AI Security - 92% of Organizations Fail to Rotate Credentials
Significant risk — action recommended within 24-48 hours
Basically, most companies don’t change their machine passwords regularly, which is risky as AI systems get more control.
A new survey reveals that 92% of organizations fail to rotate machine credentials regularly. This negligence exposes them to significant security risks as AI systems gain more control. Companies must act now to improve their credential management practices and governance.
What Happened
A recent survey conducted by the SANS Institute has unveiled a startling statistic: 92% of organizations fail to rotate machine credentials on a regular basis. This lack of credential hygiene poses a serious risk as enterprises increasingly deploy AI agents that require privileged access to core systems.
Who's Affected
The survey highlights a significant gap in security awareness among organizations. While three-quarters of companies are utilizing AI systems that need these credentials, only 5% of security leaders are fully aware of the existence of such systems within their environments. This disconnect leaves many organizations vulnerable to potential exploitation.
Credential Hygiene Crisis
The findings reveal that many teams are hesitant to change machine secrets due to fears of triggering service outages. As a result, the majority of firms are not adhering to the recommended practice of rotating credentials every 90 days. This negligence creates a vast attack surface, particularly as AI systems become more autonomous and capable of unpredictable actions.
Governance Challenges
Richard Greene, a SANS instructor, warns that organizations are granting AI systems decision-making power faster than they can implement proper governance. The survey indicates that no single protective measure—such as human-in-the-loop approvals, sandboxing, or comprehensive audit logging—is utilized by more than 40% of respondents. This lack of oversight means that AI agents operate with effectively perpetual credentials, heightening the risk of unauthorized access.
What You Should Do
Organizations must take immediate steps to improve their credential management practices:
- Implement regular credential rotation policies to ensure that machine secrets are updated frequently.
- Conduct an audit of AI systems to identify which ones require privileged access and ensure they are monitored.
- Establish governance frameworks that include human oversight and logging to mitigate risks associated with autonomous AI actions.
By addressing these issues, organizations can better protect themselves against potential security breaches and ensure that their AI systems operate within a controlled environment.
🔒 Pro insight: The staggering failure to manage machine credentials effectively opens organizations to potential exploitation by AI systems, necessitating urgent governance reforms.