Netwrix warns identity will anchor future AI security
Netwrix has published a new security outlook that argues identity systems will sit at the centre of data protection as organisations expand automation and adopt agentic AI.
The company's Security Research Lab said adversaries will scale identity attacks and shift attention from stolen credentials to weaknesses in identity orchestration, federation trust and automated workflows. It said misconfigured identity automation already creates direct exposure paths into sensitive data stores and will shape incident patterns over the next several years.
The outlook sets out themes it expects to reshape cybersecurity between 2026 and 2029. It places identity automation, AI-driven access and cyber insurance requirements at the core of a tightening relationship between identity security and data security.
Identity workflows
Netwrix expects broader use of workflow orchestration and automation for provisioning, token validation and privilege management. The lab said these workflows now determine who and what can access sensitive data. It said failures in automation translate into data exposure risk.
The lab also said attackers increasingly target the systems that coordinate identity and access decisions. It pointed to identity orchestration and federation trust as areas where configuration errors and weak governance can create persistent access paths.
Netwrix said organisations need unified visibility across identity and data security. It linked that visibility with identifying misconfigurations, reducing blind spots and improving response times when automated workflows behave unexpectedly.
Agentic AI
The outlook also covers identity use by autonomous or semi-autonomous AI systems. Netwrix said AI agents rely on identities when they access, move and act on data.
The lab said organisations need to understand which identities AI agents use, what data those identities can reach and under whose authority agents operate. It said gaps in identity governance and data controls can amplify exposure when AI-driven automation runs continuously and at scale.
Netwrix also downplayed the near-term likelihood of fully autonomous AI-driven cyberattacks becoming a dominant threat. It said effective autonomous attack campaigns in enterprise environments remain complex, costly and unpredictable. It cited factors such as unreliable feedback, operational risk and high infrastructure costs.
The lab said attackers will continue to use AI to speed up established methods. It highlighted reconnaissance, impersonation, access abuse and workflow execution. It said the challenge for defenders centres on resilience against AI-accelerated attacks and on denying the conditions that automation depends on, including broad access and durable reward.
Insurance signals
Netwrix also expects cyber insurance to push more organisations towards demonstrable identity and data controls. It said insurers increasingly move away from periodic questionnaires and towards continuous validation of security controls.
The outlook said insurers are expected to rely on telemetry that shows how identities access sensitive data in real time. It said organisations that can demonstrate alignment between identity governance and data protection may see improved terms. It said those without visibility will face increased scrutiny.
2027 changes
Looking beyond 2026, the lab described a trend of AI-driven convergence across identity systems and data sources that organisations have historically managed separately. It said AI agents increasingly connect these environments and operate across multiple systems when executing defined workflows.
Netwrix said governance models need to react as access conditions and data sensitivity shift within those workflows. It said continuous validation of identity context, access privileges and policy alignment becomes more important than static controls that sit in separate silos.
The outlook also points to the idea of data carrying more built-in protection as it moves across systems. Netwrix said expectations are rising for encryption, provenance and access policy to travel with data. It said provenance can provide context on where data originated, how it has been used and which identities or systems interacted with it.
The lab warned about inconsistent implementation. It said fragmentation can create blind spots and increase management burden. It also said identity context, standardised metadata and consistent policy enforcement influence how well these approaches work at scale.
Vendor risk
For 2028 and 2029, Netwrix highlighted risks from shifting levels of trust and stability in AI supply chains. It warned that economic pressure could reduce investment in governance and oversight. It said unmanaged models and undocumented drift could create compliance gaps.
It also flagged the risk of instability among AI vendors. Netwrix said reliance on a growing number of emerging providers can make it harder for enterprises to track where data lives and who controls it. It said prompts, training data, models and outputs can sit outside the enterprise. It said retrieval, governance and discovery may become harder if a provider can no longer operate as expected.
The lab said the issue may become more acute as AI vendors face acquisition, restructuring or closure. It said organisations need clear data ownership, identity controls and exit planning. It linked failures in those areas with broader compliance, security and business continuity risks.
Netwrix said its forecasts reflect research into identity attacks and data exposure paths observed by its researchers.
"The threat landscape isn't only expanding because attackers suddenly have better tools," said Dirk Schrader, Vice President of Security Research at Netwrix. "It's also expanding because identity security, data security, and automation are becoming inseparable. Our research team sees firsthand how misconfigurations and automated workflows create real exposure. Organisations that succeed will be the ones that govern identity and data security together and treat automation as something to be continuously validated, not blindly trusted."