Non-Human Identity Risks: Permissions, AI Agents, and Hidden Access

Non-human identity risk is exploding; bots, service accounts, apps, automations, and AI agents that can outnumber humans by 45:1. In this Cyber Insurance News and Information podcast episode, Martin Hinton talks with Marshall Sorensen (Myriad360) about why permissions sprawl creates cyber insurance, third-party, and breach exposure, and what governance looks like in practice.In this episode, you’ll learn:What a non-human identity is and where it hidesWhy “Allow access” turns automation into riskHow attackers exploit tokens and over-permissioned toolsMonitoring, lifecycle control, and incident response basicsWhat insurers and insureds should ask for nextNon-human identities power modern business, but unmanaged permissions create invisible pathways into data, systems, and vendors. This conversation breaks down practical controls for inventory, least privilege, and monitoring to help teams reduce breach likelihood and improve insurability.Chapters00:00 Introduction to Non-Human Identities01:04 What Are Non-Human Identities?02:36 Encountering Non-Human Identities Daily04:14 Scale and Impact of Non-Human Identities07:44 Myriad360 and Identity Management12:00 Examples of Non-Human Identities in Use15:14 Permissions and Transition to Digital Identity23:53 Turnstiles and Permission Delegation27:33 Liability and Security Risks of Automation34:24 Managing Permissions and Access Control43:46 The Role of AI and Permissions57:28 Cyber Attacks Exploiting Non-Human Identities01:09:31 Monitoring and Incident Response01:16:23 Future Outlook and AI’s Role in Security01:20:01 Building a Security Culture01:20:52 Final Thoughts and Advice