaping the industry.
As enterprise environments become more automated and interconnected, securing NHIs is becoming essential to maintaining control over access to critical systems and data. Modern PAM addresses this challenge by providing centralized visibility, enforcing least-privilege access and enabling continuous monitoring across both human and non-human identities. Keeper’s platform, KeeperPAM, unifies password management, secrets management and privileged access controls in a single zero-trust, zero-knowledge architecture, helping organizations secure all identities and reduce risk across their environments.
View the infographic with full survey findings or visit keepersecurity.com to learn more about securing AI agents and non-human identities.
About Keeper Security
Keeper Security is one of the fastest-growing cybersecurity software companies that protects thousands of organizations and millions of people in over 150 countries. Keeper is a pioneer of zero-knowledge and zero-trust security built for any IT environment. Its core offering, KeeperPAM®, is an AI-enabled, cloud-native platform that protects all users, devices and infrastructure from cyber attacks. Recognized for its innovation in the Gartner Magic Quadrant for Privileged Access Management (PAM), Keeper secures passwords and passkeys, infrastructure secrets, remote connections and endpoints with role-based enforcement policies, least privilege and just-in-time access. Learn why Keeper is trusted by leading organizations to defend against modern adversaries at KeeperSecurity.com.
Learn more: KeeperSecurity.com
Follow Keeper: Facebook Instagram LinkedIn X YouTube TikTok
