Keeper Security: Most European orgs lack NHI governance as AI agents spread

Keeper Security says a survey of 86 Infosecurity Europe 2026 attendees in London found AI agents and non-human identities are already embedded in enterprise environments, but most organisations lack the visibility, centralized control and continuous monitoring needed to secure them. More than half of respondents reported an NHI or credential incident in the past year, underscoring the growing operational risk.

Why it matters: - European organisations are adopting AI agents and non-human identities faster than they are building the governance needed to control them. - The gap creates exposure in cloud, on-premises and SaaS environments where privileged access can be difficult to track and review. - More than half of respondents said they had already experienced an NHI or credential incident in the past 12 months, showing the issue is no longer theoretical.

What happened: - Keeper Security surveyed 86 cybersecurity professionals in person at Infosecurity Europe 2026 in London. - 68% of respondents said AI agents or AI-powered tools exist as privileged identities in their organisations. - Only 15% of those respondents said they have full visibility into NHIs across cloud, on-premises and SaaS environments. - 65% named the lack of visibility into AI, automation and machine access as their top risk.

The details: - Only 14% of organisations manage NHIs through a single, centralised platform. - 39% operate with unclear or shared ownership of NHI governance. - 33% said ownership is clear, but management still happens across multiple tools. - Only 21% said AI agents are consistently managed as privileged identities. - 55% said AI tools are treated as privileged identities only in some cases or for limited use cases. - 18% do not treat AI tools as privileged identities at all. - 55% reported a security incident involving NHIs or credentials in the past 12 months. - 8% said those incidents had significant business impact. - Only 18% have continuous, automated detection and response for NHI behaviour. - 35% rely on limited monitoring of selected systems. - 13% do not monitor NHI activity at all. - 55% identified excessive or standing privileges as a major risk. - Keeper Security said the findings point to a need for centralised visibility, consistent policy enforcement and continuous automated monitoring. - KeeperPAM unifies password management, secrets management and privileged access controls in a single zero-trust, zero-knowledge architecture. - The platform is designed to govern human and non-human identities from a single control plane. - The company also points to KeeperAI for real-time AI-native threat detection across privileged sessions.

Between the lines: - The survey suggests many security teams are reacting to AI adoption after deployment, rather than setting governance before broad rollout. - Shared ownership and multiple tools can slow response times and make access review inconsistent. - The concentration of risk around standing privileges suggests a practical fix may be tighter lifecycle control, not just broader policy statements. - Darren Guccione, CEO and co-founder of Keeper Security, said the issue is a governance deficit that attackers are exploiting now.

What’s next: - 64% of respondents plan to increase investment in securing NHIs and AI-driven access over the next 12 to 24 months. - 22% expect significant strategic investment. - 41% expect targeted, incremental improvements. - Keeper Security says organisations should prioritize unified visibility, policy enforcement and automated monitoring to reduce manual review. - More information is available at securing AI agents and non-human identities.

The bottom line: - AI agents are already inside enterprise environments, but governance is still catching up. The organisations that close the visibility and monitoring gap first are likely to reduce both incident risk and operational strain.