Nidhi Jain is CEO & Founder of CloudEagle.ai, a platform helping enterprises govern SaaS, identities, and AI agents at scale.getty​Ask a CISO how many employees their company has. They will know the exact headcount.Now ask how many service accounts, API keys, OAuth tokens and AI agents are running inside their environment right now. The room goes quiet. Someone offers an estimate. Someone else says they will pull a report. Nobody is confident in the answer.That gap is no longer a hygiene issue. It is the largest unmonitored attack surface in the modern enterprise, and it has been growing in silence for a decade.Your identity count is off by an order of magnitude.Every cloud workload, SaaS integration, CI/CD pipeline and AI agent created in the past twelve months arrived with its own credentials.None of them are governed by the access reviews, joiner-mover-leaver workflows or quarterly attestations built for humans. They were provisioned, used and then forgotten.The breach data shows what happens when that gap goes unaddressed. The 2025 Verizon Data Breach Investigations Report found that credential abuse was the leading initial access vector for the second year in a row.The cost story is worse. IBM's Cost of a Data Breach Report puts the global average breach cost at $4.4 million, with breaches initiated through stolen credentials averaging $4.67 million and taking 246 days to identify and contain. That is roughly eight months of attacker dwell time before the breach is even noticed.The stolen credentials are not human. They are the static API keys, hardcoded tokens and over-permissioned service accounts that traditional IAM was never designed to manage.Your IAM was built for people who quit. Service accounts don't quit.Human identity governance assumes a lifecycle. People are hired, granted access, reviewed and offboarded.Non-human identities do not behave that way.Picture a service account created for a one-time integration in 2022. The developer who built it has changed roles or left the company. The system it is connected to may have been decommissioned years ago. But the credentials are still valid, still broadly permissioned and still invisible to every access review since.Multiply that pattern across a decade of cloud adoption and you get the operational reality most CISOs are now waking up to: a credential layer that has grown unchecked for years and now constitutes the majority of authenticated activity in their environment.AI is accelerating this. Every agent built in Copilot Studio, every Bedrock Flow and every MCP-connected assistant adds another non-human identity with persistent access. Gartner predicts 40% of enterprise applications will feature task-specific AI agents by the end of 2026, up from under 5% in 2025.Each one is an identity. Almost none will pass through a formal access review.The real problem isn't privilege. It's that no human owns it.Security teams should focus on the riskiest identities first. The deeper issue is structural.Non-human identities have no human accountable for their behavior.When a service account is compromised, there is no employee to call, manager to escalate to or offboarding ticket to close the loop. Ownership is diffused. IT thinks security owns it. Security assumes the application team owns it. The application team assumes the original developer documented it somewhere.In most enterprises, the answer is none of the above.This is why credential-based attacks dwell longer than any other type. It is also why the fix is not another tool but a governance principle: Every non-human identity must have a named human owner and a defined expiration.These five questions separate a program from a posture​.If your security team cannot respond to the following on demand, you do not have a non-human identity governance program:• Can you produce a complete inventory of every service account, API key, OAuth token and AI agent operating in your environment?• For each non-human identity, can you name the human owner accountable for its behavior and offboarding?• Do you know what data and systems each identity can access, and is that access scoped to least privilege?• Are credentials rotated on a defined schedule, or do they live indefinitely once created?• When an employee leaves, are the non-human identities they created reviewed, reassigned or revoked, or do they persist as orphans?The honest answer for most organizations is that they fail at least three of these. The orphaned identities accumulating from those failures are precisely what attackers are targeting.Agentic AI is about to make this 10 times harder.The third-party dimension already makes the problem worse. IBM's 2025 report found that third-party breaches doubled to 30% of all incidents. Most of that third-party access runs on non-human identities, integrations, API tokens and federated service accounts that the customer organization has limited visibility into and even less ability to govern.Now add agentic AI to that picture.An autonomous agent calling another agent calling a payment system is a chain of non-human identities, each operating with delegated authority, none of them appearing in a traditional access review.When something goes wrong in that chain, the forensic trail is fragmented across systems that were never designed to log machine-to-machine activity in audit-grade detail.What should boards be asking their CISOs this quarter?The right question is not whether the company has an NHI program.It is whether the security team can name, in real time, every non-human identity with privileged access to a critical system, and produce a current human owner for each one.Most cannot.The ones that can are not necessarily the most technically sophisticated. They are the ones that decided, often after a near-miss, that machine identities deserved the same governance rigor as employees. That decision is the difference between an attack surface that is monitored and one that is merely hoped for.The companies still treating non-human identities as an IT housekeeping issue are the ones writing the next breach disclosure. The credential is already valid. The access is already provisioned. The only thing missing is the attacker, and the data suggests they are not far behind.​Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?