Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
How is your enterprise using AI Agents? Help us benchmark security and take the survey before November 30 →

The Layoff Aftershock No One Talks About: The NHIs Left Behind

Published 11/26/2025

Home
Industry Insights
The Layoff Aftershock No One Talks About: The NHIs Left Behind
Originally published by Entro.
Written by Itzik Alvas, CEO & Co-Founder at Entro Security.

Just recently, Microsoft and Intel announced nearly 13,000 layoffs combined. Those headlines reignited conversations about workforce reductions, restructuring, and the human cost of automation and AI.

But beneath the noise lies a quieter, more persistent threat — one that doesn’t make headlines but endangers every organization that downsizes, merges, or reorganizes: the non-human identities (NHIs) that stay behind.

 

The Invisible Aftermath of Workforce Change

This pattern unfolds across companies of every size and sector. Employees leave, but their API keys, automation tokens, service accounts, and hardcoded secrets don’t. These digital fingerprints of their work often remain embedded across systems, repositories, and workflows — untouched, unmanaged, and dangerously over-privileged.

They become the hidden remnants of a former workforce — a perfect target for attackers.

 

What Happens to Secrets When Their Creator Leaves?

Developers and engineers create NHIs every day. A build script needs an access token. A pipeline gets a service account. A chatbot uses an API key.

Each of these NHIs plays a role in keeping operations running. But when the human who created them leaves — whether through layoffs, team shifts, or role changes — those identities rarely follow a formal offboarding process.

Their credentials continue to function, often with the same privileges. No rotation. No expiration. No owner. These orphaned NHIs live on long after their creators are gone — a silent inheritance that adversaries are eager to exploit.

 

Layoffs Aren’t the Only Trigger

Workforce reductions aren’t the only time NHI risk spikes. Mergers and acquisitions (M&A) introduce a second, often riskier, wave of exposure.

When one company acquires another, it inherits not just employees and assets — but every script, automation, and credential created over years of operations. That includes tens of thousands (sometimes hundreds of thousands) of NHIs and secrets, often with no clear ownership or purpose.

Questions pile up fast:

  • Who created them?
  • What do they access?
  • Are they still in use?
  • Are they even safe?

Without visibility and ownership attribution, these inherited NHIs become blind spots — unmonitored entry points that threat actors can weaponize, and auditors will inevitably flag.

 

The Data Is Clear: NHIs Outlive Humans

According to new research from Entro Labs, 1 out of every 1,000 NHIs in enterprise environments is over 10 years old. To put that in perspective, the average employee tenure is only 3.9 years (U.S. Bureau of Labor Statistics).

Humans leave. NHIs don’t.

They don’t give notice. They don’t retire. They don’t fade into the background.

They keep working — often with powerful privileges — long after their creators have logged out for the last time.

 

The New Mandate for Security Teams

As organizations undergo layoffs, restructuring, or M&A, their attack surface shifts dramatically. Security teams can’t afford to treat NHIs as an afterthought.

You need to know:

  • What NHIs exist across your environments
  • What secrets they use
  • Which systems they access
  • Who owns them — and if no one does, who should
  • Which ones are idle, over-privileged, or risky

Without this visibility, dormant NHIs quietly expand your exposure — especially when your workforce is shrinking.

Identity and Access ManagementData SecurityThreat IntelligenceRemote Workforce SecurityRisk Management

Share this content on your favorite social network today!

Cloud Assurance
Related Resources
STAR
The industry's standard for security assurance in the cloud.
Cloud Controls Matrix & CAIQ v4
The standard cybersecurity control framework.
Trusted Cloud Provider
Demonstrate your commitment to holistic security.
Latest from CSA
Managing Privileged Access in a Cloud-First World
Register now for the CSA AI Summit 2026
50% off CCSK, CCZT, & Cloud Infrastructure Security
Unlock Cloud Security Insights

Unlock Cloud Security Insights

Choose the CSA newsletters that match your interests:

Subscribe to our newsletter for the latest expert trends and updates

Level up with Cloud Infrastructure Security Training
Related Articles:
MCP Can Be RCE for You and Me

Published: 11/25/2025

3 Vulnerabilities in Generative AI Systems and How Penetration Testing Can Help

Published: 11/24/2025

How to Measure SOC Efficiency and Performance (Lessons from the Frontlines)

Published: 11/24/2025

The Internet is a Single Point of Failure

Published: 11/21/2025