Just recently, Microsoft and Intel announced nearly 13,000 layoffs combined. These headlines together with the growing adoption of AI agents, stirred conversations about workforce reductions, restructuring, and human cost. But buried beneath the surface of every major layoff or merger is a quieter, growing security threat: the non-human identities (NHIs) that stay behind.
As leaders in NHI security, Entro sees this pattern unfold across organizations of every size. While employees depart, their API keys, service accounts, automation tokens, and hardcoded secrets often remain. These are the digital fingerprints of their work, and if left unmanaged, they become dangerous leftovers.
Enterprise Security for AI Agents & Non-Human Identities
What Happens to Secrets When Their Creator Is Gone?
Developers and engineers create NHIs constantly. A script needs an access token. A CI/CD pipeline gets a service account. A chatbot receives an API key. These NHIs are embedded into infrastructure, software and workflows to keep the business running.
But when the humans who created them leave, whether due to layoffs, team shifts, or role changes, those identities rarely get the same offboarding treatment. They persist, often with the same access privileges, even when they are no longer needed.
These are called orphaned NHIs. And they are a gift to attackers.
Layoffs Are Not the Only Trigger
Organizational shake-ups don’t stop at layoffs. Mergers and acquisitions (M&A) introduce a second, often riskier, scenario.
When one company acquires another, it inherits not just employees and assets, but every script, automation, and identity the acquired company created. That includes thousands, sometimes hundreds of thousands of NHIs and secrets.
Most of them come without context. Who created them? What do they access? Are they still in use? Are they safe?
Without visibility and ownership attribution processes, these unknown NHIs become blind spots that threat actors can exploit and auditors will flag.
The Data Is Clear: NHIs Stick Around
According to an upcoming report by Entro Labs, 1 out of every 1,000 NHIs in enterprise environments is more than 10 years old. To put that in perspective, the U.S. Bureau of Labor Statistics reports that the median employee tenure is just 3.9 years.
While human users naturally cycle in and out of an organization, NHIs often persist indefinitely. They don’t retire. They don’t give notice. They don’t fade into the background. They keep working, unless someone notices and revokes their access.
What Enterprises Need to Do
Security teams cannot afford to treat NHIs as afterthoughts. Especially during times of organizational change, when the attack surface is already shifting and defenses are stretched thin.
You need to know:
- What NHIs exist across your environment
- What secrets they use
- What systems they access
- Who owns them — and if no one does, who should
- Which ones are idle, over-privileged, or risky
How Entro Helps
Entro was purpose-built to secure the identities that don’t sit in front of a screen. The platform automatically discovers every NHI across your cloud, code, collaboration tools, and CI/CD stack. We link them to their secrets, map their lineage, identify their purpose, and assign real ownership, even if the original creator is long gone.
In mass layoffs scenarios, Entro can flag orphaned NHIs and unused secrets within minutes. In M&A transitions, we give security teams a complete, contextualized inventory of their newly inherited NHIs so nothing slips through the cracks.
Even when your organization changes, your attack surface doesn’t have to grow.
