Exacerbating risk is the proliferation of identities: 78% of organizations lack policies for creating AI identities
SEATTLE – Jan. 27, 2026 –The Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, today released a new survey report, The State of Non-Human Identity and AI Security, which reveals critical process and technology gaps for agentic access management. Commissioned by Oasis Security, the identity security platform, the survey shows how a lack of AI governance policies and outdated IAM solutions open organizations up to significant risk amid the rapid-fire adoption of AI.
“Organizations with limited visibility and unclear ownership are feeling the strain of AI-driven identities and securing identities in the AI era. Establishing strong identity foundations now is critical to reducing risk and confidently scaling AI use” said Hillary Baron, AVP of Research, Cloud Security Alliance.
As AI becomes embedded across the business, the scale of identity creation and access will grow exponentially, compounding existing visibility and control gaps.
“AI turns identity into a high-velocity system,” said Danny Brickman, CEO and Co-Founder of Oasis Security. “Every new agent, workflow, or integration can mint credentials and permissions in minutes. Too many organizations still govern that with spreadsheets and unsophisticated processes. That’s not an AI strategy–that’s an incident backlog.
“The fix is simple,” he continued. “Assign clear ownership, lock policy in writing, and automate the lifecycle before machine access scales beyond control.”
Oasis commissioned CSA to develop a survey and report to better understand the industry’s knowledge, attitudes, and opinions regarding NHI security and AI agents. Oasis financed the project and co-developed the questionnaire with CSA research analysts. The survey was conducted online by CSA in August and September 2025 and received 383 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.
Download the State of Non-human Identity and AI Security.
About Oasis Security
Oasis Security is the AI-powered identity security platform for the Agentic Access era. Backed by leading global investors including Sequoia Capital, Cyberstarts, and Accel, Oasis enables organizations to transcend legacy IAM tools and secure the growing ecosystem of AI agents and Non-Human Identities (NHIs). The Oasis platform provides unified visibility, intelligent automation, granular control, and streamlined lifecycle management across all agentic identities, helping enterprises confidently adopt, scale, and govern AI. By securing identity at the access layer, Oasis empowers organizations to embrace the speed of Agentic AI while maintaining trust, compliance, and control. Oasis Security was founded in 2022 by Danny Brickman and Amit Zimerman.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading not-for-profit organization committed to awareness, practical implementation, and credentialing of forward-looking cybersecurity topics, including AI, cloud, and Zero Trust. In an era where digital transformation drives business success, CSA stands as the global authority ensuring organizations can operate securely while harnessing cutting-edge technology. Through volunteer-driven research, globally-accepted standards, and award-winning vendor-neutral education programs that unite technical experts, industry practitioners, and varied associations, governments, chapters, and corporate members, CSA bridges the gap between innovation and pragmatic security execution. Visit CSA’s website to learn more.
Media Contact
Kristina Rundquist
ZAG Communications for the CSA
[email protected]
Share this content on your favorite social network today!
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.
We value your privacy. Our website uses analytics and advertising cookies to improve your browsing experience. Read our full Privacy Policy.
Analytics cookies, from Google Analytics and Microsoft Clarity help us analyze site usage to continuously improve our website.
Advertising cookies, enable Google to collect information to display content and ads tailored to your interests.
© 2009–2026 Cloud Security Alliance.
All rights reserved.
Monthly updates on all things CSA - research highlights, training, upcoming events, webinars, and recommended reading.
Monthly insights on new Zero Trust research, training, events, and happenings from CSA's Zero Trust Advancement Center.
Quarterly updates on key programs (STAR, CCM, and CAR), for users interested in trust and assurance.
Quarterly insights on new research releases, open peer reviews, and industry surveys.