AI Agents and Vibe Coding: Redefining Digital Identity and Security Models (guptadeepak.com)

The old assumptions about digital identity have collapsed: non-human identities are multiplying (about 96 NHIs per human in financial services today; analysts forecast ~80:1 across industries soon), AI agents are becoming autonomous at scale (Gartner predicts one-third of enterprise apps will include agents by 2028; agentic identities may exceed 45 billion by end of 2025) and "vibe coding"—rapid AI-generated development—is spiking insecure code. Together these trends create blind spots: AI workloads trigger far more authentication activity (148× human rates), 23.7M secrets were exposed on GitHub in 2024, and repositories using Copilot leaked secrets 40% more often. Veracode found 45% of AI-generated code introduces vulnerabilities, with XSS and log-injection failures in ~86–88% of cases. Surveys show 79% of organizations use agents, 80% of IT pros have seen agents act unpredictably, yet only ~10% have an agent-management strategy. Technically, the problem is that OAuth/SAML/legacy IAM assume static identities, predictable access patterns and human accountability—none of which fit ephemeral, dynamically privileged agents that can delegate authority. Real-world incidents (Cloudflare, U.S. Treasury, Lovable) demonstrate how mismanaged NHIs and AI-generated code expand blast radii. The takeaway: security teams must adopt continuous discovery, centralized visibility for NHIs and agents, ephemeral credentials and least-privilege, automated lifecycle and policy enforcement, and shift security left into AI prompt engineering and code-generation workflows to prevent the next large-scale compromise.