THE IDENTITY
UNDERGROUND

2025 Year in Review: From Broken MFA to Agentic AI

Q1: MFA FAILURE

Q2: SCALE SHOCK

Q3: AI GOVERNANCE

Q1 2025 REPORT

The Foundation Cracks

26.2%

Real-time Detection Rate

⚠️ The Problem

🛑
MFA is Commoditized Bypass toolkits are cheap and standard. "Fatigue attacks" (push spamming) are effectively bypassing users.
🏚️
Active Directory is "Unsafe by Design" Executives admit AD is a "car without brakes." It cannot handle modern lateral movement attacks.
🙈
The Visibility Gap 73.8% of identity compromises are found only *after* success.

✅ How to Resolve

1. Shift to Passwordless (FIDO2)

Eliminate the phishing vector entirely. Use Windows Hello or YubiKeys. Enforce "Roll Forward, No Roll Back."

2. Continuous Verification

Stop trusting after login. Verify identity continuously based on behavior and signal.

3. Red Team Reality Checks

Prove the risk. Boards ignore theory but react to Red Teams breezing through defenses.

Q2 2025 REPORT

The Scale Shock

20X

More Machine IDs than Expected

⚠️ The Problem

👻
Hidden Identity Sprawl Discovery tools find 10-20x more Service Accounts than IGA lists show.
⏳
Certificate Crisis (47 Days) Cert lifespans are shrinking. Manual rotation teams will drown by 2027.
💸
Governance Bankruptcy Manual governance cannot handle machine speed. It is mathematically impossible.

✅ How to Resolve

1. Zero Standing Privilege (ZSP)

Never give machines permanent admin rights. Use Just-In-Time access that self-destructs.

2. Auto-Discovery (Non-Static)

Use network traffic & code scanning to find accounts. Do not trust your spreadsheets.

3. Automated Secrets Rotation

If a human rotates a key, you failed. Automate rotation via vault integration.

Q3 2025 REPORT

The Agentic Era

Level 3

Autonomous "On-Behalf-Of" Agents

⚠️ The Problem

🤖
"What are you?" Identity has shifted from "Who" to "What". AI Agents create their own credentials.
💉
Model Context Protocol (MCP) Risks New AI protocols allow prompt injection and data leakage. Agents are "over-privileged" by default.
🕸️
Siloed Security Traditional tools can't see AI Agents. They operate in a shadow layer.

✅ How to Resolve

1. The "AI Org Chart"

Create a registry. Every Agent must have an owner, a purpose, and a lifecycle.

2. Runtime Authorization

Evaluate *Intent*. Why is this agent asking for this data? Don't rely on static roles.

3. Identity Fabric

Build a unified mesh layer connecting Cloud, On-Prem, and AI into one governance view.

2025 Action Prioritization Matrix

Quick Wins (High Impact / Low Effort)

✓ NHI Discovery Scan: Run network analysis immediately.
✓ Secrets Scanning: Scan repos for hardcoded keys.
✓ AI Gov Committee: Assign ownership of AI strategy.

Strategic (High Impact / High Effort)

➜ Zero Trust (ZSP): Move to Just-In-Time access.
➜ Identity Fabric: Unify multi-cloud governance.
➜ AI Agent Monitoring: Build behavioral baselines.

Nice to Have (Low Impact / Low Effort)

• Dashboard UI updates
• Generic Compliance Reporting
• User Documentation tweaks

Avoid / Delay (Low Impact / High Effort)

• Building custom IGA platforms
• Replacing IAM platform (Rip & Replace)
• Manual Access Recertification

THE IDENTITYUNDERGROUND

The Foundation Cracks

⚠️ The Problem

✅ How to Resolve

1. Shift to Passwordless (FIDO2)

2. Continuous Verification

3. Red Team Reality Checks

The Scale Shock

⚠️ The Problem

✅ How to Resolve

1. Zero Standing Privilege (ZSP)

2. Auto-Discovery (Non-Static)

3. Automated Secrets Rotation

The Agentic Era

⚠️ The Problem

✅ How to Resolve

1. The "AI Org Chart"

2. Runtime Authorization

3. Identity Fabric

2025 Action Prioritization Matrix

THE IDENTITY
UNDERGROUND