The rapid adoption of artificial intelligence is transforming enterprises from the ground up, compelling organizations to fundamentally rethink who—or what—they entrust with their most sensitive assets. As CEO of Clarity, a cybersecurity startup deeply engaged in AI-driven threats, I’ve witnessed firsthand the seismic shifts AI brings to organizational security. A recent conversation with Alon Jackson, CEO and Co-Founder of Astrix Security, reinforced my perspective on the emerging urgency of managing Non-Human Identities (NHIs).
Alon and I share similar paths: both veterans of Israel’s elite cybersecurity units and both leading startups in the increasingly intertwined fields of AI and cybersecurity. Through our shared experiences, I’ve come to appreciate the unique challenges posed by non-human entities—apps, bots, microservices, and autonomous AI agents—that operate alongside human teams. These virtual employees, as Alon insightfully pointed out, are quickly becoming the backbone of enterprise operations. “Soon, organizations will have more virtual employees than human ones,” he observed, highlighting their inherent advantages such as continuous operation, reduced error rates, and cost-effectiveness.
Yet, the explosive growth of NHIs brings forth critical vulnerabilities. Unlike human employees, virtual agents don’t possess traditional identity markers—no biometric identifiers, no passports, no inherent accountability. Gartner’s recent reports underscore the issue, indicating non-human identities are proliferating at three times the rate of human identities within organizations. Alarmingly, most enterprises still lack structured methods to securely manage them. Alon framed this succinctly: “Access control is cybersecurity 101. And yet, there’s been a massive blind spot when it comes to Non-Human Identities.”
This isn’t merely theoretical. At Clarity, we’ve observed how the accelerated adoption of AI has magnified this complexity, creating unprecedented security risks. Non-human entities often wield substantial access privileges to critical enterprise systems yet remain under-monitored or entirely overlooked.
When Alon launched Astrix Security, the initial focus was labeled “Integration Access Management”—a term he humorously admits was “terrible” yet reflected a crucial transition from user-centric security toward managing automated interactions between applications. This vision evolved significantly as AI entered mainstream enterprise adoption, positioning Astrix as a leader in the rapidly emerging field of Non-Human Identity management. Astrix’s work highlights a profound shift in enterprise security: from app-to-app interactions towards complex agent-to-agent networks that permeate all levels of business operations.
“Applications that aren’t agentic or AI-enabled will soon become ‘stupid software,'” Alon noted. Yet, these intelligent systems, despite their impressive benefits, introduce complexities we’ve never managed before. He describes it as a “lifecycle challenge”: managing ownership, onboarding, and offboarding of AI agents with the same rigor traditionally applied to human employees.
The inherent issue of accountability remains central. Echoing a prescient IBM insight from half a century ago, Alon reminded me that computers cannot bear responsibility; human oversight is essential even in an AI-dominated landscape. Organizations that fail to grasp this nuance risk not only their security posture but their competitive edge.
Creating and leading a category like Non-Human Identity management has been an exercise in both patience and strategic communication. Astrix didn’t just launch a product—it educated an entire market on the necessity of securing non-human identities. Alon admits it was challenging: “We spent months educating the market on what Non-Human Identity even meant. Eventually, the market recognized both the concept and its necessity.”
From my own experience at Clarity, developing awareness around AI-driven social engineering threats and deepfake detection, I empathize deeply with this journey. There are no shortcuts to market education, but the resulting clarity and momentum can be transformative. Astrix, having pioneered its category, enjoys the advantages—and challenges—of early leadership.
We’re at the dawn of what Alon aptly terms the “Agentic Era.” Non-human identities are no longer a distant technological novelty—they’re here, reshaping our enterprises and redefining cybersecurity strategy. Companies at the forefront will be those that understand Non-Human Identity management not as a niche IT issue but as a strategic board-level imperative.
As Alon concluded, and I firmly believe, organizations embracing AI must redefine their frameworks of trust, extending beyond human identities. Those unprepared for this evolution risk lagging not only in security but also in innovation.
The Agentic Era demands new rules, new tools, and new thinking. Are we ready?
Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.
