The Identity Underground just released their first public report. For the unfamiliar, it’s where IAM practitioners and security executives talk about what’s working, what’s not, and what keeps them up at night. I’ve caught glimpses of what goes on inside. Now everyone gets to see the data. Here’s what caught my eye, and why I think it matters.
It validates something I’ve felt for a long time, and I suspect many of you have, too. There’s a gap between the conversations happening in boardrooms and the reality on the ground. Executives are preparing for AI-driven threats and Agentic AI governance. Practitioners are still fighting credential stuffing and identity abuse. And everyone’s being asked to do both with infrastructure that should’ve been retired a decade (maybe two) ago.
When I read the Pulse, I saw the frustration, and the progress, that rarely makes it into industry reports.
Two worlds, one job
The report frames identity security as “two axes of tension.” That landed for me.
On one axis you have legacy infrastructure versus AI-era challenges. On the other, practitioners fighting daily credential attacks versus executives managing board-level pressure to adopt AI agents.
The data tells the story.
54% of executives cite AI-enhanced threats as their top concern for 2026. Meanwhile, 43% of practitioners say credential stuffing and password spraying are still their most frequent attacks.
82% say legacy infrastructure actively creates identity security risk. And 61% point to NTLM authentication as their primary legacy headache.
This isn’t a contradiction. It’s the same reality viewed from different seats. Practitioners are in the trenches handling what’s hitting them today. Executives are scanning the horizon for what’s coming. Both are right. Both are stretched thin.
The report’s framing stuck with me: “Maintaining infrastructure that should have been retired years ago while planning for threats that don’t exist yet.”
Sound familiar?
The visibility problem is worse than I expected
One stat stopped me cold. Only 5% of organizations feel confident they have a complete inventory of non-human identities.
Five percent.
Meanwhile, 37% have 21 or more third-party companies with access to their systems. Service accounts, API keys, workload identities. They’re everywhere, and they don’t fit traditional governance models. No manager to approve access. Often no owner at all.
The report calls this “the non-human identity frontier.” I’d call it a blind spot hiding in plain sight.
We can see attacks. We can’t stop them fast enough.
Here’s the good news. 68% of executives say they’re confident in their ability to detect identity-based attacks.
Here’s the catch. Only 8% attribute that confidence to real-time detection with automated response. The rest are relying on manual remediation.
The report describes identity teams as “human APIs,” pulling logs from the IdP, checking PAM, querying IGA, pivoting to SIEM, matching timestamps, and correlating manually. All while attackers move at machine speed.
That image will stay with me.
So what does this mean?
The Pulse paints a picture of an industry in motion. Organizations are consolidating tools, investing in platforms, modernizing where they can. But they’re doing it while keeping legacy systems alive because the business still depends on them.
The report notes that 55% are implementing unified identity security platforms. 69% are deploying SIEM with identity analytics. That’s real momentum.
Where Silverfort fits
Reading the Pulse, I kept seeing themes we’ve been talking about at Silverfort for years.
Hed Kovetz, our CEO, contributed an article to the Pulse titled “Everything, Everywhere, All at Once: Identity Security Fragmentation.”
His argument is that identity security should consolidate. We can expect a similar path as we witnessed in early cloud security days, with siloed controls that couldn’t scale. Unified platforms emerged because organizations demanded visibility across environments. Identity is no different.
The need to protect all identities, everywhere. Human and non-human. Cloud and on-prem. Legacy and modern. End-to-end.
We believe the answer isn’t more point solutions. It’s a platform that sees everything, understands context, and enforces policy at runtime, without adding friction that drives users to workarounds.
I’d encourage you to download the full report and see what resonates with your own experience. The Identity Underground built this from practitioner input, not analyst assumptions. That shows.
And if you find yourself nodding along thinking “I knew it wasn’t just me,” share it with your team. That’s the whole point.
The consolidation wave is here. The question is whether you’re riding it or getting caught in the undercurrent.
report
The Identity Underground Annual Pulse 2026
Read the survey results of 150+ identity and security executives and practitioners on how they're addressing top cybersecurity concerns