BeyondTrust expands identity risk assessment for AI

BeyondTrust has expanded the Identity Security Risk Assessment feature in its Identity Security Insights product, adding a five-pillar framework that covers human, non-human and AI identities.

The revised assessment is intended to give organisations a broader view of identity-related risk across cloud, SaaS and hybrid environments, while linking findings to security frameworks including NIST 800-53 and MITRE ATT&CK.

Identity security has become more complex as companies manage not only employee accounts, but also service accounts, secrets and AI agents spread across multiple systems. Security teams often struggle to see how these identities connect, making indirect access routes and privilege escalation paths harder to detect.

Attackers are increasingly exploiting those hidden links rather than focusing only on individual accounts. In this model, access relationships between users, applications and systems can create pathways to elevated privileges that sit outside the view of conventional identity management tools.

Five pillars

The updated assessment groups its analysis into five areas: Environment Overview, True Privilege, Security Themes, AI Security and Emerging Themes, and Findings Explorer.

BeyondTrust said Environment Overview is designed to provide a single view of human, non-human and AI identities across infrastructure, cloud and SaaS systems, while highlighting lifecycle and access hygiene issues. True Privilege focuses on hidden privilege escalation paths, indirect access relationships and cross-domain attack routes.

Security Themes is intended to identify identity hygiene issues such as dormant privileged accounts, exposed credentials, excessive permissions, password-related risks and joiner-mover-leaver gaps. AI Security and Emerging Themes is aimed at surfacing risks linked to AI use, including shadow AI agents, unauthenticated models and exposed secrets.

Findings Explorer brings detections and recommendations into one interface and scores them by risk level. Recommendations are mapped to NIST 800-53 and MITRE ATT&CK to help security and identity teams align remediation work with broader security and compliance priorities.

Morey Haber outlined the broader shift in identity risk. "For years, organisations focused primarily on managing human identities. Today, machine identities, secrets and AI agents often outnumber people by orders of magnitude, creating new attack paths that security teams struggle to see," said Morey Haber, Chief Security Advisor at BeyondTrust.

"Understanding who has access is no longer enough. Organisations need visibility into what has access, how those privileges connect, and where threat actors can exploit those relationships to move laterally through an environment," Haber said.

Indirect access

Jason Silva said one of the main challenges for organisations is that effective privilege often extends well beyond formal role assignments. As a result, accounts that appear low risk can still have indirect routes to sensitive systems through group structures, delegated permissions, cloud entitlements or linked applications.

"What consistently surprises organisations is how much effective privilege exists beyond direct role assignments," said Jason Silva, Principal Solutions Architect at BeyondTrust.

"Accounts that appear low risk on paper often have indirect access paths through nested groups, delegated permissions, cloud entitlements or connected applications. By helping organisations visualise those relationships, the enhanced assessment provides a clearer understanding of where identity risk exists and which exposures should be prioritised first," Silva said.

BeyondTrust also cited customer feedback from Broadridge Financial Solutions on its use of Pathfinder, part of the wider platform. The customer said the tool identified nested Active Directory group issues and accounts without owners that had not previously been detected manually.

"We had Pathfinder for one week. The AI traced a nested AD group granting local admin, accurately, at a depth we couldn't do manually," said Shannon Anderson, Vice President, BISG Security Engineering - Identity and Access Management at Broadridge Financial Solutions, Inc.

"It surfaced accounts with no owner that we had no idea existed. But what it really did was give us a way to prioritise. We resolved the highest-risk issues and we're in a much stronger defensive position now. Once you see it, you can't unsee it," Anderson said.

The expanded assessment is part of BeyondTrust's broader identity security portfolio, aimed at helping customers move from one-off identity risk reviews to continuous monitoring and remediation. The assessment is available free of charge, can usually be connected in less than an hour, and returns findings within 24 hours.

BeyondTrust said more than 20,000 customers use its products, including 75 of the Fortune 100.