Non-human identity risk is exploding; bots, service accounts, apps, automations, and AI agents that can outnumber humans by 45:1.
In this Cyber Insurance News and Information podcast episode, Martin Hinton talks with Marshall Sorensen (Myriad360) about why permissions sprawl creates cyber insurance, third-party, and breach exposure, and what governance looks like in practice.
In this episode, you’ll learn:
What a non-human identity is and where it hides
Why “Allow access” turns automation into risk
How attackers exploit tokens and over-permissioned tools
Monitoring, lifecycle control, and incident response basics
What insurers and insureds should ask for next
Non-human identities power modern business, but unmanaged permissions create invisible pathways into data, systems, and vendors.
This conversation breaks down practical controls for inventory, least privilege, and monitoring to help teams reduce breach likelihood and improve insurability.
Chapters
00:00 Introduction to Non-Human Identities
01:04 What Are Non-Human Identities?
02:36 Encountering Non-Human Identities Daily
04:14 Scale and Impact of Non-Human Identities
07:44 Myriad360 and Identity Management
12:00 Examples of Non-Human Identities in Use
15:14 Permissions and Transition to Digital Identity
23:53 Turnstiles and Permission Delegation
27:33 Liability and Security Risks of Automation
34:24 Managing Permissions and Access Control
43:46 The Role of AI and Permissions
57:28 Cyber Attacks Exploiting Non-Human Identities
01:09:31 Monitoring and Incident Response
01:16:23 Future Outlook and AI’s Role in Security
01:20:01 Building a Security Culture
01:20:52 Final Thoughts and Advice
