An analysis of millions of real-world NHI secrets by Entro Security Labs reveals widespread, significant risks, underscoring the need for improved Privacy Management security practices.
Entro Security, pioneer of the award-winning Non-Human Identity (NHI) and Secrets Management platform, today released its research report, “The State of Non-Human Identity and Secrets in Cybersecurity 2025.” Entro Security Lab found that 97% of NHIs with excessive privileges increase unauthorized access and widen the attack surface, and 92% of organizations expose NHIs to third parties, leading to unauthorized access if third-party security measures do not match the organization. standards. Surprisingly, 44% of tokens are exposed in the wild, posted or stored in platforms like Teams, Jira tickets, Confluence pages, commit codes and more. Such actions put sensitive information at greater risk of interception and disclosure—the root of all privacy and non-personal identity violations.
Entro Security Labs’ research reveals alarming trends in the management of both individuals and NHIs, with significant inefficiencies and risks prevalent in all organizations. Key findings include:
- For each person’s identity, there are an average of 92 non-humans. The sheer number of non-human identities increases the complexity of identity management and the potential for security vulnerabilities
- 91% of former employee tokens remain active, leaving organizations vulnerable to potential security breaches
- 50% of organizations are onboarding new vaults without proper security clearance which can introduce vulnerabilities and vulnerabilities from the start.
- 73% of vaults are poorly maintained, leading to unauthorized access and exposure of sensitive data and compromised systems.
- 60 percent of NHI is overutilized, and the same NHI is used by more than one system, increasing the risk of a single point of failure and widespread failure if exposed.
- 62 percent of all secrets are duplicated and stored in multiple locations, causing unnecessary waste and increasing the risk of accidental exposure.
- 71% of non-human assets are not rotated within recommended intervals, increasing the risk of deterioration over time.
Additional findings are discussed in the report and highlight the critical need for organizations to re-evaluate their NHIs and privacy management practices.
The data from this report was collected using a mixed method, combining quantitative data analysis with qualitative data obtained from industry observations. The quantitative component focuses on statistical analysis of security incidents and vulnerabilities, while the qualitative component provides context and interpretation of these findings within the broader area of cyber security. Data sources include proprietary data from Entro’s cybersecurity infrastructure, secondary data from publicly available industry reports and survey data from IT and security professionals.
Entro’s full research report on non-human ownership is available on their website.
To learn more or schedule a demo, please visit
About Entro Security
An award-winning pioneering platform, Entro Security provides Non-Human Identity lifecycle management, Privacy Protection and Non-Human Identity Discovery and Response. Unlike traditional methods that continuously scan for exposed secrets, Entro seamlessly integrates within an organization’s existing vaults, creating private and exposed environments, providing a single pane of glass to securely deploy and manage impersonal identities and secrets at scale. Headquartered in Boston and backed by top cybersecurity VCs, Entro was named a Cool Vendor by Gartner, Venafi’s Most Promising Machine Identity startup and Won the 2023 Globee Awards for Startup Success of the Year. For more information, please visit
Contact person
Senior Account Manager
Hannah Sather
Montner Tech PR
Source link