Legacy tools and unchecked Artificial Intelligence (AI) adoption are widening security gaps that attackers exploit as identity ecosystems expand to include humans and a growing number of Non-Human Identities (NHIs).
This is according to a report from Keeper Security, which is based on a survey of 3,200 cybersecurity decision-makers and senior IT leaders across the Asia-Pacific, United States, Europe and the Middle East.
Keeper Securities said APAC respondents reflect some of the strongest signals in the study, with higher-than-average concern across identity sprawl, AI-related risk and integration gaps.
The study found that identity sprawl is an acute challenge across APAC. Nearly all (94%) APAC senior IT leaders report that managing the growing identity footprint is challenging, which is above the global figure of 89%.
About a third (32%) describe the threat landscape as “much more challenging” than 12 months ago – the highest rate of any region surveyed and significantly above the global average of 23%.
Also, control is fragmented, not consolidated. Identity authority is often distributed across systems, with no single cybersecurity control plane. Globally, 96% cited disconnected or poorly integrated security tools as creating exploitable gaps.
Further, detection of unauthorized activity is lagging. In 72% of organizations globally, credential misuse is not detected in real time.
Across APAC, 22% of organisations report taking days or longer to detect credential misuse or unauthorised privileged access, representing a significant window of exposure. Only 28% detect within minutes and a further 48% detect within hours.
In addition, as AI adoption accelerates, new governance gaps emerge. AI is multiplying NHIs. Just over half (53%) of APAC respondents identify AI-related NHI management and security as a top identity governance gap – 10 percentage points above the global figure of 43%. AI agents, service accounts and automated workflows are proliferating faster than governance frameworks can keep pace.
Employee AI use is a top concern. Over half (56%) of respondents are concerned about employees inadvertently exposing sensitive information to AI systems.
That figure rises to 62% among APAC respondents, who also report higher-than-average concern about lack of visibility into employee AI tool usage (47% vs. 42% globally).
Shadow AI creates blind spots. A lack of visibility into the AI tools employees use was identified as a significant governance gap by 42% of organizations.
APAC respondents demonstrate strong investment intent with 50% planning to prioritise AI security tools in the next 12 months. 38% plan investment in Identity Threat Detection and Response (ITDR) and 34% are prioritising PAM, both above the respective global averages.
At the same time, 78% describe managing enterprise secrets and machine identities as challenging, underscoring the urgency behind this investment pipeline.
“AI agents, service accounts and machine identities radically outnumber human users in many environments. Most organizations lack the capabilities in their current identity security stack to govern them. Every unmanaged identity is a prime target for attackers,” said Darren Guccione, CEO and co-founder of Keeper Security.
“Given the accelerated proliferation of AI and machine identities within enterprise infrastructure, the implementation of pervasive identity governance with real-time detection and least-privilege enforcement is essential,” Guccione added.
Takanori Nishiyama, Keeper Security SVP in APAC, said that the data from APAC clearly shows that organisations across the region are managing more identities, in more environments, with more AI involvement – and the gap between what they govern and what they cannot see is growing.
“AI-related NHI risk is felt more sharply here than anywhere else in this study. Closing that gap requires a unified identity security platform that treats every AI agent, service account and machine identity as a governed, auditable entity,” said Nishiyama.
