The rise of nonhuman (AI-driven) identities is dramatically expanding the attack surface for organizations in the Asia Pacific region, increasing the complexity of access management and introducing new vulnerabilities, as per the new IBM report Cybersecurity 2028, in partnership with AWS.
As Asia Pacific economies accelerate their adoption of AI and automation, businesses are seeing a surge in the number of digital identities that are not tied to human users, but rather to AI agents, bots, and automated processes.
Nonhuman identities on the rise
Asia Pacific organizations are at the forefront of digital transformation, with AI adoption accelerating across industries. This rapid growth is not without consequence. The unchecked proliferation of nonhuman identities—AI agents, service accounts, and automated scripts—creates new targets for cyber attackers and leads to a loss of visibility into who or what is accessing critical systems.
Nearly two-thirds (64%) of executives expect every employee in their IT/IS organization to be using AI agents within the next two years.
This means that not only are human users interacting with sensitive data and systems, but so are a growing number of autonomous digital agents, each with their own set of credentials and permissions. The result is a dramatic increase in the number of potential entry points for attackers.
Visualizing the Growth: AI capabilities and attack surface
The report illustrates just how quickly AI-driven capabilities are expanding within organizations:
32% of cybersecurity workloads today, projected to reach 48% in three years—a 50% increase.
- Generative AI capabilities: 17% today, projected to reach 28%—a 63% increase.
- Workflow automation & orchestration: 29% today, projected to reach 42%—a 45% increase.
- AI augmentation: 24% today, projected to reach 35%—a 48% increase.
This surge in AI adoption means the attack surface is not only growing, but evolving in complexity, with more nonhuman identities than ever before.
Executive Perspective: The Workforce and Operational Shift
The challenge is not just technological, but organizational. As the report notes, 76% of executives anticipate that AI agents will fundamentally improve operations within two years, while 72% see these agents as key catalysts for innovation.
Furthermore, 67% expect AI agents to significantly enhance ROI on existing AI investments, and 64% foresee universal adoption of AI agents among IT/IS staff in the same timeframe.
This widespread adoption of AI agents underscores the urgency for robust identity governance frameworks that can manage both human and nonhuman identities securely.
The Business Case for Proactive Management
With the attack surface expanding, the stakes are high. However, the report also highlights a significant opportunity; executives estimate they can save an average of 10–20% of their total cybersecurity budget through the adoption of advanced AI use cases.
This potential for cost savings, alongside improved security and operational efficiency, makes a compelling case for Asia Pacific organizations to invest in next-generation identity and access management solutions.
Conclusion
The unchecked growth of nonhuman identities is rewriting the rules of cybersecurity in Asia Pacific. Organizations that act now to strengthen identity governance, invest in workforce development, and leverage advanced security technologies will be best positioned to thrive in the AI-driven future—securing both their data and their reputation in an increasingly digital world.
About The Author
