While 89 percent of IT decision-makers have fully or partially integrated AI agents into their organization’s identity infrastructure, more than half expect agentic AI to drive at least 50 percent of cyberattacks in the next year.
This is according to Rubrik Zero Labs’ newly published Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats report, which highlights a widening gap between the expanding identity attack surface and organizations’ confidence in responding to and recovering from potential cyberattacks.
The era of AI and non-human identities
Conducted by Wakefield Research, the Rubrik Zero Labs study surveyed 1,625 IT Security decision-makers at companies with 500 or more employees, with a 50-50 split between Directors/VPs and CIOs/CISOs.
The study found a growing disparity between organizations’ adoption of AI agents — and the resulting proliferation of non-human identities (NHIs) — and their overall preparedness to manage identity-related threats.
Key findings include:
- 89 percent have fully or partially incorporated AI agents into their identity infrastructure, and an additional 10 percent plan to do so.
- 58 percent expect that in the next year, 50 percent or more of the cyberattacks they deal with will be driven by agentic AI.
- 90 percent of leaders agreed that identity-driven cyberattacks are a top threat to their organizations,
- 89 percent plan to hire professionals within the next 12 months, specifically to manage or improve identity management, infrastructure, and security.
- 87 percent of IT leaders intend to change Identity and Access Management (IAM) providers or have already begun the process of doing so.
- 58 percent cite security concerns as the primary driver to switch IAM providers.
“The rise of identity-driven attacks is changing the face of cyber defense. Managing identities in the era of AI has become a complex endeavor, especially with the labyrinth of NHIs,” said Kavitha Mariappan, chief transformation officer at Rubrik.
“We have an under-the-radar crisis on our hands where a single compromised credential can grant full access to an organization’s most sensitive data. Attackers are no longer breaking in, but logging in, and comprehensive Identity Resilience is absolutely critical to cyber recovery in this new landscape,” Mariappan added.
Lagging confidence in cyber defense, recovery
Amid the rapid growth of NHIs and AI agents, Rubrik’s research shows declining confidence in organizations’ ability to respond to and recover from cyberattacks.
Only 28 percent of respondents believe they could fully recover from a cyber incident in 12 hours or less — compared to 43 percent in 2024.
More than half (58 percent) believe it would take at least two days to return and resume full-service operations after a compromise. Among those who experienced a ransomware attack in 2025, 89 percent paid a ransom to recover their data or stop the attack.
According to Rubrik, this waning confidence signals a need for dedicated resources to build identity resilience — emphasizing a comprehensive strategy that goes beyond using identity security tools alone.
“IT and security leaders must build resilient identity services and infrastructures to ensure a quick recovery and restoration of operations in the face of an attack,” the company said in a press release for the report.
“Organizational concern over the state of identity security is valid, and IAM tools alone are not enough to properly address these challenges. CIOs and CISOs need a comprehensive identity resilience strategy for when, not if, an attack strikes,” it added.
Earlier this year, Rubrik introduced new Google Cloud security solutions focused on cyber recovery, AI data access, and Zero Trust. Read more about how these offerings help streamline and optimize backup and recovery for customers.





