Lumos, the industry's first Autonomous Identity Platform, has published its AI, Automation, and Risk in 2026: Identity at a Breaking Point report. The findings reveal a critical inflection point in enterprise security, driven by the dominance of identity-based attacks and the urgent need for agentic AI to provide scalable, intelligent mitigation. Despite high confidence among security leaders, 96% of organizations experienced identity-related incidents in the past year.
Quick Intel
Adversaries increasingly exploit identity as the primary entry point, bypassing complex exploits through credential theft, MFA bypass techniques, and abuse of dormant or over-privileged accounts. While over 90% of security leaders feel prepared to defend against these threats, only 3.8% avoided significant identity incidents last year. The report identifies three core risk drivers: unchecked permission growth, NHI invisibility, and real-time detection gaps.
Machine identities now dominate in many environments, yet governance lags significantly. Dormant accounts, forgotten service accounts, and lateral movement post-breach create persistent blind spots that adversaries exploit relentlessly.
"Organizations stand at a crossroads when it comes to managing and securing identity. As identity-based attacks are on the rise, it's becoming more and more clear existing paradigms both lack the intelligence and require too much manual, operational work to keep pace," said Andrej Safundzic, CEO of Lumos. "This research shows that adopting an agentic approach that brings intelligence, automation, and scale must be on every security leader's agenda in 2026. We've seen firsthand from our customers the incredible impact embracing this innovation can deliver."
Agentic AI emerges as a transformative solution, with strong interest in automating access reviews, enforcing least-privilege and zero-trust policies, enhancing governance analytics, and shrinking exposure windows (e.g., Mean Time to Provision and Mean Time to Detect). However, barriers to full adoption persist, including skepticism toward automated decisions, lack of audit trails, legacy data challenges, and expertise shortages.
The report recommends pivoting toward intelligent automation for user access reviews, dynamic least-privilege enforcement, improved anomaly detection, and faster provisioning/detection cycles to close critical gaps.
About Lumos
Lumos is the first Autonomous Identity platform that empowers organizations with an agentic approach to enhance security, drive productivity, and meet compliance standards. The company's AI-native platform automatically discovers and manages access across customers' entire tool stack. By delivering rich, contextual intelligence, organizations can move beyond rubber stamping to proactively mitigate identity-based risk, all without slowing their business down. Powered by agentic workflows in Albus, the company's leading identity agent, organizations can address security concerns and establish governance that evolve as quickly as your business does. Trusted by hundreds of companies including Pinterest, Anduril, and GitHub, Lumos powers millions of access requests across global companies.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.