Research from CyberArk reveals that 92% of UAE organisations suffered at least three identity-related breaches in the last 12 months. With machine identities now outnumbering humans 116 to 1, the report warns that AI-driven identity complexity is outpacing traditional security controls and increasing financial risk.
The study found that machine identities now outnumber humans 116 to 1 in the UAE, a sharp increase of 73% compared to 2025, when the ratio of human to machine identities in the country was just 67. The current ratio in the UAE is significantly above the EMEA average of 110 to 1, which itself marked an increase of 36% on 2025. The increase in machine identities has been driven by AI identities, with the number expected to grow faster than both human and machine identities. UAE organisations are expecting a steep rise in the number of identities they use over the next 12 months across:
- Human identities (78% expect growth in this area)
- Machine identities (90% expect growth in this area)
- AI identities (78% expect growth in this area)
The main factors driving the increase in identities over the next 12 months in the UAE are: AI & LLMs (44% expect growth in this area), machine identities such as IoT and bots (40% expect growth in this area) and the adoption of more cloud applications (44% expect growth in this area). With digital expansion overtaking workforce growth as the main driver of identities, organisations need to rethink how identity risk is managed. As a result, there is increasing pressure to extend visibility, control and governance across an increasingly complex identity mix.
At the enterprise level, identity threats are now a sustained operational reality, not isolated incidents, where 96% of UAE organisations have experienced an identity-related breach. Security professionals acknowledge that identity complexity is outpacing control. For instance, UAE organisations are slightly better prepared than their EMEA counterparts for impending shortening of certificate lifecycles, with 70% of UAE organisations not fully automating renewals and monitoring across all certificate environments compared to the EMEA average of 76%. These incomplete automation risks are turning operational strain into financial and security exposure, with the expected financial impact of this for a UAE-based organisation being AED998,920 ($272,000).
Other key stats from the research include:
- In the UAE, 37% of AI agents and machine identities have access to their organisation’s data, on average, which may include sensitive information such as financial records or high value systems.
- Only a minority of UAE organisations use behavioural monitoring and credential revocation for their autonomous AI agents (38% and 36% respectively), conversational AI agents (30% and 32% respectively) and Gen AI agents (32% and 28% respectively).
- The vast majority (90%) of UAE respondents agree that fragmented identity systems and tools are impacting or delaying their organisation’s ability to detect and respond to identity-related threats.
Laurence Elbana, Sales Director, Identity – Middle East and North Africa, Palo Alto Networks, says, “The explosion of machine identities in the UAE and across the EMEA region represents a fundamental shift in the enterprise attack surface. With AI-driven identities projected to continue accelerating in the next year, organisations are facing a reality where identity complexity is rapidly outpacing traditional security controls.
“The fact that 96% of organisations have suffered an identity-related breach in the UAE proves that as AI agents gain more access to sensitive data, security leaders must move beyond manual processes. To close the gap, organisations must embrace end-to-end automation and unified governance. Otherwise, the risks of expanding AI and machine identities will only continue to intensify.”
The path forward is clear: As machine and AI identities become the primary inhabitants of enterprises, organisations must transition from fragmented, manual oversight to a unified, automated identity security approach. Managing the 116:1 machine identity to human ratio requires a platform-driven strategy that allows organisations to keep pace with innovation whilst securing every entity, human, machine, or agent.
