The rapidly evolving threat landscape of 2026 has revealed a frustrating paradox for CISOs and security leaders. The bottom line is that even as identity programs mature, the risks are actually increasing.
Hundreds of applications within a typical enterprise remain disconnected from central identity systems, according to new research from the Ponemon Institute. These “dark matter” applications operate outside the reach of standard governance, creating a large, unmanaged attack surface that is actively exploited by human threat actors as well as autonomous AI agents.
The invisible threat: disconnected apps and AI amplification
Modern enterprises are investing heavily in IAM and Zero Trust, but the “last mile” of identity – legacy apps, localized accounts, and siled SaaS – remains a stubborn blind spot.
The entry of AI into the workforce has transformed this gap from a compliance headache to a critical vulnerability. As organizations deploy AI co-pilots and autonomous agents to increase productivity, these agents often require access to the systems themselves outside of central management.
result? AI agents are inadvertently amplifying the risk of credentials, reusing old tokens, and navigating the path of least resistance that security teams don’t recognize.
Attend the 2026 Identity Maturity Briefing
To help security leaders navigate this “trust gap,” The Hacker News is hosting an exclusive webinar featuring Mike Fitzpatrick (Ponemon Institute) and Matt Chiodi (CSO, Cerby).
We analyze the latest research from over 600 IT and security leaders to provide a tactical roadmap for closing the identity gaps that lead to audit friction and stall digital initiatives.
In this session you will learn:
Exclusive benchmarking data for 2026: See how your identity maturity compares to your peers. Elements of “Shadow AI”: Understand how AI agents are expanding disconnected surface areas. The cost of manual management: Why relying on manual password and credential fixes is a failing strategy in 2026. Practical remediation steps: Learn exactly what leading organizations are currently doing to take back control of all their applications.
Why you should join
If you’re leading an identity, security, or compliance strategy, “more of the same” is no longer an option. This conversation is designed to move beyond theoretical maturity to operational management.
Reserve your space today and get the data-driven insights you need to protect your organization’s most fragmented and most targeted asset: its identity.
Register for the webinar: Maturing your identity under pressure →
Source link
