1. Website Planet
  2. >
  3. Blog
  4. >
  5. The Growing Threat of Non-Human Identities: Insights from Anetac CEO Tim Eades
The Growing Threat of Non-Human Identities: Insights from Anetac CEO Tim Eades

The Growing Threat of Non-Human Identities: Insights from Anetac CEO Tim Eades

Predrag Vlatkovic Written by: Predrag Vlatkovic
Anetac is redefining identity security by tackling one of the biggest blind spots in cybersecurity: unmanaged and overprivileged identities. Today, Co-Founder & CEO Tim Eades discusses how his team built a platform that helps organizations discover, understand, and mitigate these hidden vulnerabilities before they lead to breaches. Website Planet has the pleasure.

Can you give us a brief overview of Anetac as a company?

I’m the CEO and Co-Founder of Anetac, a company built entirely around customer centricity. Before launching, we interviewed 35 different enterprises—from shipping companies and telcos to retailers and banks—and discovered a common vulnerability: identity-based security weaknesses that often lead to breaches. Recognizing this widespread issue, we assembled an expert team to tackle the problem head-on. Our approach was deeply iterative; we transcribed our interviews like court reporters, meticulously analyzing the underlying challenges.

Throughout the product development phase, we maintained close collaboration with customers, refining our solution repeatedly to address their real-world concerns. The result is a platform that does exactly what it promises: it discovers, helps understand, and manages identity vulnerabilities. These vulnerabilities often stem from human and non-human accounts that have been exposed and left unmanaged—dormant credentials, overprivileged accounts, and even credentials that have been sitting for nearly two decades. Since these overlooked access points create easy entry for attackers, our solution ensures organizations can identify and mitigate these risks proactively.

Anetac was born from this customer-driven process, and we continue to prioritize real-world security challenges in everything we do.

For those unfamiliar with the term, can you explain what Non-Human Identities (NHIs) are and what risks do they present?

Non-Human Identities (NHIs) refer to digital credentials that belong to systems, applications, or automated processes rather than human users. These could be APIs, service accounts, AI agents, or cloud workloads—all of which require credentials to access different systems.

To illustrate, imagine a hotel with 3,000 rooms. The floor manager, maintenance team, and room service staff all need keys to enter specific rooms, while some employees hold master keys that grant access to everything. Over time, keys are lost, misplaced, or even taken by employees who leave—but no one deactivates them. Some of the rooms are event join, so one of them leads to another. In cybersecurity terms, these forgotten, overprivileged, or poorly documented credentials create massive vulnerabilities.

This issue is even more critical because NHIs outnumber human accounts by at least 3 to 4 times, and with the rapid adoption of AI-driven architectures, this gap is widening. Every API, AI service, and automation tool introduces more credentials into the system—many of which are poorly documented and easily exploited by attackers.

Without proper discovery, management, and monitoring, NHIs become a security blind spot, allowing cybercriminals to move laterally across systems, access sensitive assets, and escalate privileges without detection.

What is the Importance of Discovering NHIs?

Before you can secure and manage something, you have to understand it really well. Discovery is the foundation of effective security—without it, any attempt to fix or control NHIs could lead to unintended consequences.

Many of these identities are critical to business operations, and a misstep—such as revoking access to an unknown but active NHI—could shut down a payment gateway, disable a database, or disrupt essential services. Additionally, some NHIs may only be active seasonally, like tax-related processes that appear once a year, making continuous monitoring essential.

By carefully discovering and tracking NHIs over time, organizations can develop accurate treatment plans—ensuring that security measures are effective, appropriate, and precise. Without this, companies risk introducing new vulnerabilities rather than closing existing ones.

How does your platform actually work?

Anetac’s platform is designed to be simple, efficient, and minimally disruptive for identity and access management (IAM) and CISO teams. The process begins with a 14-day assessment that requires just 15 to 30 minutes of keyboard time from an internal team member. During this period, Anetac collects data from logging and inventory infrastructure to uncover identity vulnerabilities. Within seven days, organizations receive a snapshot report, followed by a comprehensive final report at the end of the assessment.

Each vulnerability is assigned an impact score, helping teams prioritize where to start and why, considering factors such as legacy protocols and bad chain exposures that create security risks. An example would be an application that goes to Lambda that goes to GitHub. If you make a mistake in the application, you can be completely exposed. Anetac then partners with organizations to address these vulnerabilities, ensuring a smooth resolution process. Since launching, the company has worked with banks, healthcare organizations, colleges, shipping companies, and airlines, proving that identity security is a widespread challenge across industries. By keeping the process streamlined and easy to adopt, Anetac enables organizations to quickly identify and mitigate identity-based risks without disrupting operations.

In today’s world, some would say that a cybersecurity strategy is Incomplete without service account security. What’s your stance on that?

I completely agree that a cybersecurity strategy is incomplete without service account security. Identity-related vulnerabilities have been a known issue for a long time, and organizations have been deploying various tools and solutions to address them. However, service account security has now become absolutely critical—not just for organizations but also in the eyes of regulators and CISOs—due to the continuous occurrence of breaches.

I recently spoke with the CISO of a major European bank that has 1,000 employees in IT, with 250 dedicated solely to identity management. Despite investing heavily in people and products over the years, identity security remains an ongoing challenge. The positive takeaway from that conversation is that there is now significant budget, focus, and attention on this issue. The key to moving forward is not just awareness but the application of better, more effective tools to truly mitigate identity-based risks.

Is there anything else about your work that you’d like to share that we haven’t covered?

One of the most rewarding parts of this journey has been building a company with a strong foundation of customer centricity and a culture that prioritizes solving real-world problems. Whether it’s working with colleges, banks, telcos, or retailers, our focus remains on delivering clear and simple solutions to complex identity security challenges. This is my fourth company as a CEO, and we are applying every lesson learned along the way to ensure that our approach is as effective and impactful as possible.

To learn more about Anetac, you can visit anetac.com

Predrag Vlatkovic
Predrag Vlatkovic
Predrag is a talented individual who hails from Serbia. Despite leaving behind his dreams of becoming a Full-Stack developer, he has found a new passion in content writing. With a strong interest in IT-related fields, including mobile development, Predrag is now happy to be able to write about his favorite topics. His expertise in these areas makes him an excellent resource for anyone seeking valuable insights into the world of technology.

Follow our experts on
Rate this Article
5.0 Voted by 4 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Required Field Maximal length of comment is equal 5000 chars Minimal length of comment is equal 50 chars
0 out of minimum 50 characters
Reply
View %s replies
View %s reply
Related posts
Show more related posts
Reply to
0 out of minimum 50 characters
Complete your reply Complete your comment
The name is too short The name is too long The name contains invalid characters
The email is required The email is incorrect
Thank you, - your comment was submitted successfully!
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
Thank you, , your comment was submitted successfully!

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Thank you for signing up!

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

1 1 1

So happy you liked it!

Share it with your friends!

1 1 1

Or review us on 1

3620179
50
5000
114315794