In 2025, identity security is a high-speed, high-pressure priority for security teams across every industry. And as ConductorOne’s 2025 Future of Identity Security Report makes clear, security leaders aren’t hitting the brakes. They’re adapting fast, embracing automation, and investing heavily in the future of identity.
Now in its second year, the report captures a snapshot of the evolving identity landscape through the lens of 494 security professionals across industries like financial services, healthcare, tech, and manufacturing. The biggest headline? Security teams are charging forward with agentic AI—despite deep concerns about the risks it poses—while contending with rising identity-based threats, ballooning non-human identity sprawl, and increasing executive pressure.
Here’s a closer look at the key takeaways shaping identity security this year.
AI agents are here, and security leaders are embracing the risks
You might expect security teams to take a cautious approach to agentic AI. After all, these systems are dynamic, autonomous, and hard to govern. But that’s not what the data shows. Instead, CISOs and security practitioners are leaning in, adopting agentic AI not because it’s safe, but because they can’t afford to stand still.
According to the report, 89% of respondents say they plan to implement AI agents in their security departments within the next two years. Nearly all (96%) say they’ll use agents for critical tasks, not just non-essential work. That’s despite the fact that 83% of respondents are concerned about agentic AI risks, and 41% are “very concerned.”
So what’s driving this willingness to embrace risk? It’s a calculation: the cost of doing nothing is greater than the risk of moving forward. As the report puts it, “controlled speed beats static security.”
Identity attacks are on the rise—and budgets are following suit
Behind the AI acceleration is a deeper, more immediate threat: identity-based attacks. The report found that 82% of organizations experienced at least one identity-driven cyberattack or data breach in the past year, up from 77% in 2024. That number jumps even higher in industries like financial services and technology, where over a third of respondents reported multiple identity incidents.
As identity becomes the new battleground, budgets are rising to match. 84% of security leaders said their identity and access management (IAM) budgets are increasing, either moderately or significantly. Among those who faced multiple breaches in the past year, nearly half reported significant increases. Even so, more than a quarter still say budget remains a top concern—an indication that spending may not be keeping pace with the scale of the problem.
Security is now the top IAM priority
Historically, identity programs have been built around compliance and operational efficiency. That’s no longer the case. In this year’s report, improving security emerged as the #1 IAM priority across the board, outranking risk reduction, compliance, and even productivity.
77% of respondents said their top priority is improving security—a clear sign that identity has moved from being a support function to a core element of organizational defense. Risk reduction came in second at 60%, followed by compliance at 50%. Notably, productivity and automation fell lower on the list, reflecting a shift in mindset: security teams are prioritizing resilience over convenience.
Non-human identities are everywhere and increasingly urgent
While agentic AI is getting much of the attention, it’s built on a foundation of something that’s been quietly growing for years: non-human identities (NHIs). These include machine credentials like service accounts, API keys, and secrets—credentials that operate without human intervention but with potentially wide access across systems.
This year, 93% of security leaders said the risks associated with NHIs are urgent, and nearly a quarter (24%) said the risk is “extremely” urgent and requires immediate action. The volume and visibility of NHIs is increasing, and so is their security priority. In fact, 42% of respondents said securing NHIs is now a higher priority than securing human users.
What’s driving the concern? Over-provisioning, long-lived credentials, and the difficulty of understanding who (or what) has access to sensitive data. Even among those who claim to have “full” visibility into NHIs, governance challenges remain.
Security teams are under pressure but not backing down
It’s no secret that security is a high-stakes job. But the report shows that the pressure is intensifying. More than one in four security leaders reported experiencing “high” or “very high” stress levels on a regular basis. Their top stressor is no surprise: preventing cyberattacks and data breaches.
When asked about the biggest pressure they face in their roles, most respondents pointed not to executive accountability or headcount constraints—but to the sheer difficulty of preventing all threats and stopping every breach. In other words, security leaders are more focused on outcomes than optics. They’re not worried about being the fall person. They’re worried about getting it right.
Still, there’s resilience beneath the stress. Security leaders don’t fold under pressure. They operate in it.
Building for speed, not fear
The 2025 Future of Identity Security Report doesn’t paint a picture of complacency or panic—it shows an industry in motion and moving faster than ever. AI is changing the nature of identity. Attacks are becoming more frequent and sophisticated. And yet, security leaders aren’t paralyzed. They’re moving fast, investing in controls, and rethinking how access is managed across their organizations.
As ConductorOne CISO Kevin Paige puts it, “We don’t put brakes on the train to make it go slow. We put brakes on so it can go fast. The same goes for agentic AI.”
The future of identity security will belong to the teams who build speed safely and who are willing to rethink everything from the ground up.
