BeyondTrust Research Exposes Hidden Privilege Threats: Secrets Are the New Identity Crisis Awaiting Agent
New data from Identity Security Risk Assessments reveals critical blind spots in non-human identity posture BeyondTrust’s latest solution brings secrets into full view, just as Agentic AI spins up at scale
Posted: Tuesday, Aug 05
  • KBI.Media
  • $
  • BeyondTrust Research Exposes Hidden Privilege Threats: Secrets Are the New Identity Crisis Awaiting Agent
BeyondTrust Research Exposes Hidden Privilege Threats: Secrets Are the New Identity Crisis Awaiting Agent

Las Vegas, NV – August 4, 2025 –  BeyondTrust, the global leader in identity security protecting Paths to Privilege™, today announced the expansion of its Identity Security Insights™ solution to include Secrets Insights, a new capability designed to illuminate and secure the hidden attack surfaces created by secrets and non-human identities.

As Agentic AI systems begin to autonomously interact with infrastructure, make decisions, and even provision access themselves, the hidden risks posed by unmanaged secrets and non-human identities become exponentially more dangerous.

This launch comes on the completion of the initial class of Identity Security Risk Assessment engagements conducted across a wide range of industries and company sizes. The results are eye-opening:

  • Dormant service accounts with privilege were found in over 70% of environments
  • Overly permissive Entra Service Principals create direct pathways to Global Admin privileges, exposing entire Microsoft 365 environments to potential takeover
  • Credentials reused across multiple service accounts by human admins, enabling a single compromised password to compromise numerous non-human accounts
  • Low-privileged users can escalate to administrative access across Active Directory, Entra, AWS, Okta, and GitHub through hidden privilege escalation paths built on configuration oversights, federation, synchronization
  • AD Service accounts bridge on-premises and cloud environments with Active Directory accounts holding privileged Entra roles, creating cross-platform attack vectors
  • Ineffective GitHub repository access management, leading to uncontrolled secret access and unauthorized access to sensitive code, often accessible through personal Github accounts

“These identity infrastructure issues aren’t just misconfigurations, they’re invitations,” said Marc Maiffret, Chief Technology Officer at BeyondTrust. “Our Identity Security Risk Assessment data shows that many organisations lack the complete story when it comes to their identity attack surface. For many, overlooked hygiene issues silently open the door to attackers. And with the rise of Agentic AI, the stakes have never been higher, especially as most organisations lack visibility into how compromised accounts can be leveraged to seize control of application secrets, which often carry elevated privileges.”

The new Secrets Insights capability builds on the success of BeyondTrust’s Identity Security Insights platform, which already provides deep visibility into Active Directory, Entra ID, AWS, Azure, Google Cloud Platform, Okta, and Ping Identity, and GitHub. Now, organisations can extend that same level of insight to secrets, such as API keys, service account credentials, tokens, and more, across hybrid and multi-cloud environments and their vaults.

Key Benefits of Secrets Visibility

  • Discovery of unmanaged secrets across cloud and on-prem environments
  • Discovery of users with direct and indirect access to secrets
  • Risk scoring and prioritisation based on exposure and privilege level
  • Integration with BeyondTrust Password Safe for automated remediation

“As organisations embrace automation and Agentic AI, securing the invisible layers of access – secrets, tokens, and service identities – will define the next frontier of identity security”, said Maiffret.

Secrets Insights will be available later this year.

BeyondTrust continues to offer complimentary Identity Security Risk Assessments, often completed in less than 48 hours, to qualified organisations, helping them uncover hidden privilege and secrets risks and chart a path toward Zero Standing Privilege (ZSP) and Just-in-Time (JIT) access.

To learn more or schedule an Identity Security Risk Assessment, visit:  https://www.beyondtrust.com/products/identity-security-insights/assessment

About BeyondTrust

BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organisations with the most effective solution to manage the entire identity attack surface and neutralise threats, whether from external attacks or insiders.

BeyondTrust is leading the charge in transforming identity security to prevent breaches and limit the blast radius of attacks, while creating a superior customer experience and operational efficiencies. We are trusted by 20,000 customers, including 75 of the Fortune 100, and our global ecosystem of partners.

Learn more at www.beyondtrust.com.

Follow BeyondTrust

X: https://twitter.com/beyondtrust
Blog: https://www.beyondtrust.com/blog
LinkedIn: https://www.linkedin.com/company/beyondtrust 
Facebook: https://www.facebook.com/beyondtrust

Share This