Analyst(s): Krista Case
Publication Date: May 21, 2025
Identity security vendors are rapidly evolving to address two major market forces: the shift toward platform-led cybersecurity strategies and the explosion of non-human identities (NHIs), including AI agents. Vendors such as CyberArk, Okta, and Keeper are expanding their capabilities to unify identity. Identity security vendors are rapidly evolving to address two major market forces: the shift toward platform-led cybersecurity strategies and the explosion of NHIs, including AI agents. Vendors such as CyberArk, Okta, and Keeper are expanding their capabilities to unify identity governance, access control, and monitoring while securing the lifecycle of both human and machine identities. As platformization blurs competitive boundaries and NHIs become critical components of enterprise infrastructure, successful vendors will be those that offer deep functionality alongside seamless integration across diverse cybersecurity stacks.
Key Points:
- More than 80% of organizations have adopted a platform-based cybersecurity approach, according to Futurum Research, driving vendors to offer unified, interoperable identity solutions.
- The proliferation of non-human identities, including AI agents, service accounts, and Application Programming Interface (API) tokens, is creating urgent demand for scalable, policy-driven security and governance.
- Competitive boundaries are shifting as traditional identity specialists and horizontal security platforms alike converge to deliver comprehensive, identity-centric security ecosystems.
Overview:
At RSAC 2025, identity security vendors demonstrated a clear pivot toward platformization and a sharpened focus on addressing the risks posed by NHIs, including AI agents. The Futurum Group’s analysis highlights how the evolving threat landscape and enterprise IT complexity are driving a convergence of access control, governance, privilege management, and monitoring into unified identity platforms. These developments are not merely a vendor ambition—they reflect customer demand for centralized policy enforcement, reduced operational burden, and greater visibility into an increasingly complex identity landscape.
According to Futurum’s 1H25 Cybersecurity Decision-Maker IQ data, more than 80% of organizations have embraced a platform-led cybersecurity approach in some fashion. While this signals strong interest in simplification and tighter integration, buyers are not abandoning the need for best-of-breed tools. Instead, they increasingly favor solutions that offer modular integration capabilities across identity and security toolchains, including IAM (Identity and Access Management), IGA (Identity Governance and Administration), and MDM (Mobile Device Management) layers. This dual expectation—consolidation with interoperability—has significant implications for vendor strategies. Traditional specialists such as CyberArk and SailPoint are broadening their portfolios to cover adjacent capabilities, while newer entrants such as Keeper and horizontal players such as Cisco, IBM, and OpenText embed identity security into broader ecosystems.
Another major trend reinforced at RSAC 2025 was the rising urgency to secure NHIs. These include AI agents, API tokens, ephemeral workloads, service accounts, and IoT/edge devices—all proliferating across enterprise environments. Unlike human identities, NHIs operate at machine scale, often lack interactive logins, and can execute actions with significant impact, making them a growing security concern. Futurum’s research found threats targeting machine identities to be the second-most-frequently cited identity-related risk in the past year.
Vendors are rising to the challenge. CyberArk, for instance, is leveraging its privileged access management (PAM) expertise to offer visibility, automated lifecycle controls, and governance for AI agents. Okta is building on its Auth0 acquisition with a new offering—Auth for Gen AI—streamlining secure API access and authorization for machine-based workflows. Meanwhile, 1Password introduced its Extended Access Management (XAM) platform, designed to support decentralized access scenarios and secure machine identities with features such as a credential broker software development kit (SDK) for AI agents. These examples illustrate how the identity landscape is expanding beyond humans and why securing NHIs must be a core pillar of any modern identity security strategy.
Ultimately, identity security vendors are navigating a market that demands both breadth and precision. They must deliver unified solutions that reduce identity sprawl and facilitate risk-based, just-in-time access. They also offer granular tools to secure the most ephemeral and abstract forms of digital identity. Integration with broader cybersecurity ecosystems (e.g., SIEM, XDR, data governance) will drive real-time risk insights and incident response. Looking forward, vendors that can meet the dual mandate of platform unification and NHI governance will be best positioned to lead in the next era of identity security.
The full report, Can Identity Security Vendors Keep Pace with Platformization and AI-Driven Threats?, is available via subscription to Futurum Intelligence’s Cybersecurity IQ service—click here for inquiry and access.
Futurum clients can read more in the Cybersecurity Intelligence Platform, and non-clients can learn more here: Cybersecurity Practice.
About the Futurum Cybersecurity Practice
The Futurum Cybersecurity Practice provides actionable, objective insights for market leaders and their teams so they can respond to emerging opportunities and innovate. Public access to our coverage can be seen here. Follow news and updates from the Futurum Practice on LinkedIn and X. Visit the Futurum Newsroom for more information and insights.
Author Information
With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.
