BeyondTrust Tackles AI Identity Risk with New Security Framework

ATLANTA, GA – June 01, 2026 – In a move that directly confronts the burgeoning security challenges of artificial intelligence, BeyondTrust today announced a significant expansion of its Identity Security Risk Assessment (ISRA). The update introduces a new five-pillar framework designed to map the full identity attack surface, extending its protective lens to cover not only human and machine accounts but also the rapidly proliferating class of AI identities.

The enhanced assessment, a feature of the company's Identity Security Insights® platform, aims to give security teams a unified, prioritized view of their most critical identity risks. By adding a dedicated 'AI Security' pillar and mapping its findings to established frameworks like NIST and MITRE ATT&CK, BeyondTrust is positioning itself to address a threat landscape that is becoming exponentially more complex and often invisible to traditional security tools.

The New Identity Battleground: Securing AI Coworkers

The modern enterprise is no longer staffed solely by humans. It is a hybrid workforce of people, automated service accounts, and now, increasingly autonomous AI agents. This new reality has created a critical “AI blind spot” for many organizations. While machine identities already outnumber human employees, the introduction of agentic AI—autonomous agents that can act and make decisions independently—represents a paradigm shift in identity security.

These AI agents, often deployed rapidly to boost productivity and innovation, require privileged access to data and systems to function. If left unmanaged, they create new, potent attack vectors. BeyondTrust’s new framework directly confronts this emerging threat with its 'AI Security and Emerging Themes' pillar, which is designed to surface shadow AI agents, unauthenticated models, and exposed credentials used by AI tools. The goal is to illuminate risks that are often invisible to security teams who are still focused primarily on human user accounts.

"For years, organizations focused primarily on managing human identities. Today, machine identities, secrets, and AI agents often outnumber people by orders of magnitude, creating new attack paths that security teams struggle to see," said Morey Haber, Chief Security Advisor at BeyondTrust. "Understanding who has access is no longer enough. Organizations need visibility into what has access, how those privileges connect, and where threat actors can exploit those relationships to move laterally through an environment."

Unmasking the Full Attack Surface

Beyond AI, the expanded assessment reinforces the need for a holistic view of all identities. The framework’s pillars—Environment Overview, True Privilege™, Security Themes, AI Security, and Findings Explorer—work in concert to provide a comprehensive picture of risk. A key innovation highlighted is 'True Privilege™', a capability that moves beyond static role assignments to reveal hidden and indirect paths to elevated access.

In complex, interconnected IT environments, an account that appears low-risk on paper might possess dangerous effective permissions through nested group memberships, delegated cloud entitlements, or connections to other applications. These are the subtle, indirect pathways that attackers are adept at finding and exploiting. By visualizing these relationships, the assessment helps organizations understand their actual, rather than theoretical, risk posture.

"What consistently surprises organizations is how much effective privilege exists beyond direct role assignments," noted Jason Silva, Principal Solutions Architect at BeyondTrust. "By helping organizations visualize those relationships, the enhanced assessment provides a clearer understanding of where identity risk exists and which exposures should be prioritized first."

This capability has already demonstrated its value for early adopters. Shannon Anderson, VP of BISG Security Engineering at Broadridge Financial Solutions, Inc., shared a powerful experience: “We had Pathfinder for one week. The AI traced a nested AD group granting local admin, accurately, at a depth we couldn't do manually. It surfaced accounts with no owner that we had no idea existed. But what it really did was give us a way to prioritize.”

From Insight to Actionable Compliance

Identifying risks is only half the battle. To be effective, security insights must be translated into prioritized, actionable tasks. BeyondTrust’s new 'Findings Explorer' aims to bridge this critical gap between discovery and remediation. The feature consolidates all detections and recommendations, scores them by risk, and, crucially, maps them to the NIST 800-53 and MITRE ATT&CK frameworks.

This integration is a significant boon for overburdened security and compliance teams. By aligning findings with NIST 800-53, a standard for federal information systems, the assessment helps organizations streamline compliance reporting and demonstrate adherence to regulatory controls. Simultaneously, mapping to the MITRE ATT&CK framework provides vital context by showing how a specific vulnerability could be exploited by adversaries using known tactics and techniques. This allows security operations centers (SOCs) to prioritize fixes based on real-world threat behaviors, focusing their efforts where they will have the most impact on organizational defense.

This approach helps transform identity security from a series of point-in-time audits into a continuous improvement program, providing a common language that security technicians, compliance officers, and executive leaders can all understand.

A Differentiated Approach in a Crowded Field

The identity security market is fiercely competitive, with major players like CyberArk, SailPoint, and Okta all racing to address the challenges of modern identity sprawl. While many vendors are incorporating AI to enhance their own platforms, BeyondTrust’s strategy of creating an explicit pillar to secure AI identities within a broader risk assessment framework is a notable differentiator.

By offering the initial assessment free of charge with findings delivered within 24 hours, the company is making a confident play to demonstrate its value quickly. This approach effectively lowers the barrier to entry for organizations to gain visibility into their most pressing identity risks, including those they may not have known existed within their AI deployments. As enterprises continue to embrace AI, the ability to discover, control, and secure the privileges of every identity—human, machine, and AI agent—from a single, unified platform will become not just an advantage, but a necessity.