How big is your non-human identity estate?
Machine and AI-agent identities already outnumber your people by orders of magnitude — and they're growing ~44% a year. Size your estate in about 10 seconds and see how much of it is stale, holding standing access, or completely ungoverned.
Want the financial view too? Try the PlainID ROI Calculator to size the value of governing it all.
Fast estimate. Enter your numbers below — the projection updates live. Benchmarks come from public industry research; every input is yours to adjust.
non-human identities across your environment — roughly 80× your 5,000-person workforce, at a 80:1 ratio.
Identity population mix
Humans vs non-agent NHIs vs AI agents — as a share of all 405K identities.
What's at risk today
12-month projection
That's 176,000 new non-human identities to govern in the next year alone.
Industry benchmark: only ~7% of organizations have governance that specifically covers their AI agents today.
~400K non-human identities, ~340K ungoverned — that's 80× your workforce.
Directional estimate. Ratios: legacy 45:1 (Rubrik), hybrid 80:1 (CyberArk), cloud-native 144:1 (Entro); +44% YoY growth; 48% stale; 70% standing access. Every input is adjustable.
Get the full benchmark report
See how your estate compares — NHI-to-human ratios by industry, AI-agent adoption curves, stale-and-standing exposure, and the run-time authorization patterns leaders use to govern every identity. Share a few details and we'll send it over.
Non-human identities — frequently asked questions
How the model works and what it measures.
What is a non-human identity (NHI)?
A non-human identity is any credential or identity that isn't a person — service accounts, API keys, tokens, certificates, workload identities, bots and AI agents. In most enterprises NHIs already outnumber human users by tens to hundreds to one, and AI agents are accelerating that growth. They authenticate, hold access and act on systems just like humans do, but they are rarely governed with the same rigor.How does this estimator size my NHI estate?
It multiplies your human headcount by a non-human-to-human ratio that varies with your environment — roughly 45:1 for legacy/on-prem, 80:1 for hybrid and 144:1 for cloud-native estates (Rubrik, CyberArk and Entro benchmarks). It then projects AI-agent identities as a share of that total based on your adoption stage, applies a +44% twelve-month growth rate, and uses your governance-coverage slider to estimate how much of the estate is currently ungoverned.Why are so many identities stale or holding standing access?
Non-human identities are easy to create and hard to retire. Service accounts and keys are provisioned for a project and then forgotten; roughly 48% end up stale or orphaned. And because most are granted persistent, always-on privileges rather than just-in-time access, about 70% carry standing access — a large, mostly invisible attack surface. AI agents make this worse: they spin up fast, act autonomously and multiply quickly.Only 7% of organizations govern their AI agents — what does that mean for me?
It means most security and IAM programs were built for humans and haven't caught up to autonomous, fast-moving agent identities. As agents move from pilots to production, ungoverned agents can request access, chain permissions and act at machine speed without a human in the loop. Run-time, policy-based authorization lets you govern every identity — human, machine and AI agent — with the same continuous controls.How accurate are these numbers?
This is a directional sizing estimate, not an audit. The ratios and fractions reflect public industry research and typical enterprise patterns, and every input is adjustable so the projection reflects your reality. For a precise picture, request the full NHI Governance Benchmark Report and a PlainID specialist can map it to your actual environment.