The Identity Underground Annual Pulse 2026

Looking After the Old While Keeping an Eye Out for the Future

You're reading something that wasn't supposed to exist. The Identity Underground is a closed community for leading IAM practitioners and identity security executives. Everything shared inside stays inside. Just ground truth about securing identity when the board wants AI agents and your infrastructure is still running NTLM. Then our members voted to share this year's survey findings publicly.

The picture that emerges isn't crisis. It's transformation in progress. Organizations are simultaneously defending against current attacks while building architecture for future threats.

Sort out the legacy before the future kicks in. That’s the operational reality heading into 2026.

WHAT'S INSIDE

In This Annual Pulse You'll Learn:

Why 82% of organizations are fighting legacy infrastructure while preparing for AI agent threats

Where executive roadmap diverges from practitioner reality

What eight industry leaders are seeing as the industry evolves

How investors evaluate which identity gaps are worth funding

Annual Pulse Preview

Annual Pulse 2026

Download the Full Annual Pulse

PDF file size: 24.5MB

Share

Audience

Who is This For

Identity Practitioners, CISOs, CIOs and Security Architects at mid to large enterprises.

Identity Practitioners

who want to know what's working in production.

CISOs

making investment decisions based on reality, not demos.

CIOs

building identity infrastructure that needs to handle both legacy debt and AI agents.

Security Architects

bridging legacy infrastructure with modern identity security requirements.

KEY STATS

150+ Identity Executives and Practitioners Were Surveyed. This is What They Had to Say:

Executives

Practitioners

Legacy Burden:
0%

report legacy infrastructure creating additional security risk.

Executive AI Anxiety:
0%

cite AI-enhanced threats as their primary concern for the year ahead.

Non-Human Identity Blind Spot:
0%

of executives identify lack of visibility into non-human identities as a major concern.

The Protocol Problem:
0%

cite NTLM as their primary encounter credential stuffing legacy challenge - it enables lateral movement.

Practitioner Attack Reality:
0%

encounter credential stuffing and password spraying as their most frequent attack.

Streamlining Policies:
0%

say security policies prevent legitimate work.

"IAM is no longer a back-office IT function. It has become a frontline cyber defense capability. Yet in many organizations, IAM still operates in isolation from core Cyber Defense, creating dangerous blind spots. This
disconnect is no longer sustainable."
Keshav Santi

Keshav Santi

Global VP Security Architecture & IAM Products, Ahold Delhaize

"Traditional trust relies on accountability, judgment, and ethical reasoning. Qualities AI systems simply don't possess. An AI agent processing financial data doesn't understand breach consequences. It doesn't experience shame, fear legal repercussions, or feel moral obligation."
Susanne Elizer Senoff

Susanne Senoff

CISO, PROS

Annual Pulse 2026

Download the Full Annual Pulse

PDF file size: 24.5MB

Share

Looking after the old while keeping an eye out for the future isn't a burden; it's leadership. Fix the foundation. Build what comes next.
That's how industries evolve successfully.

The Identity Underground

An exclusive network driving the future of identity security

Join The Network