Semperis, a company focused on identity-driven cyber resilience, recently published findings from a global study of 1,100 organisations examining the impact of artificial intelligence (AI) on vulnerabilities in identity systems such as Active Directory and Okta.
The research indicates that AI is changing the scope of identity-related attack surfaces. At the same time, organisations are increasingly integrating AI agents into critical systems, in some cases without fully established safeguards for managing these new types of digital identities.
The study, conducted across countries including the U.K., U.S., France, and Germany, reports that 74% of organisations expect AI to increase attacks on identity infrastructure. It also finds that 93% have already adopted AI agents for security-related tasks such as password management, while many are still working through how to manage non-human identities effectively.
In addition, 65% of organisations state that AI identities are formally registered and authorised, while some report not consistently completing this process. Among organisations that track AI identities, 57% use the same systems as those used for human identities, while others use separate systems.
More than a quarter of respondents report that AI agents are used to handle sensitive security tasks, such as VPN access requests. The study also highlights ongoing concerns about organisational readiness for AI-related security incidents involving identity infrastructure.
Finally, 83% of respondents indicate plans to prioritise AI identity governance in the near term, reflecting increased attention to governance and control of AI-related identities.
