Artificial intelligence (AI) agents and machine identities are rapidly overwhelming traditional cybersecurity systems, with organizations now managing 109 machine identities for every human identity, according to the 2026 Identity Security Landscape report commissioned by Palo Alto Networks. The report warned that AI-powered systems, service accounts, certificates, and machine credentials are expanding faster than organizations can govern them, creating what researchers described as a “speed gap” between cyber threats and security response.
The study, based on responses from 2,930 cybersecurity decision-makers worldwide, found that 90 percent of organizations suffered at least one identity-related breach over the past year, while 83 percent experienced at least two such incidents. Researchers said AI-enabled attacks, deepfakes, synthetic identities, and machine identity sprawl are now among the biggest cybersecurity concerns heading into 2026. “The old operating model that relies on human-centered identity architectures and static access tools is becoming administrative fiction,” said Amy Blackshaw, senior vice president for identity security at Palo Alto Networks.
The report also highlighted growing operational strain as organizations struggle to manage certificates, tokens and privileged access across fragmented systems. Researchers said 97 percent of respondents reported delays in responding to identity-related incidents because of fragmented security tools, adding an average of 12 hours to investigations. Meanwhile, AI agents are expected to grow by 85 percent over the next 12 months, further increasing pressure on enterprises to automate identity security controls and adopt real-time monitoring systems.
