Webinar Highlights Widespread Identity Gaps Threatening Enterprises in 2026
What Happened — New Ponemon Institute research presented in a live webinar reveals that hundreds of applications in a typical enterprise remain “dark,” i.e., disconnected from centralized identity systems, despite maturing IAM programs. The report warns that these gaps are expanding the attack surface, especially as generative AI tools enable automated credential harvesting and privilege escalation.
Why It Matters for TPRM —
- Unmanaged “dark” applications become hidden third‑party risk vectors that can be leveraged for data exfiltration or ransomware.
- AI‑driven credential‑spraying attacks can exploit orphaned accounts at scale, increasing breach probability.
- Vendors that integrate with an organization’s IAM stack may inherit these gaps, amplifying supply‑chain exposure.
Who Is Affected — Enterprises across all sectors that rely on SaaS, on‑premise, and hybrid applications; IAM solution providers; MSPs managing identity services.
Recommended Actions — Conduct an inventory of all applications and services, map them to identity providers, remediate orphaned accounts, enforce zero‑trust policies, and incorporate AI‑assisted identity monitoring into third‑party risk assessments.
Technical Notes — The research cites that up to 40 % of enterprise apps lack proper SSO or MFA enforcement, creating a fertile ground for credential‑theft attacks. No specific CVEs are referenced; the risk stems from systemic mis‑configuration and insufficient governance. Source: The Hacker News – Webinar on Closing Identity Gaps in 2026