Workload Identity Exposes Vulnerabilities in AI Agents

Part 2 of a workload security series warns that enterprise identity systems are unprepared for the surge in machine identities and autonomous AI agents, citing Rubrik Zero Labs’ 82-to-1 machine-to-human ratio and Cloud Security Alliance findings on API key misuse. It details how shared workload identities and weak delegation models increase attack surfaces and urges per-agent cryptographic identities.
Key Points
- 1States machine identities outnumber human identities 82-to-1, driving credential proliferation and theft
- 2Shows 44% of AI agents use static API keys, limiting traceability and increasing exploitation risk
- 3Recommends per-agent cryptographic identities and delegation controls to make alerts attributable and responses actionable
Scoring Rationale
Highlights widespread enterprise identity gaps for AI agents and practical directions, but lacks concrete, standardized delegation implementations.
Sources
Public references used for this report.
Practice with real Ad Tech data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Ad Tech problems

