In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing.
According to new research from the Ponemon Institute, hundreds of applications within the typical enterprise remain disconnected from centralized identity systems. These “dark matter” applications operate outside the reach of standard governance, creating a massive, unmanaged attack surface that is now being aggressively exploited—not just by human threat actors, but by autonomous AI agents.
The Invisible Threat: Disconnected Apps & AI Amplification
Modern enterprises have invested heavily in IAM and Zero Trust, but the “last mile” of identity—legacy apps, localized accounts, and siloed SaaS—remains a stubborn blind spot.
The entry of AI into the workforce has turned this gap from a compliance headache into a critical vulnerability. As organizations deploy AI copilots and autonomous agents to increase productivity, these agents often require access to the very systems that sit outside your centralized control.
The result? AI agents are inadvertently amplifying credential risks, reusing stale tokens, and navigating paths of least resistance that your security team can’t even see.
Join the 2026 Identity Maturity Briefing
To help security leaders navigate this “Confidence Gap,” The Hacker News is hosting an exclusive webinar featuring Mike Fitzpatrick (Ponemon Institute) and Matt Chiodi (CSO, Cerby).
They will break down the latest findings from over 600 IT and security leaders and provide a tactical roadmap for closing the identity gaps that lead to audit friction and stalled digital initiatives.
In this session, you will uncover:
- Exclusive 2026 Benchmark Data: See how your identity maturity compares to your peers.
- The “Shadow AI” Factor: Understand how AI agents are expanding your disconnected surface area.
- The Cost of Manual Management: Why relying on manual password and credential fixes is a losing strategy in 2026.
- Practical Remediation Steps:Learn exactly what leading organizations are doing now to regain control of every application.
Why You Should Attend
If you are leading an identity, security, or compliance strategy, “doing more of the same” is no longer an option. This conversation is designed to move you beyond theoretical maturity and into operational control.
Secure your spot now to get the data-driven insights you need to protect your organization’s most fragmented—and most targeted—asset: Identity.
Register for the Webinar: Identity Maturity Under Pressure →
About The Author
Original post here
