SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft

FOE CSO Online March 19, 2026

Summary

SpyCloud's 2026 Identity Exposure Report indicates a significant rise in non-human identity (NHI) theft, including exposed API keys and session tokens. Attackers are increasingly targeting these machine identities, alongside traditional PII and credentials, to gain faster, more persistent access to cloud and enterprise environments.

IFF Assessment

FOE

The increasing exposure and exploitation of non-human identities like API keys and session tokens provide attackers with broader and more persistent access to critical systems and data.

Defender Context

Defenders must prioritize the security of non-human identities, which are becoming a primary attack vector. This includes implementing strict access controls, regular rotation of API keys and tokens, and continuous monitoring for their exposure in the criminal underground.

Read Full Story →