BeyondTrust, the global leader in privilege-centric identity security protecting Paths to Privilege™, has announced an expanded Identity Security Risk Assessment (ISRA), a feature of BeyondTrust Identity Security Insights®. Built around a new five-pillar analysis framework, ISRA now maps the full identity attack surface across human, non-human, and AI identities, enabling teams to discover and act on risk with the speed and confidence continuous security demands. The enhanced assessment delivers deeper visibility into identity hygiene risks, effective privilege, AI security exposures, and emerging attack pathways across domains, while helping organizations align remediation efforts to frameworks including NIST 800-53 and MITRE ATT&CK.

Designed as the critical first step toward continuous identity security, ISRA gives organizations a clear, prioritized view of their highest-impact identity risks, creating the foundation needed to move from point-in-time assessments to an ongoing security improvement program. 

“For years, organizations focused primarily on managing human identities. Today, machine identities, secrets, and AI agents often outnumber people by orders of magnitude, creating new attack paths that security teams struggle to see,” said Morey Haber, Chief Security Advisor, BeyondTrust. “Understanding who has access is no longer enough. Organizations need visibility into what has access, how those privileges connect, and where threat actors can exploit those relationships to move laterally through an environment.”

Identity Security Requires a More Connected View of Risk

Identity risk has become increasingly difficult to understand across cloud, SaaS, hybrid infrastructure and AI-driven automation through traditional identity security approaches. Human users, service accounts, secrets, non-human identities, and AI agents often exist across disconnected systems, creating access relationships that are rarely visible through a single tool or team.

Attackers are exploiting these hidden connections. Rather than targeting individual accounts, they navigate identity environments as interconnected privilege pathways, identifying indirect routes to elevated access that often go undetected.

At the same time, security operations teams frequently lack the identity context needed to effectively prioritize and remediate risk. The enhanced Identity Security Risk Assessment addresses these challenges through a new five-pillar framework that helps organizations identify hidden attack paths, understand effective privilege, uncover emerging AI-related risks, and align remediation efforts to established security frameworks and operational workflows.

New Five-Pillar Framework Delivers Comprehensive Identity Risk Analysis

The updated assessment organizes findings across five analytical pillars designed to help organizations understand and prioritize identity risk:

• Environment Overview – Provides a unified view of human, non-human, and AI identities across connected infrastructure, cloud, and SaaS environments while highlighting lifecycle and access hygiene issues.
• True Privilege™ – Reveals hidden privilege escalation paths, indirect access relationships, and cross-domain attack paths that often remain invisible to traditional identity management tools.
• Security Themes – Identifies common identity hygiene risks, including dormant privileged accounts, exposed credentials, excessive permissions, password-related risks, and joiner-mover-leaver gaps.
• AI Security and Emerging Themes – Surfaces shadow AI agents, unauthenticated models, exposed secrets, and other emerging identity risks associated with agentic AI adoption.
• Findings Explorer – Consolidates and risk-scores detections and recommendations into a single interface, with recommendations mapped to NIST 800-53 and MITRE ATT&CK frameworks to help organizations move from discovery to remediation and strengthen alignment between identity and security operations teams.

“What consistently surprises organizations is how much effective privilege exists beyond direct role assignments,” said Jason Silva, Principal Solutions Architect, BeyondTrust. “Accounts that appear low risk on paper often have indirect access paths through nested groups, delegated permissions, cloud entitlements, or connected applications. By helping organizations visualize those relationships, the enhanced assessment provides a clearer understanding of where identity risk exists and which exposures should be prioritized first.”

Organizations using BeyondTrust Identity Security Insights are already leveraging these capabilities to uncover previously unknown identity risks and prioritize remediation efforts.

The enhanced assessment builds on BeyondTrust’s broader vision for simplifying identity security operations. Following the recent introduction of PathfinderAI, BeyondTrust continues to expand the ways organizations can discover, understand, and act on identity risk across increasingly complex environments.

Availability

The assessment is available free of charge and can typically be connected in less than an hour, with findings delivered within 24 hours. Organizations that continue with BeyondTrust Identity Security Insights® can leverage the assessment as a continuously updated capability within the Pathfinder Platform for ongoing visibility into identity risk.