The Open Worldwide Application Security Project, OWASP, has just released its top 10 non-human identities risks for 2025. While other OWASP resources broadly address application and API security, none focus specifically on the unique challenges of NHIs. This new document fills that gap, addressing risks that are often overlooked but have critical implications for organizational security.
This release is a significant milestone in the cybersecurity landscape, as one of the most trusted security communities now recognizes the term Non-Human identities (NHIs) and that this is a significant issue that needs to be addressed by the enterprise. Given the growing number of breaches stemming from NHI credential leaks or misuse, this release is very timely.