A new report from Rubrik Zero Labs reveals a sharp escalation in identity-driven cyber threats, driven largely by the rapid adoption of AI agents across enterprise environments. With non-human identities (NHIs) now outnumbering human users by an estimated 82 to 1, the research warns that traditional identity and access management (IAM) tools are no longer sufficient to protect critical systems.
The study, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, surveys 1,625 global IT security leaders and highlights a widening gap between identity attack surfaces and organisations’ ability to recover after compromise. In India, where hybrid and multi-cloud environments are heavily reliant on multiple identity providers, the urgency is even more pronounced.
Identity Attacks Are Rising Faster Than Recovery Capabilities
According to Rubrik’s findings, 82% of Indian organisations expect to replace their current IAM systems within 12 months — driven primarily by security concerns, operational complexity, and limited recovery assurance. Another 90% plan to hire specialised identity security professionals, indicating that identity resilience has become a top-tier priority for CIOs and CISOs.
The report highlights a troubling drop in confidence around recovery timelines:
Only 32% of Indian respondents believe they can fully recover from an identity-driven cyber incident within 12 hours.
34% expect recovery to take more than two days.
79% experienced ransomware in the past year, and 91% admitted to paying to regain access.
Rubrik analysts say this demonstrates a fundamental shift: attackers are no longer “breaking in” — they are simply logging in with compromised or misused credentials.
AI Agents Are Expanding the Identity Attack Surface
As enterprises embed AI agents into workflows — for automation, analysis, DevOps, and internal operations — the number of non-human identities (API keys, service accounts, automated agents) is exploding. Rubrik found that:
86% of organisations have already integrated AI agents into identity infrastructure.
Over 56% of security leaders expect at least 30% of future attacks to involve agentic AI.
NHIs are now the fastest-growing identity category across enterprise systems.
Rubrik warns that most companies lack proper visibility into these identities — many of which can access sensitive datasets, run automated actions, or modify infrastructure without human oversight.
Andrew Albrech, CISO at Domino’s, summarises the challenge bluntly:
“You can invest in all the tech you want. If someone socially engineers support staff for admin credentials, that’s game over.”
A New Model for Identity Resilience
Rubrik stresses that prevention alone is no longer enough. Enterprises need a layered approach that ensures rapid recovery of identity infrastructure when — not if — a breach occurs. Key pillars include:
Independent backups of identity systems separate from production
Rapid restore options for Active Directory, cloud IdPs, and SaaS identity providers
Hardening of NHI and agent-driven identities with lifecycle governance
Zero-trust verification for human and machine identities
Continuous monitoring to detect anomalous credential use
Globally, 89% of respondents cited identity attacks as their top security concern, reflecting a steady shift in attacker behaviour toward credential harvesting, session hijacking, and privilege escalation.
Kavitha Mariappan, Chief Transformation Officer at Rubrik, calls it an urgent wake-up call:
“We have an under-the-radar crisis. A single compromised credential can grant full access to an organisation’s most sensitive data. Attackers aren’t breaching networks — they’re logging in.”
India’s Hybrid Environments Make Identity Even More Critical
Indian enterprises operate some of the world’s most complex identity stacks — spanning Active Directory, multiple cloud IdPs, SaaS applications, and thousands of NHIs. This complexity creates numerous failure points and makes coordinated recovery even harder.
Ashish Gupta, Managing Director & Head of Engineering, Rubrik India, said the stakes are rising quickly:
“Identity systems and data are now the two most targeted assets in India. True resilience means ensuring rapid protection and recovery of both.”
