--- title: "The non-human identity security question your Series B board should be asking" slug: series-b-non-human-identity-board-question date: 2026-06-30 excerpt: "Your company runs a workforce of software identities that outnumber your people, that most teams cannot tell apart from humans, and that only about a third of organizations can actually shut off. For a Series B board, the AI agent governance question is really a non-human identity question." featured_image: "https://bbtxujdxvidaghmhxkqs.supabase.co/storage/v1/object/public/generated-images/blog-1782810473569-series-b-non-human-identity-board-question.webp" featured_image_alt: "A boardroom whiteboard showing a small cluster of human-shaped icons beside a much larger swarm of robot and key-shaped icons, with one robot icon circled and a question mark over a power switch." canonical_url: https://cerevisor.com/blog/series-b-non-human-identity-board-question updated_at: 2026-06-30T09:07:55.303189+00:00 --- # The non-human identity security question your Series B board should be asking TLDR Most companies are quietly running a workforce of software identities, service accounts, API keys, and now AI agents, that outnumber people dozens to hundreds to one. Most teams cannot tell an agent's activity apart from a person's, and only about a third of organizations can actually revoke an agent's credentials. The board-level AI agent question (who owns it, who can see it, who can shut it off) turns out to be a non-human identity question, and the weak link is revocation. I read a piece this week by a cloud security practitioner named Arnav, published June 29, that put a number on something I have been watching make founders uneasy for months. In cloud-native environments, there are now roughly 144 non-human identities for every one human. Not 1.4. One hundred and forty-four. Service accounts, API keys, workload certificates, OAuth tokens, and increasingly AI agents, each one logging in, reaching into data, and acting on systems with no person at the keyboard. One Fortune 500 financial institution in that writeup had 4.2 million non-human identities against 50,000 human accounts. If that ratio made you blink, good. It is the most honest single statistic I have seen about where the real [AI governance](/blog/weekly-recap-2026-06-27) work lives in 2026. --- ## What that 144-to-1 ratio actually means for a company at Series B scale Here is the translation for a [Series B](/blog/series-b-ai-vendor-58-percent-2026-04-29) founder, because the headline number sounds like someone else’s problem until it maps onto the stack already in production. Every AI agent a team deploys is not a feature. It is an employee onboarded without HR, without a manager, and usually without an offboarding plan. It has credentials. It can read email, query a database, call an API, move money in some cases. And unlike the SaaS logins already on the risk register, it acts at machine speed and can spin up more of itself. The KPMG 2026 Cybersecurity Report, which I saw covered in early June, found that machine identities already outnumber humans about 80 to 1 in the average enterprise, and it named non-human identity governance the top of eight CISO priorities, calling it a “massive blind spot.” That is the polite institutional way of saying nobody can see the whole picture. 144:1 non-human identities per human in cloud-native environments, up from 92:1 in early 2024 (arnav.au, June 29, 2026) The part that should land in a boardroom is not the count. It is the control gap underneath the count. A Cloud Security Alliance survey, summarized in a late-June note from the NHI Management Group, found that 68 percent of organizations cannot reliably distinguish AI agent activity from human activity, only 5.7 percent have full visibility into their service accounts, and 71 percent of these identities are not rotated on any reasonable schedule. So the agents are growing fastest, they are the hardest to see, and their credentials mostly just sit there. And the credentials that leak tend to stay leaked. > "64 percent of secrets leaked in 2022 were still valid in early 2026." GitGuardian State of Secrets Sprawl 2026, cited in arnav.au, June 29, 2026 In the same data set, 28.65 million hardcoded secrets were added to public GitHub during 2025, up 34 percent year over year, and credential leaks tied specifically to AI services rose 81 percent. There were even 24,008 unique secrets sitting in publicly exposed configuration files for MCP, the connector layer a lot of agent stacks now run on. None of this is exotic. It is the ordinary plumbing of how teams ship AI features fast. Key Insight The hard part of [AI agent governance](/blog/ai-agent-kill-switch-who-owns-it-series-c-board) is not deciding what an agent may do. It is being able to prove, on a Tuesday, who owns each agent, what it can reach, and how fast you can switch it off. Sprawl is a visibility problem. The blast radius is a revocation problem. --- ## The three questions a Series B board will raise on this When this lands on a board agenda, and it will, the questions are predictable. Better to have the answers ready than to discover the gap live. **“How many non-human identities and agents do we actually have, and who owns each one?”** The honest first answer for most companies is “more than we think, and ownership is unclear.” That is fine to admit once. It is not fine to keep admitting. A 2026 survey of large-enterprise security leaders found only about 7 percent had a named individual formally accountable for AI agent behavior. The fix is unglamorous: an inventory with a human name next to every agent and service account that touches data or money. Start with the ones that touch money. **“If one of these agents misbehaves tonight, can we shut it off, and how fast?”** This is the question that matters most and gets answered worst. Across the 2026 reporting, roughly a third of organizations can revoke an AI agent’s credentials cleanly, and only one in five have a formal process to offboard an API key. A kill switch written into a policy is not the same as a named person who can revoke a specific agent’s access in ten minutes and prove it afterward. Test it before claiming it. **“Are we treating agents like privileged employees or like free trials?”** The NHI Management Group framed the better posture in a line I keep coming back to: treat each agent as a privileged non-human identity with an owner, a defined purpose, and a measurable access scope, and replace standing access with time-bound credentials. Roughly two-thirds of organizations apply weaker controls to agents than to their human staff. That is exactly backwards. The software employee never sleeps and never gets nervous about getting caught. > An AI agent is an employee onboarded without HR, without a manager, and usually without an offboarding plan. --- ## The sixty-second version of this memo for the board We run more non-human identities than people, and AI agents are the fastest-growing slice. The risk is not that they are smart. It is that we cannot fully see them, cannot always tell them apart from staff, and cannot reliably switch them off. We are doing three things this quarter: building one inventory with a named owner per agent, proving we can revoke any single agent’s access in minutes, and giving every new agent a scoped, time-bound credential instead of a standing one. None of it slows down shipping. It is the difference between a workforce and a blind spot. That is the whole memo. It fits on an index card on purpose. --- ## The identity-as-control-layer shift heading into the August deadline Two things are worth tracking. First, the market is voting with its wallet on identity as the control layer, and that signals where serious money expects the problem to sit. The acquisition activity and product launches around agent identity and runtime control through the first half of 2026 are not a coincidence; they are the tooling catching up to the sprawl. Second, the [EU AI Act](/blog/five-ai-commitments-enterprise-procurement-august)’s high-risk obligations arrive in August, and “we can demonstrate control over our automated systems” is going to read very differently to an auditor who asks for a revocation log. Here is the calming part, because I promised myself I would end on the useful note rather than the scary one. This is figure-out-able, and it is mostly discipline, not a moonshot. No new platform or new headcount is required this week. What it takes is a list, a name next to each line, and one tested answer to the question “can we turn this off.” Companies that get the boring version of identity right are the same ones who get to keep moving fast, because they are not the ones explaining a stale credential to their board six months from now. Get the list. Name the owners. Test the off switch. The rest follows. #### Sources - [Non-Human Identity Sprawl: Where Cloud, Security and AI Converge](https://arnav.au/2026/06/29/non-human-identity-sprawl/) - arnav.au, 2026-06-29 - [KPMG 2026 Cybersecurity Report Identifies Non-Human Identities as a Critical Priority for CISOs](https://nhimg.org/nhi-news/kpmg-2026-non-human-identity-security-ciso-priorities) - NHI Management Group (coverage of KPMG 2026 Cybersecurity Report), 2026-06-05 - [AI agent identity security in 2026: are your controls keeping up?](https://nhimg.org/community/agentic-ai-and-nhis/ai-agent-identity-security-in-2026-are-your-controls-keeping-up/) - NHI Management Group, 2026-06-25 - [Non-human identity sprawl is agentic AI's real risk](https://www.informationweek.com/risk-management/non-human-identity-sprawl-is-agentic-ai-s-real-risk) - InformationWeek, 2026-04-30