AI, machines drive identity breaches as rates surge

Two industry studies from Sophos and Palo Alto Networks found 71% of organizations experienced at least one identity-related breach in 2025. In the UK, 83% of firms reported identity-related breaches. Machine identities now outnumber human ones by 100 to 1. AI agents and non-human credentials are increasingly accessing sensitive systems.

Sophos reported affected organizations averaged three identity incidents in 2025 and 5% reported six or more. Reported outcomes included data theft in 49% of incidents, ransomware in 48%, and financial theft in 47%. About two-thirds of ransomware attacks involved compromised or misused identities.

Sophos calculated ransomware recovery costs averaged $1.64 million, with a median of $750,000. Seventy-three percent of organizations hit by ransomware reported recovery costs of $250,000 or more.

The Sophos study identified a visibility gap. About one in four organizations continuously monitor for unusual login attempts, while more than half perform checks every three months or less. Around 14% of breached organizations reported they could not detect or stop their most serious identity attack before damage occurred. Organizations that said compliance requirements were difficult had an 82.4% breach rate, 14 percentage points higher than those reporting fewer compliance challenges.

Palo Alto Networks’ Identity Security Landscape Report 2026, covering the UK and EMEA, found 82% of organizations expect machine identities to grow over the next year and 90% expect a sharp increase in AI identities. The report said 34% of AI agents and 37% of machine identities currently have access to organizational data, which can include financial records and critical systems. Only 51% of UK organizations reported using behavioral monitoring for autonomous AI agents.

Respondents reported fragmented tooling as a problem. Eight in ten UK firms said disparate identity tools create blind spots and slow detection and response. The study found 74% of UK organizations suffered three or more identity-related breaches in the past 12 months, and a 91% breach rate across EMEA.

Ross McKerchar, chief information security officer at Sophos, warned, “AI agents are being granted privileges faster than security teams can track them, and organizations that fail to get ahead of this will find it an increasingly costly gap to close.” Rich Turner, senior vice president for EMEA at Palo Alto Networks, urged firms to adopt automation and unified governance to manage growing identity complexity.

Both reports recommend tighter controls on machine and AI identities, more continuous monitoring of access attempts, behavioral analysis for autonomous agents, and consolidation or integration of identity tools to reduce blind spots. The studies provide incident rates and cost figures that quantify the trend.