ConductorOne’s Second Annual Report Highlights Today’s Top Identity Security Risks and Opportunities
PORTLAND, Ore. – May 13, 2025 – ConductorOne today announced the results of its second annual research study, the 2025 Future of Identity Security report, which explores how security leaders are navigating today’s identity security threats and preparing for the future, particularly in anticipation of the growing adoption and influence of AI agents in the enterprise. Based on a survey of nearly 500 security leaders in the U.S., the study found that respondents are going all in on agentic AI, even as they recognize its risks.
According to the report, the vast majority (89%) of respondents plan to use AI agents in their security departments within the next two years. In many cases, the AI push is coming from the top, with 43% saying their board or executive team is actively advocating for greater AI adoption in security. Still, nearly all (96%) respondents say their planned agentic AI deployments won’t just be limited to non-critical tasks, even despite 83% stating they are concerned about the risks posed by agentic AI.
“When you think about identity in 2025, you can’t ignore the impact of AI agents. Boards are pushing for it, employees are excited to use it, and maybe most surprisingly, security leaders themselves see the potential of agentic AI to supercharge their operations,” said Alex Bovee, CEO and co-founder of ConductorOne. “You might expect CISOs and other security leaders to pump the brakes on agentic AI. Instead, they’re stepping on the gas to drive productivity and delivery of new cases that didn’t seem possible before."
Additional key findings of the 2025 Future of Identity Security report include:
- Identity attacks increase, budgets follow: 82% of respondents stated their organization experienced at least one cyberattack or data breach in the past 12 months due to improper access or over-privileged users—up from 77% in 2024. Still, 84% of organizations are increasing their IAM budgets this year, a signal that investment is following urgency.
- Security leaders are feeling the pressure: Respondents stated that the top pressure they feel in their role is preventing cyber threats and ensuring no breaches occur. With such a burdensome mandate, it’s no wonder that more than 1 in 4 reported high or very high stress levels.
- Non-human identities (NHIs) are a high priority: The vast majority (93%) of security leaders believe the risks associated with NHIs are urgent, with 24% stating that NHI risks are “extremely urgent” and require immediate action. More than half (51%) view the security of NHIs to be just as much of a priority as traditional human users, while 42% say NHIs are a higher priority than human identities.
- Top agentic AI use cases for security: When it comes to operationalizing AI agents, security leaders stated their top planned use cases were network monitoring and analysis (49%), SOC automation (47%), and access requests and account provisioning (46%)—all high-friction areas where scale and speed matter.
- System complexity remains the top IAM challenge: For the second year in a row, the complexity of existing systems was cited as the biggest challenge security leaders face when it comes to identity and access management, as noted by 50% of respondents.
- Improving security is the top priority for identity: The majority (77%) of respondents stated their top IAM priority for the next year is to improve security, followed by reducing risk (60%), achieving compliance (50%), and improving team productivity (49%).
- Respondents believe AI agents will help them achieve security improvements: Respondents who experienced multiple instances of identity compromise in the past year were 17% more likely to turn to agentic AI for identity and access controls, showing a clear link between real-world pain and a willingness to adopt agentic AI to improve security.
To learn more, download the 2025 Future of Identity Security report.
Methodology
The 2025 Future of Identity Security report findings are based on the results of an online survey conducted in April 2025 that examined the opinions of 494 U.S.-based IT security leaders, manager level and higher, at companies with 500 or more employees.
About ConductorOne
ConductorOne is the first multi-agent identity security platform that protects every identity: human, non-human, and AI. Using a broad base of out-of-the-box connectors, powerful automation, and platform-level AI capabilities, it centralizes identity and access visibility, enforces fine-grained access controls, enables just-in-time access, and automates user access reviews across all apps and infrastructure. Organizations can efficiently and securely manage the entire lifecycle of identities and streamline compliance tasks—all from a single, quick-to-deploy platform. ConductorOne is easy to use, connects to all of your apps, and is AI powered—we make securing identity effortless regardless of environmental complexity. ConductorOne is trusted by forward-thinking enterprises like DigitalOcean, Instacart, Ramp, and Zscaler. For more information, visit conductorone.com.
# # #
Media Contact
