Identity security is going through a reckoning. Organizations spent the last decade hardening user logins with MFA, Conditional Access, and passwordless, yet attackers are still walking in the front door, just not as “users” anymore. In 2026, the battleground has shifted to apps, tokens, and non-human identities that were never designed to be first-class security citizens.
On February 4th, Nicolas Blank and I continued our AppGov Preventive Maintenance Webinar series with ENow to share our Identity Security Predictions for 2026. The session was recorded, so feel free to watch!
Multiple industry reports now frame identity as the dominant attack vector rather than just one control area among many. Cloud platforms, SaaS, and Zero Trust architectures have all converged on a simple truth: if an attacker can obtain or impersonate a valid identity, they inherit everything that identity can touch.
At the same time, the identity universe itself has exploded. Service accounts, API keys, automation bots, and AI agents now outnumber human users by double-digit ratios in many environments, and a tiny fraction of these machine identities control the majority of cloud resources. This shift is reshaping where attackers focus and where your defenses are most likely to fail.
On paper, many Entra ID tenants look “secure”: MFA enabled, risk-based Conditional Access policies, and sign-in logs wired into a SIEM. In practice, recent campaigns show that attackers increasingly avoid the well-defended front door and instead abuse the gaps around OAuth, service principals, and tokens.
One of the most consequential patterns is service principal ownership abuse. In documented scenarios, attackers start with a compromised low-privileged user, discover that this user “owns” an enterprise application (service principal) with a privileged role, and then add a new client secret to that service principal.
From there, they authenticate in an app-only context, completely outside user-centric protections like MFA and interactive Conditional Access, and use the app’s privileges to reset a Global Administrator password or issue a Temporary Access Pass. The result is full tenant compromise from what originally looked like a harmless user account.
The underlying issue is simple but dangerous: ownership and privilege on applications are often misaligned and rarely reviewed.
At the same time, OAuth has shifted from being a convenience protocol to a primary attack vehicle. Recent research into campaigns such as ConsentFix shows that adversaries increasingly abuse legitimate OAuth flows to obtain tokens without ever stealing passwords. Instead of breaking authentication, they weaponize authorization and user consent.
By masquerading as trusted integrations or exploiting pre-approved first-party applications, malicious apps can gain persistent API access with high-value scopes like mailbox data, files, and directory information. Because the grant happens through a “normal” consent flow, most of these attacks blend almost perfectly into expected sign-in patterns unless you are explicitly monitoring consent events and high-risk scopes.
Attackers are also investing heavily in token theft and replay rather than traditional credential harvesting. Primary Refresh Tokens (PRTs) and other long-lived tokens obtained from compromised devices or sessions enable access across multiple cloud resources without any further user interaction.
Combined with weak offboarding processes, this becomes particularly dangerous. Industry data shows that machine identities and tokens often persist long after the associated user has left the organization, providing an abundant pool of stale but still valid access paths.
If you’re responsible for Entra ID security, the most important mental pivot for 2026 is this: your primary risk is no longer “too many users with too many rights” — it’s “too many non-human identities with no owner and no guardrails.”
Recent research highlights that service accounts, API keys, tokens, automation credentials, and other non-human identities outnumber human users by large margins, and a tiny slice of them hold disproportionate power. One report found that about 0.01% of machine identities held control over 80% of cloud resources, underscoring how concentrated and opaque this risk really is.
These identities rarely follow a clean joiner-mover-leaver lifecycle. They are created ad hoc during projects, left behind when teams change, and often granted broad cross-environment permissions to “make things work.” They don’t complain when access is too broad, and they don’t naturally expire when a person changes role or leaves the company.
From an attacker’s perspective, this is perfect:
The growth of AI agents and autonomous workflows will only amplify this. Analysts predict that by 2026, organizations will manage hundreds of thousands, or even millions, of machine identities, many tied to AI systems with authority to move money, update records, or change infrastructure.
On slides and in policy documents, it looks like identity is under control: “MFA everywhere,” “Zero Trust,” “least privilege.” But at scale, several structural weaknesses are becoming impossible to ignore.
Industry surveys show that the overwhelming majority of organizations still rely on manual or semi-manual processes for provisioning, deprovisioning, and entitlement changes. Few have fully automated workflows that tie HR events directly to identity changes across all systems and clouds.
This creates three predictable outcomes: zombie accounts, permission sprawl, and inconsistent policy enforcement between applications and environments. For Entra ID, that often translates into ownerless enterprise apps, service principals with outdated roles, and legacy permissions that nobody wants to touch for fear of breaking something.
Most of the investment of the last decade went into securing human logins: phishing-resistant MFA, Conditional Access, sign-in risk, and user behavior analytics. Non-human identities were largely treated as implementation details for developers and DevOps teams.
As a result, your strongest controls (MFA, device compliance, interactive risk evaluation) often don’t apply to the very identities that hold the keys to your tenant: app-only service principals, automation accounts, and background processes. Attackers have noticed and are actively designing playbooks around these blind spots.
Even in mature SOCs, logs for app authentications, service principal operations, consent events, and token usage often play second fiddle to user sign-ins and endpoint alerts. Many teams don’t maintain baselines for “normal” app behavior — which apps should be signing in from which IPs, at what times, with what patterns of API calls.
Vendors and practitioners are increasingly pointing out that service principal sign-ins and related events are both under-monitored and incredibly rich for early detection, especially in business email compromise and long-term persistence scenarios. Without this visibility, identity attacks look like “business as usual” until the damage is already done.
Putting these threads together, you can see where 2026 is heading for Entra ID and identity security more broadly. Predictions from industry analysts and practitioners converge on a few themes.
Experts expect a wave of breaches driven not by live human users, but by “ghost identities” dormant, abandoned automation bots, and machine accounts that still hold powerful credentials and permissions. As organizations rush to adopt AI agents and automate workflows, the number of these ghost identities is set to explode.
For Entra ID, that means:
Attackers will continue to favor OAuth applications and service principals as their initial foothold rather than end-user accounts. An over-permissioned app with Directory.ReadWrite.All or mailbox access is far more valuable — and often less monitored — than a single phishing-resistant user login.
Campaigns will focus on:
As AI becomes more deeply embedded into identity governance and security operations, adversaries will increasingly design attacks that target AI systems themselves — poisoning training data, impersonating AI agents, or abusing their access to sensitive data and actions.
Predictions suggest that in 2026, security teams will have to treat AI agents as first-class identities, each with its own lifecycle, least-privilege model, and behavior monitoring. That’s a major shift from today’s view of AI as a tool wrapped around existing identity systems.
For someone accountable for the health and security of Entra ID, the takeaway is not “panic about new threats” but “re-aim your existing controls at where risk is actually concentrated.”
In practical terms, that means:
Identity is no longer just an access problem; it is the system of record for who and what can act inside your environment. In 2026, the organizations that do best will be those that stop thinking about “user accounts” and start architecting for a world where non-human identities, AI agents, and OAuth applications are the primary targets — and the primary control plane.
As a continuation of this conversation, Alistair Pugin, Nicolas Blank, and ENow are hosting a live webinar on February 25, 2026. We hope you'll join us for the discussion!
Your Application Security Roadmap - The Real Way to Lock Down Modern Apps in Entra ID
You'll learn practical guidance on:
- How to inventory and classify applications by risk, access, and business impact
- Evaluating application governance practices at each maturity stage
- How to apply least privilege and lifecycle ownership to apps at scale.