A majority (69%) of security leaders agree that identity management needs to evolve in order to handle mounting risks in AI infrastructure deployments, according to a new report from Teleport.<\/p>\n
The security vendor polled over 200 US infrastructure security leaders to compile its latest report: 2026 State of AI in Enterprise Infrastructure Security.<\/em><\/p>\n It defined “AI in infrastructure” as AI-powered workloads, agentic systems, machine-to-machine communication, ChatOps, compliance automation, and incident detection.<\/p>\n The report found that while most respondents are seeing benefits from deploying AI in these use cases, such as improving incident investigation time (66%), documentation quality (71%) and engineering output (65%), a majority (85%) are also worried about the risks.<\/p>\n This is based on real experience rather than hypothetical concerns: a third (35%) confirmed at least one AI-related incident and a further 24% suspect one may have occurred.<\/p>\n A major cause of risk highlighted in the report is identity related. Nearly three-quarters (70%) of respondents said their AI systems have more access rights than a human in the same role would get.<\/p>\n A fifth (19%) said they get “significantly more.”<\/p>\n It is this access which appears to be a predictor of trouble. Organizations with over-privileged AI have a 76% incident rate, whereas those with least-privilege controls put the figure at 17%. It means that those without least-privilege controls are around 4.5 times more likely to encounter security issues.<\/p>\n “This is the single most predictive factor for AI-related incidents that we found – more predictive than the industry, maturity level, or stated confidence,” the report noted.<\/p>\n Teleport claimed that static credentials like passwords, API keys, and long-lived tokens are to blame for the over-privileging of AI systems. Incident rates for organizations with a high reliance on static credentials stood at 67%, versus 47% for those with a low reliance.<\/p>\n Teleport CEO, Ev Kontsevoy, explained that the growing complexity of IT infrastructure is putting increasing pressure on identity management.<\/p>\n “Most organizations have more groups and roles than employees, for example. And deploying non-deterministically behaving agents on top of this mess comes with unpleasant consequences,” he added. “The data is clear. It’s not the AI that’s unsafe. It’s the access we’re giving it.”<\/p>\n Unfortunately, few organizations seem to be prepared to improve the situation. A majority said they either had no "formal" governance controls in place (43%) or none at all (21%).<\/p>\n To get back on the front foot against AI risk, Teleport recommended <\/a>organizations to:<\/p>\nThe Problem with AI and Identity<\/strong><\/h2>\n
Time to Improve<\/strong><\/h2>\n
\n