The category

What is Non-Human Identity Security?

Sabiki Security·Category overview·5 min read
In a typical Microsoft 365 tenant, non-human identities already outnumber people, and AI is minting more every week.
1 human to ~45 non-human identities
Human users Non-human identities (service accounts, OAuth apps, workload IDs) AI agents & copilots: the new, fastest-growing slice
Machine-to-human identity ratio approximately 45:1 (Gartner). Service accounts, OAuth apps and workload identities already dominate; AI agents and copilots are the newest and fastest-growing part, and the one almost no tenant governs today.

As organisations deploy Microsoft Copilot, autonomous AI agents and intelligent automation, thousands of new digital identities are created. Non-Human Identity Security is the discipline of continuously discovering, understanding, governing and scoring these autonomous, non-human identities, before they become the next breach.

The category, defined

Every AI feature is an actor. A Copilot, an agent, an automation, an API integration, a service principal: each is granted its own identity and its own standing access to mail, files and data. These are non-human identities, and they already outnumber human ones ~45 to 1 on Gartner’s estimate, with some vendor telemetry running as high as 144 to 1.1

Non-Human Identity Security is the practice of treating those identities as first-class citizens of your security programme: knowing every one that exists, what it can reach, who owns it, whether it is still needed, and how much damage it could do. It is continuous, not point-in-time, because the population changes every time someone switches on another AI feature.

You cannot govern, or safely adopt, what you cannot see.

Why traditional IAM was not built for this

Identity and access management, privileged access management and cloud posture tools were designed around people and infrastructure: a human logs in, an admin grants a role, a server runs a workload. non-human identities break those assumptions. They act on their own, hold permissions continuously rather than only at login, are created faster than any review cycle, and are frequently unowned the moment the person who connected them moves on. Access reviews built around humans miss them entirely.

The four functions of Non-Human Identity Security

The discipline resolves to one continuous, always-on loop:

Why now

Three forces are converging. AI adoption is exploding across Microsoft 365, so the identity population is exploding with it. Attackers have noticed that a quiet, over-permissioned agent is an easier path than a hardened human account. And regulators are moving: the EU AI Act, DORA, ISO/IEC 42001 and NIST AI RMF all now expect organisations to know and govern their AI systems. Gartner projects that by 2027, 40% of enterprises will decommission or demote autonomous AI agents because of governance gaps found only after production incidents.2

Where Sabiki fits

Sabiki AIRM is the independent Non-Human Identity Control Plane for Microsoft 365: the platform that performs all four functions across every tenant, agentless and read-only, and produces an independent Sabiki NHI Risk Score. It is additive to Microsoft, Microsoft builds and enables AI; Sabiki independently governs and secures the identities it creates, including the third-party and non-conforming agents Microsoft's own naming-based discovery misses.

1 Gartner (analyst estimate, ~45:1); vendor telemetry: Entro Labs, NHI & Secrets Risk Report (H1 2025), 144:1. 2 Gartner, “Applying Uniform Governance Across AI Agents Will Lead to Enterprise AI Agent Failure”, May 2026. Third-party research cited for context; Sabiki is not affiliated.

See Non-Human Identity Security on a real tenant.

Register free and run one read-only NHI Risk report on any Microsoft 365 tenant, and see every non-human identity and what it can reach.

Free NHI Risk Score →
← Back to home
How AIRM differs

The difference isn't a feature. It's who we're built for.

Non-human identity security is a real and growing category, and there are good platforms in it. Almost all of them are built to be sold directly to one enterprise, for one tenant, across many clouds. AIRM is built to be delivered by one MSP, across every client tenant, deep into Microsoft 365. That is a structural difference, not a feature list, and no product release changes it.

Microsoft, natively Enterprise NHI platforms Sabiki AIRM
Who buys it The tenant owner, as part of a licence The enterprise CISO, sold direct The MSP, on behalf of every client
Tenancy One tenant One tenant, one contract Multi-tenant. Every client in one console
Scope Microsoft's own identities and agents Broad and cross-cloud Microsoft 365, deep
Deployment Native to the platform Agents, connectors, integration work Read-only and agentless. Roughly five minutes
Priced per User or seat Enterprise contract Microsoft 365 tenant, from $149/month
Independence Microsoft assessing Microsoft Independent Independent and cross-vendor
What the buyer gets Platform controls A security programme A service line they can resell, at 25 to 40 percent margin

We have deliberately not named individual vendors, and we have not compared feature lists. Feature tables go stale the week they are published, and a claim about somebody else's product is a claim we cannot verify from the outside. Every row above describes a structural choice, which is checkable, stable, and the honest basis for a comparison. If you are evaluating AIRM against a specific platform, ask us and we will tell you plainly where they are stronger.

The short version. The enterprise NHI platforms are excellent, and they are built for a CISO with a budget and an integration team. An MSP has neither, and has fifty tenants. Nobody else is doing non-human identity security for Microsoft 365, delivered through MSPs, priced per tenant. That is not a gap in their products. It is a different business.