Every enterprise security team is fighting a workforce problem they cannot see on any org chart.
Bots, service accounts, API keys, OAuth tokens, machine certificates — non-human identities now outnumber human ones in most large organisations, often by a factor of ten to one. They authenticate constantly, operate across every environment, and when forgotten, they do not retire gracefully. They linger, accumulate privilege, and wait. Security practitioners have taken to calling them ghost identities — and the name fits.
The security industry has had plenty of warnings. It just has not acted on it.
Cast your mind back to SolarWinds story. The attackers did not smash through anything. They slipp...