Secure AI starts here. Oktane | Las Vegas | Sept 24–26 Register now
Free trial Contact us

Beyond ID’s top identity threats in 2025

What their research uncovered, and what’s coming next

About the Author

Arun Shrestha

CEO and Co-Founder, BeyondID

Arun Shrestha has over 20 years of experience building and leading enterprise software and services companies. As CEO at BeyondID, Arun is committed to building a world-class organization with a mission to help its customers build secure, agile, and future-proof businesses. Arun prides himself on partnering with customers to strategize and deploy cutting-edge technology that delivers top business results. Prior to co-founding BeyondID, Arun held executive positions at Oracle, Sun Microsystems, SeeBeyond, and, most recently Okta, a leading Identity Cloud company that went public in 2017. At Okta, Arun was responsible for delighting customers and building world-class services and customer success organizations. Arun led global services and support organizations at Oracle and Sun Microsystems for systems and software, including Java, SOA, and identity management platforms. Arun brings years of delivering modern IT solutions related to identity, cybersecurity, and cloud to global customers across the Americas, EMEA, and APAC regions. Arun earned his BS in computer engineering and computer science from Graceland University, Iowa.

23 September 2025 Time to read: ~

Table of Contents

In early 2025, BeyondID launched a research initiative to better understand how organizations manage identity security amid rising threats, rapid AI adoption, and mounting compliance pressure.

We surveyed IT and security leaders across healthcare, life sciences, and technology with one goal: to get a clear picture of where teams are confident, and where they may be vulnerable.

What we found surprised us.

Confidence was high, but in many cases, it wasn’t backed by best practices. AI was everywhere, but barely governed, and Identity — despite being the most targeted layer of modern infrastructure — was often underfunded and underserved.

That research resulted in three reports, each focused on a different facet of identity risk. Taken together, they paint a clear picture of the top identity threats in 2025 — and where security leaders need to focus next.

Now, we’re preparing to release our most ambitious report yet.

The State of Cybersecurity Preparedness

The State of Cybersecurity Preparedness is the first report in our series and defines a set of key takeaways from our survey findings. This installation benchmarks how organizations perceive their maturity and outlines what they’re actually doing to secure their identities.

Here’s what we found:

  • Security attacks are more common — and more repeated — than most teams realize.
  • Compliance failures are widespread yet rarely seen as a top priority.
    Organizations claiming to be advanced often fall short on true best practices.
  • AI agents are behaving like users, but aren’t being managed like them.
  • Security leaders may be overestimating AI’s benefits while overlooking its risks.

This gap between perception and execution isn’t just ironic; it’s dangerous. When confidence outpaces controls, threats go unnoticed until it’s too late.

AI Agents: The New Insider Threat?

AI Agents: The New Insider Threat dives into the subject everyone is talking about: AI agents. Here’s what the data revealed:

Organizations are integrating AI agents into core systems without treating them like identities. Where non-human identities (NHIs) like scripts, bots, or autonomous agents are now embedded across workflows but rarely monitored or included in access reviews:

  • Over-permissioned service accounts are widespread.
  • AI systems regularly access sensitive data without oversight.
  • Behavioral monitoring rarely includes automated agents.

AI tools behave like users, but security teams still treat them like infrastructure. That gap is one of the fastest-growing identity threats this year.

The Confidence Paradox: Delusions of readiness in identity security

When we launched our research initiative, we expected variation in program maturity. What we didn’t expect was a near-universal sense of confidence, even (and especially) among teams that don’t govern NHIs or enforce least privilege.

The Confidence Paradox gives our undivided attention to a trend we couldn’t ignore: Teams believe they’re secure but often lack the fundamentals necessary for this to be true. 

What the data showed:

  • 85% of leaders say they could detect an identity-related breach within 24 hours.
  • Fewer than 30% govern NHIs.
  • Only 34% invest more than 20% of their security budget in identity.

Confidence isn’t a problem, but a lack of adequate identity security measures to back it up is. Identity programs are often assumed to be stronger than they are, and that assumption increases risk exposure.

Coming soon: The Identity Economy

Three reports later, we’re now gearing up to release our most comprehensive analysis yet.

Launching at Oktane25, The Identity Economy: How Gaps in Identity Management Enable and Sustain Cybercrime brings together new findings to explore identity as the currency of modern cybercrime.

Inside the report:

  • New data on how identity fuels the cybercrime marketplace
  • Real-world examples of IEVs in action
  • Trends in orphaned identities, AI misuse, and SSO misconfigurations
  • Actionable framework to close the gap between security practices and executive priorities

Get early access

The top identity threats in 2025 aren’t emerging, they’ve already taken root. Start discovering the best ways to fight back today.

Explore BeyondID’s full research series and join us at Oktane25 for a first look at The Identity Economy.

About the Author

Arun Shrestha

CEO and Co-Founder, BeyondID

Arun Shrestha has over 20 years of experience building and leading enterprise software and services companies. As CEO at BeyondID, Arun is committed to building a world-class organization with a mission to help its customers build secure, agile, and future-proof businesses. Arun prides himself on partnering with customers to strategize and deploy cutting-edge technology that delivers top business results. Prior to co-founding BeyondID, Arun held executive positions at Oracle, Sun Microsystems, SeeBeyond, and, most recently Okta, a leading Identity Cloud company that went public in 2017. At Okta, Arun was responsible for delighting customers and building world-class services and customer success organizations. Arun led global services and support organizations at Oracle and Sun Microsystems for systems and software, including Java, SOA, and identity management platforms. Arun brings years of delivering modern IT solutions related to identity, cybersecurity, and cloud to global customers across the Americas, EMEA, and APAC regions. Arun earned his BS in computer engineering and computer science from Graceland University, Iowa.