A majority (69%) of security leaders agree that identity management needs to evolve in order to handle mounting risks in AI infrastructure deployments, according to a new report from Teleport.
The security vendor polled over 200 US infrastructure security leaders to compile its latest report: 2026 State of AI in Enterprise Infrastructure Security.
It defined “AI in infrastructure” as AI-powered workloads, agentic systems, machine-to-machine communication, ChatOps, compliance automation, and incident detection.
The report found that while most respondents are seeing benefits from deploying AI in these use cases, such as improving incident investigation time (66%), documentation quality (71%) and engineering output (65%), a majority (85%) are also worried about the risks.
This is based on real experience rather than hypothetical concerns: a third (35%) confirmed at least one AI-related incident and a further 24% suspect one may have occurred.
The Problem with AI and Identity
A major cause of risk highlighted in the report is identity related. Nearly three-quarters (70%) of respondents said their AI systems have more access rights than a human in the same role would get.
A fifth (19%) said they get “significantly more.”
It is this access which appears to be a predictor of trouble. Organizations with over-privileged AI have a 76% incident rate, whereas those with least-privilege controls put the figure at 17%. It means that those without least-privilege controls are around 4.5 times more likely to encounter security issues.
“This is the single most predictive factor for AI-related incidents that we found – more predictive than the industry, maturity level, or stated confidence,” the report noted.
Teleport claimed that static credentials like passwords, API keys, and long-lived tokens are to blame for the over-privileging of AI systems. Incident rates for organizations with a high reliance on static credentials stood at 67%, versus 47% for those with a low reliance.
Teleport CEO, Ev Kontsevoy, explained that the growing complexity of IT infrastructure is putting increasing pressure on identity management.
“Most organizations have more groups and roles than employees, for example. And deploying non-deterministically behaving agents on top of this mess comes with unpleasant consequences,” he added. “The data is clear. It’s not the AI that’s unsafe. It’s the access we’re giving it.”
Time to Improve
Unfortunately, few organizations seem to be prepared to improve the situation. A majority said they either had no “formal” governance controls in place (43%) or none at all (21%).
To get back on the front foot against AI risk, Teleport recommended organizations to:
- Implement least privilege access controls for AI systems currently over-privileged
- Reduce reliance on static credentials
- Reshape identity management teams to reduce silos and include platform/engineering stakeholders
Read more on AI threats: Researchers Warn of Security Gaps in AI Browsers.
