Keeper Security recently released findings from a survey that explored how organisations manage AI-driven and non-human access. Insights from the in-person survey of cybersecurity professionals at Infosecurity Europe 2026 in London suggest that AI agents and Non-Human Identities (NHIs) are becoming more common in enterprise environments, while the governance approaches to handle them have been falling behind.
Infosecurity Europe is one of the largest information security conferences in Europe, attracting practitioners, CISOs, and other security professionals to London each year. The survey conducted by Keeper collected responses from 86 attendees straight from the conference floor and provided insight into how European organisations are approaching NHI governance and agentic AI security.
More than two-thirds of respondents (68%) reported that AI agents or AI-powered tools exist as privileged identities within their organisations. However, only 15% of those respondents said they have full visibility into NHIs across cloud, on-premises and SaaS environments. Nearly two-thirds (65%) identified limited visibility into AI, automation and machine access as a key security concern.
Meanwhile, governance structures are not keeping pace with the scale of AI adoption:
- 14% of organizations manage NHIs through a single, centralised platform.
- Most organisations use multiple tools to manage NHIs:
- 39% report unclear or shared ownership.
- 33% report clear ownership across multiple tools.
- 21% consistently manage AI agents as privileged identities.
- 55% manage AI tools as privileged identities only in certain or limited use cases.
- 18% do not treat AI agents as privileged identities.
These gaps can lead to measurable consequences, as more than half of respondents (55%) have reported experiencing a security incident involving NHIs or credentials in the past 12 months; 8% reported significant business impact. Only 18% of respondents have continuous, automated detection and response in place for NHI behaviour. A further 35% operate limited monitoring of selected systems, and 13% do not monitor NHI activity at all. Excessive or standing privileges were flagged as a major risk by 55% of respondents, indicating a specific and addressable exposure in environments where access is not continuously reviewed.
“AI agents are now a mainstream concern of enterprise infrastructure across Europe,” said Darren Guccione, CEO and Co-founder, Keeper Security. “What European organisations are contending with is not a future threat, but rather a governance deficit that attackers are exploiting right now. The question is no longer whether to invest in securing non-human identities, but whether organisations can close the gap before it causes financial, operational and reputational harm.”
Despite the gaps in current practice, investment intent is clear:
- 64% of respondents plan to increase investment in securing NHIs and AI-driven access over the next 12 to 24 months.
- 22% anticipate making significant strategic investments in this area.
- 41% expect to implement targeted, incremental improvements to their security measures.
The findings highlighted several areas that organisations focus on when trying to strengthen their NHI security, including visibility across cloud, on-premises and SaaS environments. This also includes the ability to focus on consistent enforcement policies, both human and non-human identities, and continuous monitoring capabilities that can help reduce manual review requirements.
