Threat Focus – The Rising Tide of Machines

Imagine your business as a bustling airport. Employees are the passengers you see, and behind the scenes, fleets of “robotic vehicles” keep everything running – managing logistics and ensuring smooth operations. The same is true for your network. APIs, bots, and cloud services are the silent workforce powering your digital operations. With the rapid rise of cloud and AI adoption, these machine identities now outnumber human users by 82 to 1, according to CrowdStrike research. Each “robot driver” has its own credentials, but many are still unmanaged or unnoticed, creating a significant security blind spot.

This risk became all too real during the Commvault Metallic breach in early 2025. Attackers used stolen, long-lived OAuth tokens to infiltrate hundreds of Microsoft 365 tenants which effectively takes control of the “robot keys” to sensitive organisational data. Once inside, they moved undetected, bypassing traditional security measures that focus on human users.

The fallout of poor machine-identity governance can be severe: unauthorised access, data theft, operational downtime, and tough regulatory questions about “who authorised what.” Both the UK’s National Cyber Security Centre (NCSC) and CrowdStrike warn that every machine identity must be managed with the same discipline as a human user. This means keeping a complete inventory, using automation to rotate keys and credentials, enforcing least-privilege access, and continuously monitoring for unusual machine activity. Advanced behavioural analytics, like those offered by CrowdStrike Falcon Identity Threat Protection, can play a vital role here, alongside embedding machine identity into your broader zero-trust strategy.

When machines outnumber staff eighty to one, staying on top of them isn’t just admin work, it’s the equivalent of air traffic control for your digital runway.