- New five-pillar framework helps organizations rapidly identify areas of concern, and the most impactful risk reduction actions
- New AI Security pillar surfaces data, tool use, and secrets exposure across enterprise environments, and risks often invisible to traditional identity and security tools
- Findings Explorer maps recommendations to NIST 800-53 and MITRE ATT&CK frameworks, helping organizations align their work to broader security and compliance initiatives
ATLANTA, June 01, 2026 (GLOBE NEWSWIRE) — BeyondTrust, the global leader in privilege-centric identity security protecting Paths to Privilege™, today announced an expanded Identity Security Risk Assessment (ISRA), a feature of BeyondTrust Identity Security Insights®. Built around a new five-pillar analysis framework, ISRA now maps the full identity attack surface across human, non-human, and AI identities, enabling teams to discover and act on risk with the speed and confidence continuous security demands. The enhanced assessment delivers deeper visibility into identity hygiene risks, effective privilege, AI security exposures, and emerging attack pathways across domains, while helping organizations align remediation efforts to frameworks including NIST 800-53 and MITRE ATT&CK.
Designed as the critical first step toward continuous identity security, ISRA gives organizations a clear, prioritized view of their highest-impact identity risks, creating the foundation needed to move from point-in-time assessments to an ongoing security improvement program.
“For years, organizations focused primarily on managing human identities. Today, machine identities, secrets, and AI agents often outnumber people by orders of magnitude, creating new attack paths that security teams struggle to see,” said Morey Haber, Chief Security Advisor, BeyondTrust. “Understanding who has access is no longer enough. Organizations need visibility into what has access, how those privileges connect, and where threat actors can exploit those relationships to move laterally through an environment.”
Identity Security Requires a More Connected View of Risk
Identity risk has become increasingly difficult to understand across cloud, SaaS, hybrid infrastructure and AI-driven automation through traditional identity security approaches. Human users, service accounts, secrets, non-human identities, and AI agents often exist across disconnected systems, creating access relationships that are rarely visible through a single tool or team.
Attackers are exploiting these hidden connections. Rather than targeting individual accounts, they navigate identity environments as interconnected privilege pathways, identifying indirect routes to elevated access that often go undetected.
At the same time, security operations teams frequently lack the identity context needed to effectively prioritize and remediate risk. The enhanced Identity Security Risk Assessment addresses these challenges through a new five-pillar framework that helps organizations identify hidden attack paths, understand effective privilege, uncover emerging AI-related risks, and align remediation efforts to established security frameworks and operational workflows.
New Five-Pillar Framework Delivers Comprehensive Identity Risk Analysis
The updated assessment organizes findings across five analytical pillars designed to help organizations understand and prioritize identity risk:
- Environment Overview – Provides a unified view of human, non-human, and AI identities across connected infrastructure, cloud, and SaaS environments while highlighting lifecycle and access hygiene issues.
- True Privilege™ – Reveals hidden privilege escalation paths, indirect access relationships, and cross-domain attack paths that often remain invisible to traditional identity management tools.
- Security Themes – Identifies common identity hygiene risks, including dormant privileged accounts, exposed credentials, excessive permissions, password-related risks, and joiner-mover-leaver gaps.
- AI Security and Emerging Themes – Surfaces shadow AI agents, unauthenticated models, exposed secrets, and other emerging identity risks associated with agentic AI adoption.
- Findings Explorer – Consolidates and risk-scores detections and recommendations into a single interface, with recommendations mapped to NIST 800-53 and MITRE ATT&CK frameworks to help organizations move from discovery to remediation and strengthen alignment between identity and security operations teams.
“What consistently surprises organizations is how much effective privilege exists beyond direct role assignments,” said Jason Silva, Principal Solutions Architect, BeyondTrust. “Accounts that appear low risk on paper often have indirect access paths through nested groups, delegated permissions, cloud entitlements, or connected applications. By helping organizations visualize those relationships, the enhanced assessment provides a clearer understanding of where identity risk exists and which exposures should be prioritized first.”
Organizations using BeyondTrust Identity Security Insights are already leveraging these capabilities to uncover previously unknown identity risks and prioritize remediation efforts.
“We had Pathfinder for one week. The AI traced a nested AD group granting local admin, accurately, at a depth we couldn’t do manually,” said Shannon Anderson, VP, BISG Security Engineering – Identity and Access Management, Broadridge Financial Solutions, Inc. “It surfaced accounts with no owner that we had no idea existed. But what it really did was give us a way to prioritize. We resolved the highest-risk issues and we’re in a much stronger defensive position now. Once you see it, you can’t unsee it.”
The enhanced assessment builds on BeyondTrust’s broader vision for simplifying identity security operations. Following the recent introduction of PathfinderAI, BeyondTrust continues to expand the ways organizations can discover, understand, and act on identity risk across increasingly complex environments.
Availability
Recently named a ‘Most Innovative Identity Security Solution’ in the 2026 Global InfoSec Awards by Cyber Defense Magazine, the assessment is available free of charge and can typically be connected in less than an hour, with findings delivered within 24 hours. Organizations that continue with BeyondTrust Identity Security Insights® can leverage the assessment as a continuously updated capability within the Pathfinder Platform for ongoing visibility into identity risk.
BeyondTrust will demonstrate the latest ISRA capabilities, including True Privilege analysis, AI Security visibility, and Findings Explorer, at Gartner Security & Risk Management Summit this week. To request an assessment, visit https://www.beyondtrust.com/products/identity-security-insights/assessment or stop by booth #835.
About BeyondTrust
BeyondTrust is the global leader in privilege-centric identity security protecting Paths to Privilege™. Identity alone doesn’t create risk. Privilege does. As human, machine, and AI agent identities explode across every environment, BeyondTrust is the only company built to discover, control, and secure privilege across all of them from a single platform. Trusted by 20,000+ customers, including 75 of the Fortune 100, and recognized as a multi-category leader by top industry Analysts, BeyondTrust reframes identity security from a management problem into a strategic advantage.
Learn more at www.beyondtrust.com.
Follow BeyondTrust:
X: https://twitter.com/beyondtrust
Blog: https://www.beyondtrust.com/blog
LinkedIn: https://www.linkedin.com/company/beyondtrust
Facebook: https://www.facebook.com/beyondtrust
For BeyondTrust:
BeyondTrust Public Relations
P: (516)-521-5582
E: BeyondTrust@icrinc.com
