Entro Reports 44% Increase in Machine Identities — Nearly Half of Secret Exposures Occur Outside Code
BOSTON, July 22, 2025 (GLOBE NEWSWIRE) -- Entro Security, the pioneer in Non-Human Identity (NHI) and Secrets Security, today released its H1 2025 NHI & Secrets Risk Report, revealing a sharp rise in unmanaged machine identities and widespread credential exposure across modern enterprise environments. Compiled by Entro Labs, the company’s research team, the report analyzes over 27 million NHIs and hundreds of thousands of real-world secrets exposures across Fortune 500 and global enterprises.
The report shows that non-human identities continue to outpace human accounts, with the NHI-to-human ratio growing over 56% in just one year – with the average growing from 92:1 to 144:1. As the number of NHIs skyrockets, driven by AI agents, automation, and CI/CD pipelines, so does the blast radius of leaked secrets, many of which are found in places security teams aren’t even scanning.
“An identity gap of 144:1 isn’t just a stat—it’s a seismic shift in how risk scales across modern environments,” said Itzik Alvas, CEO and Co-Founder of Entro Security. “Agentic AI and automation are fueling a machine identity explosion, but most of these NHIs are invisible, ungoverned, and overprivileged. You can’t secure what you can’t see, and attackers know it.”
Report Highlights:
- 44% growth in NHIs YoY. Entro Labs attributes this growth to the adoption of agentic AI and automation-first development practices.
- Nearly half of all exposed secrets are found outside of code in workflows, messaging app channels, and other collaboration tools like Confluence.
- The #1 most exposed secret type are tied to Slack bots which are often wired into security systems, alerting tools and internal workflows; making Slack tokens easy to generate and just as easy to expose.
- 7.5% of NHIs live 5–10 years, with some exceeding a decade. These identities often outlive their intended function and their human owners.
- 1 in 20 AWS machine identities carry full-admin privileges making them critical risk multipliers.
-
8.7% of NHIs are overprivileged and idle, meaning they have access and permissions to services and actions that they rarely or never interact with.
Entro’s NHIDR™ (NHI Detection and Response) engine flagged the top NHI behavioral anomalies across customer environments, including tokens accessed from restricted IPs, humans manually fetching secrets from vaults, and long-dormant identities suddenly becoming active again, often the first signs of compromise.
“Security teams have made big strides in securing source code, but secrets are leaking from everywhere else in the SDLC,” said Alvas. “Our research shines a light on the hidden surfaces attackers are exploiting, from CI/CD logs to messaging apps, and gives CISOs the data they need to defend against a new class of identity threats.” With Black Hat USA just a couple of weeks away, the conversation around non-human identities is no longer a “nice to have” but a necessity. For additional insights and actionable takeaways from the report, read our blog post here.
About Entro Security
A pioneer and leader in the non-human identity space, Entro Security provides an NHI and Secrets Security platform designed for security teams. Entro secures and manages the lifecycle of NHIs and secrets, enabling organizations to securely utilize NHIs from inception to rotation.
The platform integrates seamlessly within an organization's existing vaults, secret creation and exposure locations, and offers unique Non-Human Identity Detection and Response (NHIDR™) capabilities. Entro has received numerous industry recognitions, including Gartner Cool Vendor, Venafi’s Most Promising Machine Identity Startup, and 2025 Globee Awards Winner for Cybersecurity Startup of the Year. For more information, visit entro.security.
Media Contact:
Nirit Icekson
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
