Cybersecurity has reached a critical turning point, reshaped profoundly by the explosive integration of artificial intelligence and the surge in non-human identities within enterprises. Recently, my conversation with Itzik Alvas, CEO and Co-Founder of Entro Security, reinforced my conviction that organizations must fundamentally alter their strategies for managing and securing these emerging identities.
Itzik and I share a common professional lineage, both veterans of elite cybersecurity units, and entrepreneurs now confronting the unique challenges posed by AI-driven threats. Itzik’s extensive 17-year career spans roles at Microsoft and as Chief Information Security Officer at Maccabi Healthcare, providing him with firsthand insights into the real-world implications of these threats. Reflecting on his experiences, Itzik remarked, “At Microsoft, we faced repeated breaches through non-human identities. Existing solutions simply didn’t suffice.”
The scale and urgency of the problem are startling. Recent research by Gartner indicates that enterprises now manage an average of 92 non-human identities per employee—a figure that has doubled in just four years. Each non-human identity represents a significant vulnerability, especially given their often-high privileged access to critical infrastructure such as cloud services and databases.
One of the most vivid demonstrations of this threat was the notorious SolarWinds breach. As Itzik explained, “Attackers found an exposed non-human identity credential in Confluence, enabling them to manipulate development pipelines, inject malicious code, and compromise thousands of organizations globally.” This incident underscores a critical reality: without proper visibility and structured management, even a single exposed identity can trigger catastrophic outcomes.
In our discussion, Itzik emphasized visibility as the cornerstone of effective non-human identity management. Historically, developers created and distributed credentials ad hoc—embedding them in code or sharing them insecurely. Security teams lacked awareness about the scale and location of these credentials, severely undermining their ability to mitigate risks. “When security teams gain visibility, they gain control,” Itzik stated plainly.
At Entro Security, Itzik’s approach involves providing real-time inventory, clear context, and proactive protection for these identities. By associating each non-human identity with its human owner, permissions, and usage patterns, organizations achieve unprecedented oversight. This capability enables swift detection of abnormal behaviors and rapid, targeted interventions to prevent breaches.
Yet, the rapid evolution of AI further complicates the landscape. Autonomous AI agents now dynamically create identities, amplifying complexity exponentially. Itzik noted, “AI doesn’t just increase the number of identities—it makes their behavior more difficult to monitor. If an AI agent suddenly generates numerous credentials during unusual hours, immediate intervention is required.”
Ironically, while AI exacerbates security challenges, it also presents formidable solutions. Itzik highlighted this dual nature, asserting, “AI excels at processing massive amounts of data to detect anomalies in real-time.” This resonates with my experience at Clarity, where proactive, AI-driven defenses significantly enhance our ability to detect, prevent, and respond to threats.
The intersection of AI and cybersecurity demands urgent adaptation. Traditional reactive security measures are no longer sufficient in an environment where threats evolve rapidly and autonomously. Enterprises must proactively leverage AI-powered identity management solutions to navigate this increasingly complex security landscape.
We’re at a pivotal moment. Organizations slow to embrace AI-driven security solutions risk exposure to sophisticated, emerging threats. Those who proactively adopt visibility-driven and AI-enhanced identity management strategies will secure not just their data, but also their strategic competitive advantage.
As Itzik aptly summarized, “AI uniquely processes vast amounts of information to detect abnormal behaviors in real-time.” Organizations leveraging this capability effectively can transform cybersecurity from a defensive obligation into a strategic asset, fostering innovation and long-term growth.
The future has arrived—it’s intelligent, automated, and demands proactive cybersecurity. The time for decisive action is now.
Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.
