If your organization is experimenting with AI agents, copilots, or AI services accessed via API, you’ve probably created more identities than you intended. These non-human identities (service accounts and their associated API keys, tokens, etc.) keep modern systems talking to each other.
CSA’s new survey report, commissioned by Oasis Security, shows that token sprawl and inadequate rotation of identities have created a persistent blast radius. When AI workflows can create and use credentials at high velocity, “we’ll rotate it later” becomes the identity security equivalent of “we’ll fix it in prod.” Below, learn more about growing non-human identity (NHI) trends and the practical actions you can take to shrink token sprawl.
Token sprawl is the uncontrolled growth of API keys, tokens, service accounts, and other machine credentials across cloud environments, CI/CD pipelines, SaaS tools, and AI tools.
A few results from the survey put numbers to what many teams already feel:
But without reliable tracking, timely rotation, or automated revocation, tokens can remain valid long after the systems or agents that created them have been disabled. In other words, the agent might be gone, the pilot project might be over, but the credential is still alive. Attackers love these quiet access points that persist across environments.
Traditional NHI sprawl is already hard. AI adds accelerants that turn a bad situation into a scale problem.
AI increases the speed and volume of identity creation, widening the operational attack surface. If your environment already struggles to consistently inventory and govern service accounts and tokens, AI workloads can multiply that pressure quickly.
Untracked credentials can persist undetected, often linked to ephemeral projects or integrations that never receive ongoing review. This is especially relevant to AI rollouts, which frequently begin as pilots, proofs of concept, or “temporary” toolchains, and then quietly become business-critical.
Confidence in legacy IAM keeping up is low. Only 8% expressed high confidence that legacy IAM can manage AI/NHI risks. Nearly half were only “somewhat confident” in legacy IAM's abilities. That mismatch appears downstream as manual steps, disconnected workflows, and slow remediation once a credential leaks.
The survey report highlights that many organizations are also slow to start responding in the first place. Nearly one-quarter take more than a day to rotate/revoke after potential exposure. Almost one-third take more than a day to triage a high-severity credential leak. In high-velocity AI environments, those delays dramatically extend the exposure window and increase the likelihood of lateral movement.
This aligns with broader security principles: secrets are everywhere, people mishandle them, and they need disciplined lifecycle management.
A “persistent blast radius” is what happens when you combine:
The blast radius becomes “persistent” because the credentials outlive their original contexts. They become quiet access points that persist across environments and often escape detection.
You won't solve this problem with one-off cleanups. Here are five practical steps:
Every new integration, model, or workflow introduces additional credentials and permissions, expanding the attack surface. Secrets are created faster than they’re governed, tracked, rotated, or retired. The solution is to:
For a deeper survey breakdown and the full context behind these findings, download The State of Non-Human Identity and AI Security survey report.
(And if your current credential rotation plan is “next sprint,” now is an excellent time to introduce the team to the concept of “today.”)
Share this content on your favorite social network today!
Monthly updates on all things CSA - research highlights, training, upcoming events, webinars, and recommended reading.
Monthly insights on new AI research, training, events, and happenings from CSA’s AI Safety Initiative.
Monthly insights on new Zero Trust research, training, events, and happenings from CSA's Zero Trust Advancement Center.
Quarterly updates on key programs (STAR, CCM, and CAR), for users interested in trust and assurance.
Quarterly insights on new research releases, open peer reviews, and industry surveys.
Subscribe to our newsletter for the latest expert trends and updates
We value your privacy. Our website uses analytics and advertising cookies to improve your browsing experience. Read our full Privacy Policy.
Analytics cookies, from Google Analytics and Microsoft Clarity help us analyze site usage to continuously improve our website.
Advertising cookies, enable Google to collect information to display content and ads tailored to your interests.
© 2009–2026 Cloud Security Alliance.
All rights reserved.
