A new study has identified a critical security vulnerability within large organizations, where numerous applications operate outside of centralized identity management systems. This situation, described as creating “dark” or unmanaged digital identities, is occurring even as formal identity security programs advance. The research indicates this gap is a significant and growing risk factor as artificial intelligence capabilities evolve.
Research Findings on Identity Management
According to research conducted by the Ponemon Institute, a typical enterprise uses hundreds of applications that remain disconnected from its core identity governance platforms. These disconnected systems create what researchers term “dark identities,” which are user accounts and access privileges not visible to or controlled by central security teams. The existence of these identities contradicts the overall trend of maturing corporate identity and access management (IAM) programs.
The report suggests a paradox for Chief Information Security Officers (CISOs) and other security leaders. While investments in identity security tools and processes are increasing, the overall risk landscape is not improving proportionally. The disconnect between centralized policy and decentralized application adoption is a primary contributor to this problem.
The Evolving Threat Landscape for 2026
Security analysts project that these identity gaps will become increasingly exploitable by malicious actors in the coming years. The anticipated advancement of artificial intelligence tools by 2026 is a particular concern. Experts warn that AI could automate the discovery and exploitation of these weak identity controls at a scale and speed beyond current human-led attacks.
Potential threats include AI-driven credential stuffing, sophisticated phishing campaigns that mimic legitimate access requests, and automated lateral movement across a network once an initial “dark” account is compromised. The centralized security systems designed to flag anomalies may fail to detect malicious activity originating from these unmanaged access points.
Industry and Expert Reactions
The publication of these findings has prompted discussion among cybersecurity professionals. Many agree that the proliferation of software-as-a-service (SaaS) applications and cloud services, often adopted by individual business units without central IT oversight, has accelerated this issue. The concept of “shadow IT” is now extending directly into the realm of identity and access control.
Some experts argue that traditional IAM frameworks, designed for an era of on-premises software, are struggling to keep pace with modern, decentralized digital environments. The technical challenge involves discovering all identity-aware applications, integrating them into a governance framework, and continuously monitoring access rights without impeding business productivity.
Forward-Looking Security Implications
Based on the available data, the next phase of corporate cybersecurity will likely involve a renewed focus on identity discovery and consolidation. Security industry observers expect technology vendors to emphasize solutions for automated application discovery and integration. Furthermore, regulatory bodies may begin to scrutinize identity governance completeness as part of broader data protection and compliance audits.
Organizational responses are expected to include comprehensive audits of all application access, stricter procurement policies for new software, and increased investment in identity governance tools that can adapt to hybrid cloud environments. The timeline for addressing these vulnerabilities is considered urgent, with the consensus being that remediation efforts must significantly advance before AI-powered threats become mainstream.
Source: Ponemon Institute
