It’s not a secret (pun intended) that non-human identities (also known as machine identities) have exploded in both scale and significance. As the enterprise ecosystem fragments across Cloud, SaaS, legacy On-Prem data centers, CI/CD, and now AI agents, the question is no longer “Is this a problem?” but “How bad is it, and where do we start?”
NHIs have become the unseen backbone of modern enterprise infrastructure. But they’re now also the weakest link: a growing number of high-impact breaches are driven by compromised secrets, tokens, service accounts, and automation that operate quietly and often without guardrails.
In fact, the hardest question many CISOs and security teams still struggle to answer is:
“How many NHIs do we even have, and where are they?”
So We Built a Calculator to Help You Find Out
We wanted to give the industry a simple, no-hassle way to get an estimated view into the NHI sprawl inside their environment - without deploying anything or handing over any sensitive data.
Our NHI Scope Calculator takes a few high-level, non-confidential data points - like your employee count, industry, and tech stack - and returns an estimate of how many NHIs you likely have today across Cloud, SaaS, and On-Prem, how many you’ll have in 12 months, and where things are headed in 3 years.
It’s not a crystal ball. But it’s grounded in reality - specifically, in real-world data from a wide range of organizations we’ve worked with, from lean, cloud-first SMBs to sprawling multi-cloud enterprises with tens of thousands of employees. We’ve spent months analyzing this data across time, verticals, and technologies to surface consistent and meaningful patterns.
For example: In the retail and healthcare sectors, which are typically less tech-oriented, we consistently observed lower NHI volumes. These organizations tend to rely on more traditional systems like on-prem AD and legacy infrastructure. By contrast, BFSI (banking, financial services, insurance) and technology companies often operate deep in cloud, code, and CI/CD terrains, with vaults, ephemeral compute, and automation layers, and naturally accumulate significantly more NHIs as a result. We've seen these patterns across dozens of real environments, and the calculator reflects those trends directly.
What the Calculator Considers
The model behind the calculator incorporates several variables we’ve found to be highly predictive:
- Vertical - Tech and financial services companies have the highest NHI density due to their reliance on cloud, code, and CI/CD pipelines.
- Employee count - Coupled with the vertical, this is a reliable leading indicator of identity sprawl, especially as more roles involve DevOps and automation.
- Cloud providers - The more CSPs involved, the more complex the terrain (though typically, only one CSP is the “anchor”).
- Tech stack mix - Where there’s heavy use of SaaS, vaults, CI/CD, and infrastructure as code, you can expect a spike in service accounts, OAuth apps, access keys, and secrets.
Take OAuth applications as a specific example: We consistently see a near 1:1 ratio between employees and OAuth apps. That’s because virtually every information worker with a desktop or laptop - especially if they access cloud services or web tools - is likely to have at least one OAuth-based SaaS integration installed. And each of those apps leverages an OAuth token to access organizational data programmatically, qualifying them as NHIs in our book.
Why This is So Hard
The core of the NHI problem is fragmentation - not just across the identities themselves, but also across the tools that manage them (or attempt to). NHIs are created every day by developers, engineers, IT teams - and increasingly, even end-users. Every time someone registers for a new SaaS app that asks for data access via OAuth, they introduce another non-human identity into the environment. This happens quietly, sometimes weekly (if not daily), and it often flies under the radar.
The result is that even well-staffed security teams are flying partially blind. CNAPPs, CSPMs, secret scanners, and SaaS security tools all help - but each only sees a slice. And worse, they sometimes create the illusion of visibility while leaving large swaths unmonitored.
We’ve seen security teams surprised to learn that parts of their stack were even in use. That’s the reality of modern infrastructure: things move fast, and NHIs move faster.
Awareness is the First Step
We built the NHI Scope Calculator because we believe that solving a problem starts with seeing it clearly.
If you don’t know the size of your NHI surface, you can’t protect it. And you definitely can’t communicate its urgency to the business or justify the resources to tackle it.
So try it. It’s free, fast, and private.
No emails, no commitments - just data-driven insight.
