Why IAM, PAM, and Zero Trust all leave the same credential gap

When Medibank's systems were breached in October 2022, exposing the personal health information of 9.7 million customers, investigators traced the attack's origin to compromised credentials. Despite multi-million-dollar investments in identity and access management systems, privileged access management tools, and emerging zero-trust architectures, the fundamental vulnerability remained unchanged: users controlled their own credentials, making them inherently susceptible to social engineering and phishing attacks.

The persistent credential problem in financial services

Financial institutions face a structural paradox. They implement sophisticated security frameworks—identity and access management (IAM) for user authentication, privileged access management (PAM) for critical system access, and zero-trust architectures for network security—yet credential compromise remains the primary attack vector. The 2023 Verizon Data Breach Investigations Report found that stolen credentials were involved in 49% of breaches across all sectors, rising to 55% specifically within financial services.

This vulnerability stems from a fundamental design flaw: organisations authenticate identity but delegate credential control to users. Whether accessing core banking systems, insurance underwriting platforms, or customer databases, employees create, remember, and manage passwords themselves. This human element introduces systemic risk that no amount of perimeter security can eliminate.

Regulatory frameworks acknowledge this reality. The Financial Conduct Authority's operational resilience requirements mandate that firms "identify, monitor and manage" operational risks, explicitly including cyber threats. Similarly, Solvency II requires insurers to maintain "effective system of governance" over operational risks, while PCI DSS standards demand "strong access control measures" for payment processing environments.

The scale of credential vulnerability

Recent data illustrates the magnitude of this challenge. IBM's 2023 Cost of a Data Breach Report found that compromised credentials were the most common initial attack vector, present in 16% of all breaches and resulting in an average cost of $4.62 million per incident. For financial services specifically, this figure rises to $5.90 million—the highest across all industries.

The European Banking Authority's 2023 risk assessment identified credential compromise as a "high-priority risk" for EU financial institutions, noting a 78% increase in successful phishing attacks targeting banking credentials between 2022 and 2023. Within insurance, Lloyd's of London reported that 68% of cyber insurance claims in 2023 originated from compromised user credentials, representing £2.1 billion in total payouts.

Perhaps most concerning is the persistence of this vulnerability despite security investments. Gartner estimates that global spending on IAM solutions reached $16.9 billion in 2023, yet credential-based attacks continue to increase. The Ponemon Institute found that 65% of organisations experienced credential-related security incidents within the past 24 months, despite implementing multi-factor authentication and privileged access management systems.

Why current security architectures fail

Traditional security tools address symptoms rather than the underlying structural problem. IAM systems excel at verifying user identities once credentials are provided, but cannot prevent credential theft in the first place. PAM solutions secure privileged accounts through session monitoring and access controls, yet remain vulnerable if underlying credentials are compromised through phishing or social engineering.

Zero-trust architectures represent the most sophisticated approach, continuously verifying access requests and assuming no implicit trust. However, even zero-trust models typically rely on user-controlled credentials for initial authentication. If attackers obtain these credentials through phishing—increasingly sophisticated attacks that can bypass multi-factor authentication—they can potentially satisfy zero-trust verification requirements.

Single sign-on (SSO) solutions, while improving user experience, actually increase risk concentration. A single compromised credential can provide access to multiple systems, amplifying potential damage. Multi-factor authentication adds security layers but remains vulnerable to advanced phishing techniques and SIM-swapping attacks.

A structural approach to credential control

The solution requires fundamentally restructuring credential ownership. Rather than users creating and controlling credentials, organisations must generate, distribute, and manage all authentication materials directly. This approach ensures users never see, store, or transmit credentials—eliminating the human element that enables phishing and social engineering.

Under this model, credentials remain encrypted within organisational control systems, released only for specific authentication events through secure channels. Users authenticate through biometric or hardware-based methods, triggering automated credential release without human intervention. This architecture makes credentials "unphishable"—attackers cannot steal what users never possess.

Implementation requires minimal disruption to existing systems. Current IAM, PAM, and zero-trust investments remain valuable, enhanced by removing their shared vulnerability point. Authentication becomes organisationally controlled while preserving established access management frameworks.

Strategic implications

Financial institutions and insurers face a clear choice: continue investing in perimeter security while leaving the credential gap exposed, or address the structural vulnerability directly. Given regulatory pressures, rising breach costs, and increasing attack sophistication, organisations that fail to control credentials face escalating operational and reputational risks.

The technology exists to eliminate credential-based vulnerabilities entirely. The question is whether financial services leaders will recognise that identity verification and access control, while necessary, are insufficient without organisational credential control.

The PAM credential problem: why the vault is only as secure as the technician who holds the key

In August 2024, CrowdStrike's incident commander revealed how a single privileged credential had enabled attackers to maintain persistence across their environment for weeks before the global outage. The breach highlighted a fundamental flaw in how managed service providers (MSPs) approach privileged access management: even the most sophisticated vault is worthless if technicians can be tricked into surrendering the keys.

For MSPs managing hundreds of client environments with elevated privileges, this represents an existential threat. Every technician with privileged access becomes a potential breach vector, regardless of how securely those credentials are stored.

The managed services credential conundrum

MSPs face a unique credential challenge. Unlike traditional enterprises managing a single environment, they require privileged access to hundreds or thousands of client systems. A single Level 2 technician might hold administrative credentials for dozens of client domains, cloud platforms, and critical infrastructure systems.

This creates what security professionals term "credential sprawl at scale". Each technician becomes a walking master key to multiple client environments. Traditional privileged access management (PAM) solutions attempt to secure these credentials in vaults, but they fundamentally rely on human operators who must authenticate themselves to retrieve credentials when needed.

The model assumes that verifying a technician's identity is sufficient to grant access. But this assumption proves catastrophically flawed when that technician receives a convincing phishing email or falls victim to social engineering. Once an attacker compromises the technician's authentication method, they inherit access to every client system that technician can reach.

The data tells a stark story

According to Verizon's 2024 Data Breach Investigations Report, 68% of breaches involved a human element, with phishing attacks increasing by 76% year-over-year. For MSPs, these statistics translate into amplified risk across their entire client base.

The Ponemon Institute's 2024 Cost of Insider Threats report found that credential theft incidents cost organisations an average of $4.99 million per breach, with MSPs facing additional liability through their client contracts. More concerning, the report revealed that 60% of insider threat incidents involved privileged users – exactly the technician population that MSPs rely upon for daily operations.

Research from the Cybersecurity and Infrastructure Security Agency (CISA) shows that 90% of successful cyberattacks involve compromised credentials. For MSPs, this means that traditional identity verification – even with multi-factor authentication – creates a single point of failure that can cascade across multiple client environments.

The UK's National Cyber Security Centre reported that MSPs were targeted in 47% of supply chain attacks in 2023, with compromised privileged credentials being the primary attack vector in 73% of these incidents.

Why existing security tools fail the MSP model

Most organisations deploy a stack of identity and access management tools: privileged access management (PAM) vaults, single sign-on (SSO) platforms, multi-factor authentication (MFA), and increasingly, zero trust frameworks. Yet breaches continue to occur with regularity.

The fundamental problem lies in a flawed equation that underpins all these solutions: identity equals access. Every existing tool operates on the principle that verifying who someone is should determine what they can access. Prove your identity through passwords, biometrics, or hardware tokens, and the system grants corresponding access rights.

This approach creates an inherent vulnerability. No matter how sophisticated the identity verification process, once an attacker successfully impersonates a legitimate user, they inherit all that user's access rights. A compromised MSP technician doesn't just represent a single breach – they represent potential compromise across every client environment they can access.

PAM vaults exemplify this problem. They secure credentials behind robust authentication, but ultimately rely on human operators to retrieve and use those credentials. The vault protects credentials at rest, but cannot prevent a compromised technician from accessing and misusing them. SSO and MFA simply move the vulnerability to different authentication factors, while zero trust frameworks still depend on identity verification as their foundation.

Separating identity from access

The solution requires abandoning the identity-equals-access paradigm entirely. Instead of asking "who is this person and what should they access?", the question becomes "how do we enable necessary business functions without exposing credentials to human operators?"

This approach, termed "credential-less access", ensures that users never see, hold, or control the credentials that grant them system access. Rather than storing credentials in a vault for retrieval, the organisation generates, encrypts, and manages every credential centrally. When a technician needs to access a client system, the credential is transmitted directly to the target system without ever being visible to the user.

MyCena's patented solution demonstrates this principle in practice. When an MSP technician needs administrative access to a client's domain controller, they don't retrieve a password from a vault. Instead, the system generates an encrypted credential, transmits it directly to the target system, and establishes the session without the technician ever seeing the authentication material.

This makes phishing attacks fundamentally impossible. An attacker who compromises a technician's device or account finds no credentials to steal. The technician themselves cannot accidentally expose credentials because they never possess them. Social engineering attacks fail because there are no secrets for the technician to reveal.

From a regulatory compliance perspective, this approach addresses requirements across multiple frameworks. SOC 2 Type II controls around credential management become demonstrable through technical architecture rather than policies and procedures. ISO 27001's requirements for privileged access management shift from administrative controls to automated technical controls. For MSPs serving regulated industries, this provides auditable evidence of credential security without relying on human behaviour.

The path forward for MSPs

The credential problem facing MSPs requires architectural change, not additional layers of identity verification. organisations that continue to operate on the identity-equals-access model will find themselves vulnerable regardless of their security investment.

MSPs should evaluate their current credential exposure across their technician workforce. How many client environments could be compromised if a single technician fell victim to a phishing attack? What would be the financial and reputational impact of a breach that cascaded across multiple client environments?

The transition to credential-less access represents a fundamental shift in security architecture, but it addresses the root cause rather than symptoms. For MSPs facing increasing regulatory scrutiny and client security requirements, this approach provides demonstrable protection against the attack vectors that have proven most successful against their sector.

The question is not whether MSPs will face credential-based attacks, but whether they will implement solutions that make such attacks impossible before they become the next headline.

SolarWinds: How One Vendor Credential Reached 18,000 Organisations Including the US Government

On 13 December 2020, cybersecurity firm FireEye disclosed that nation-state attackers had infiltrated SolarWinds' Orion network management software, creating what would become the most significant supply chain cyberattack in history. The breach exposed a fundamental vulnerability in how organisations manage vendor access: a single compromised credential cascade through 18,000 customers, including nine US federal agencies and Fortune 500 companies.

The attack began with attackers inserting malicious code into SolarWinds' software updates between March and June 2020. When customers installed routine updates, they unknowingly granted attackers persistent access to their networks. This breach demonstrated how vendor credential management failures can transform trusted business relationships into national security threats.

The Critical Gap in Government Vendor Access Control

Defence and public sector organisations face a unique challenge in vendor credential management. Unlike private companies that can limit third-party access, government agencies require extensive contractor and vendor integration for everything from IT infrastructure to classified research programmes. Each vendor relationship creates potential attack vectors through shared credentials, privileged access, and interconnected systems.

The SolarWinds incident exposed how traditional credential management approaches fail at scale. Government agencies typically manage vendor access through manual processes, shared accounts, or basic identity management systems that assume credentials remain secure once issued. This assumption proved catastrophic when attackers gained access to SolarWinds' internal systems and leveraged existing vendor credentials to move laterally across customer networks.

The attack succeeded because it exploited the trust relationship between vendors and customers. SolarWinds' legitimate credentials provided attackers with authorised access to customer systems, bypassing traditional perimeter security controls. For government agencies handling classified information or critical infrastructure, this represented a complete failure of access control architecture.

The Scale of Compromise: By the Numbers

The SolarWinds breach affected approximately 18,000 organisations that downloaded compromised software updates, according to SolarWinds' own SEC filings. However, the attackers demonstrated strategic targeting, with Microsoft estimating that fewer than 1,000 organisations were actually compromised through follow-on activities.

Among confirmed victims, nine US federal agencies were breached, including the Departments of State, Treasury, Homeland Security, Energy, and Commerce. The attackers maintained persistent access for up to nine months before detection, with some intrusions continuing for months after the initial disclosure.

Financial impact data reveals the true cost of credential compromise. SolarWinds reported spending over $18 million on incident response in 2021 alone, while facing multiple federal investigations and lawsuits. The company's market capitalisation fell by approximately $3.3 billion in the weeks following disclosure, according to financial filings.

The UK's National Cyber Security Centre identified that British government departments were among those affected, though the full extent remains classified. Similar impacts were reported across NATO allies, demonstrating how vendor credential compromise can cascade across international government networks.

Why Traditional Security Tools Failed

The SolarWinds attack succeeded despite extensive deployment of modern security tools across victim organisations. Identity and Access Management (IAM) systems failed because they authenticated legitimate SolarWinds credentials — the attackers were using valid access tokens obtained through the supply chain compromise.

Privileged Access Management (PAM) solutions, designed to control high-value accounts, proved ineffective because the attackers leveraged standard vendor access rather than obviously privileged credentials. The malicious code operated within normal software update processes, avoiding PAM monitoring focused on administrative activities.

Single Sign-On (SSO) and Multi-Factor Authentication (MFA) provided no protection because attackers bypassed these controls entirely. Once inside victim networks through legitimate SolarWinds access, attackers could move laterally without triggering authentication challenges designed for external access.

Zero Trust architectures, increasingly adopted across government agencies, failed to prevent the breach because they still relied on validating credentials rather than controlling their creation and distribution. The fundamental assumption — that credentials can be trusted once verified — remained intact and exploitable.

These tools address authentication and monitoring but do not solve the core problem: organisations cannot control credentials they allow others to create and hold. Vendor credentials, by definition, exist outside organisational control boundaries, creating persistent blind spots in security architecture.

Structural Solution: Organisational Credential Control

The SolarWinds breach demonstrates that effective security requires organisations to maintain complete control over all credentials accessing their systems, including vendor access. This means shifting from credential verification to credential generation and distribution.

Under a controlled credential model, organisations generate all access credentials centrally, distribute them in encrypted form, and maintain continuous revocation capability. Vendors and contractors never possess plaintext credentials, eliminating the possibility of credential theft or misuse. Access becomes truly unphishable because users cannot disclose credentials they do not hold.

This approach transforms vendor relationships from trust-based to verification-based. Rather than trusting vendors to secure their own credentials, organisations maintain cryptographic control over access rights. When vendors require system access, they request specific permissions that are granted through encrypted credential distribution, not permanent credential sharing.

MyCena's patented technology implements this model by ensuring users never see or control their own credentials. The system generates cryptographically secure credentials, distributes them in encrypted form, and enables instant revocation across all access points. For government agencies, this means vendor access can be controlled with the same rigour applied to classified information handling.

Implications for Defence and Public Sector Leaders

The SolarWinds breach created lasting regulatory and operational changes across government agencies. The US Executive Order on Cybersecurity (EO 14028) now mandates specific controls for software supply chains and vendor access management. Similar requirements are emerging across allied nations, creating compliance obligations that traditional security tools cannot address.

Government leaders must recognise that vendor credential compromise represents a systemic risk requiring architectural solutions, not incremental security improvements. The shift toward controlled credential distribution will become a requirement, not an option, as regulatory frameworks evolve.

Organisations should immediately audit vendor access arrangements and identify credentials existing outside their direct control. Each uncontrolled credential represents a potential SolarWinds-style compromise vector that could provide attackers with authorised access to critical systems.

The lesson from SolarWinds is clear: in an interconnected threat environment, credential control cannot be delegated to third parties, regardless of trust relationships or contractual obligations. Security architecture must assume credential compromise and design accordingly.

One vendor credential. Every operator they serve. The supply chain cascade.

When hackers breached Colonial Pipeline in May 2021, shutting down America's largest fuel pipeline for six days, investigators traced the attack to a single compromised credential belonging to a former employee. That one password — likely harvested from the dark web — gave DarkSide ransomware operators access to the entire network, triggering fuel shortages across the Eastern seaboard and $4.4 million in ransom payments.

The incident exposed a fundamental vulnerability in critical infrastructure: the cascade effect of credential compromise through supply chains. One breached vendor credential can unlock access to dozens of downstream operators, creating systemic risk that regulators are only beginning to understand.

The multiplier effect in critical infrastructure

In the energy sector, a single technology vendor typically serves multiple grid operators, pipeline companies, and power generation facilities. When that vendor's credentials are compromised, attackers gain potential access to every client in their portfolio. The mathematics are stark: one successful phishing attack can multiply into dozens of simultaneous infrastructure breaches.

This supply chain credential risk is particularly acute in industrial control systems, where vendors require privileged access to monitor and maintain critical operational technology. A single engineering firm might hold administrative credentials for wind farms across three states. A SCADA software provider could have remote access capabilities across dozens of water treatment facilities.

The problem extends beyond direct vendor relationships. Subcontractors, consultants, and temporary workers create additional credential pathways, each representing potential vectors for lateral movement through interconnected infrastructure networks.

The scale of exposure

Recent data from the Cybersecurity and Infrastructure Security Agency reveals the scope of this vulnerability. CISA's 2023 Critical Infrastructure Threat Assessment identified credential compromise as the initial attack vector in 82% of successful breaches against energy sector targets, with supply chain relationships facilitating lateral movement in 67% of cases.

The Department of Energy's cyber incident reporting data shows that vendor-related breaches affect an average of 3.4 additional infrastructure operators beyond the initial target. In the most severe cases, a single compromised vendor credential has cascaded to impact up to 12 separate facilities across multiple states.

Financial losses compound accordingly. While direct breach costs for energy companies average $6.25 million according to IBM's Cost of a Data Breach Report 2023, supply chain incidents generate additional liability exposure. Colonial Pipeline's total incident costs, including business disruption and regulatory penalties, exceeded $90 million.

The North American Electric Reliability Corporation (NERC) reported 263 cyber security incidents across the bulk power system in 2022, with 34% traced to third-party credential compromise. Each incident triggered mandatory reporting requirements and potential compliance violations under NERC CIP standards.

Why current security tools fail the cascade test

Identity and Access Management (IAM) systems excel at managing internal user lifecycles but struggle with external vendor credential oversight. Most IAM platforms cannot enforce consistent credential policies across third-party relationships, creating governance gaps that attackers exploit.

Privileged Access Management (PAM) solutions address some vendor access challenges by creating secure credential vaults and session monitoring. However, they typically operate within individual organisational boundaries. When a vendor's PAM-managed credential is compromised at their home organisation, that breach can still cascade to client environments where the same vendor maintains separate access rights.

Single Sign-On (SSO) reduces credential proliferation but creates single points of failure. A compromised SSO credential grants access to multiple connected systems simultaneously. For vendors serving multiple infrastructure clients, SSO compromise amplifies rather than reduces cascade risk.

Multi-Factor Authentication (MFA) provides additional security layers but remains vulnerable to sophisticated phishing attacks. The Lapsus$ group demonstrated advanced MFA bypass techniques in their 2022 infrastructure targeting campaign, using social engineering to overcome authentication barriers.

Zero Trust architectures improve security posture by assuming breach and continuously validating access requests. However, they do not solve the fundamental problem: users still create, know, and control their own credentials. A compromised user can still authenticate legitimately within a Zero Trust framework.

Separating identity from credential control

The structural solution requires separating identity verification from credential ownership. Rather than allowing users to create and manage their own passwords and access tokens, organisations must retain complete control over credential generation, distribution, and revocation.

This principle shifts the security paradigm from "trust but verify" to "control and distribute". Under this model, users prove their identity through biometric or other verification methods, but never possess the actual credentials that grant system access. Instead, encrypted credentials are generated centrally and delivered directly to target systems without user visibility.

MyCena's patented approach implements this separation by removing human knowledge from the credential equation. Users authenticate their identity, but the organisation maintains exclusive control over the cryptographic keys that actually unlock system access. Because users never see or handle these credentials, they cannot be phished, stolen, or misused across multiple client environments.

This architecture prevents supply chain cascade failures by ensuring that even if a vendor's identity verification process is compromised, the underlying credentials remain secure and cannot be replayed against client systems. Each access session requires fresh cryptographic validation from the controlling organisation.

Regulatory convergence demands action

Multiple regulatory frameworks are converging on supply chain credential management requirements. The Transportation Security Administration's cybersecurity directives for pipeline operators explicitly require "cybersecurity risk assessments" of third-party remote access. The Securities and Exchange Commission's new cyber disclosure rules include materiality thresholds that treat vendor credential breaches as potentially reportable events.

NERC CIP-004 standards mandate "personnel risk assessments" for vendor access, while proposed updates to CIP-013 would strengthen supply chain cybersecurity requirements. The Federal Energy Regulatory Commission has indicated that future compliance examinations will focus heavily on third-party access controls.

For critical infrastructure operators, the message is clear: credential cascade risk is transitioning from a cybersecurity concern to a regulatory compliance requirement. Organisations that cannot demonstrate robust vendor credential governance face increasing scrutiny from multiple oversight bodies.

The mathematics of supply chain credential risk are unforgiving. One compromised vendor affects multiple operators. Multiple operators create systemic infrastructure vulnerability. Systemic vulnerability attracts regulatory intervention and potential enforcement action. The most effective defence is preventing the initial credential compromise through organisational control rather than user responsibility.

AI Trading Systems Hold Live Credentials. Nobody Governs Them.

In August 2024, a major European investment bank discovered its algorithmic trading system had been accessing client portfolios using credentials belonging to a trader who had left the firm three months earlier. The automated system continued executing trades worth €47 million daily, operating under a digital identity that should have been deactivated. The incident, kept confidential until regulatory filing requirements forced disclosure, illuminates a dangerous blind spot in financial services: artificial intelligence systems are accumulating live credentials with minimal oversight.

The problem extends far beyond a single institution. As trading algorithms become more sophisticated and autonomous, they require persistent access to market data feeds, execution platforms, and client accounts. Yet these AI systems operate using the same credential frameworks designed for human users—frameworks that assume conscious decision-making, regular password changes, and the ability to recognise suspicious activity.

The Credential Accumulation Crisis

Financial institutions have embraced AI trading at unprecedented scale. According to Greenwich Associates, algorithmic trading now accounts for 85% of equity trading volume in developed markets, up from 65% in 2019. Each trading algorithm requires multiple sets of credentials: market data access, order management systems, risk monitoring platforms, and regulatory reporting tools.

The Bank for International Settlements' 2024 survey of 47 major banks revealed that institutions deploy an average of 127 distinct AI trading models, each requiring between 8 and 23 separate credential sets. This creates what researchers term "credential sprawl"—a web of digital identities that grows faster than governance frameworks can manage.

PwC's Financial Services Technology Survey found that 73% of banks cannot accurately inventory which credentials their AI systems hold, while 81% lack automated processes to revoke AI access when algorithms are decommissioned. The European Banking Authority's recent stress testing identified credential management as a "material operational risk" across 89% of supervised institutions.

The insurance sector faces parallel challenges. AI systems underwriting policies, processing claims, and managing investment portfolios require access to vast databases containing sensitive customer information. Lloyd's of London reported that credential-related breaches in member organisations increased 156% between 2022 and 2024, with AI systems involved in 34% of incidents.

Why Traditional Security Fails

Conventional identity and access management (IAM) systems treat AI as sophisticated users rather than fundamentally different entities. Privileged access management (PAM) solutions store AI credentials in vaults, but algorithms often require persistent access that bypasses human approval workflows. Single sign-on (SSO) reduces credential proliferation but creates single points of failure when AI systems are compromised.

Multi-factor authentication becomes meaningless when algorithms cannot respond to push notifications or biometric requests. Zero Trust architectures promise continuous verification, but struggle with AI systems that generate thousands of access requests per second during volatile trading periods.

The fundamental issue is structural. Traditional security models assume that users create, know, and manage their credentials. This assumption breaks down when applied to AI systems that may operate continuously for months, accessing resources through credentials that exist beyond any individual's knowledge or control.

Redefining Credential Control

The solution requires abandoning the assumption that identity equals access. Instead of allowing AI systems to hold credentials, organisations need architecture where credentials are generated, encrypted, and distributed by central authority—never exposed to the systems that use them.

This approach, pioneered by companies like MyCena, separates credential ownership from credential usage. When an AI trading system needs to access a market data feed, it requests access through an encrypted channel. The credential management system authenticates the request, retrieves the appropriate credential from secure storage, and facilitates the connection without ever exposing the actual authentication data to the AI system.

The AI system gains access to required resources but never possesses the credentials themselves. This makes the access "unphishable"—even if the AI system is compromised, attackers cannot extract credentials that were never present in the system's memory or storage.

For financial institutions, this architecture provides granular control over AI access patterns. Trading algorithms can be granted time-limited access to specific market segments, with credentials automatically rotated without system downtime. When algorithms are retired or modified, access revocation is immediate and complete, eliminating the orphaned credentials that plague traditional deployments.

The Regulatory Response

Regulators are beginning to address AI credential risks explicitly. The European Central Bank's draft guidance on AI in banking, published in October 2024, requires institutions to maintain "comprehensive inventories of AI system access rights" and demonstrate "technical controls preventing unauthorised credential retention by automated systems."

The Federal Reserve's recent supervisory letter SR 24-7 instructs banks to ensure that "artificial intelligence and machine learning applications cannot independently create, modify, or retain authentication credentials." The Prudential Regulation Authority has indicated similar requirements will be incorporated into UK banking rules by 2025.

Insurance regulators are following similar paths. Solvency II's upcoming technical standards revision includes provisions requiring "demonstrable technical controls over automated system credentials" for AI applications processing customer data or making underwriting decisions.

The Path Forward

Chief Information Security Officers and Chief Risk Officers in financial services face an immediate choice. They can continue applying human-centric security models to AI systems, accepting the growing accumulation of unmanaged credentials and associated regulatory risks. Or they can implement credential control architectures that treat AI systems as fundamentally different from human users.

The European investment bank that discovered its rogue trading algorithm has since implemented credential control systems across all automated trading operations. The firm reports zero credential-related incidents in the eight months following deployment, while reducing credential management overhead by 67%.

As AI systems become more autonomous and widespread, the credential risks will only intensify. Financial institutions that address these challenges now—through proper architectural controls rather than incremental security additions—will find themselves better positioned for both regulatory compliance and operational resilience in an increasingly AI-driven industry.

AI diagnostic tools hold patient data credentials. Who governs them?

The University of California San Francisco medical centre discovered in September 2024 that its AI-powered diagnostic imaging system had been accessing patient records using hardcoded administrative credentials for eighteen months. The breach exposed 65,000 patient files to unauthorised analysis by machine learning algorithms operating beyond clinical oversight protocols.

This incident illuminates a governance blind spot expanding rapidly across healthcare systems worldwide. As hospitals integrate AI diagnostic tools, radiology platforms, and automated clinical decision support systems, these technologies require privileged access to vast patient databases. Yet healthcare organisations lack frameworks to control how AI systems authenticate, what credentials they possess, and when access should be revoked.

The credential governance gap in healthcare AI

Healthcare AI systems operate differently from traditional medical software. Where electronic health records typically serve predefined user roles—doctors, nurses, administrators—AI diagnostic tools require dynamic access patterns. A radiology AI system might need access to imaging archives, pathology databases, genetic testing results, and historical treatment outcomes to generate accurate diagnoses.

These systems authenticate using service accounts, API keys, and embedded credentials that healthcare IT departments often cannot track or control. When researchers update machine learning models, integrate new datasets, or modify algorithmic parameters, the underlying access credentials frequently remain unchanged. Healthcare organisations lose visibility into which AI systems hold what level of patient data access.

The regulatory complexity compounds this challenge. Healthcare AI tools must comply with HIPAA privacy rules, FDA medical device regulations, and state-specific patient protection laws. Yet current compliance frameworks assume human users making deliberate access decisions, not algorithmic systems processing thousands of patient records autonomously.

The scale of AI credential exposure in healthcare

Healthcare AI adoption has accelerated dramatically. According to the American Medical Association's 2024 digital health survey, 73% of healthcare organisations now deploy AI diagnostic tools, compared to 31% in 2021. Radiology departments lead adoption at 89%, followed by pathology at 67% and cardiology at 54%.

Each AI deployment typically requires multiple credential sets. Research from Ponemon Institute's 2024 healthcare cybersecurity study found that healthcare AI systems average 12.3 privileged access credentials per deployment. Large hospital systems operating multiple AI platforms manage an average of 847 AI-related credentials across their networks.

The financial implications are significant. Healthcare data breaches cost an average of $10.93 million per incident in 2024, according to IBM's Cost of a Data Breach report—the highest of any industry for the fourteenth consecutive year. Breaches involving AI systems cost 23% more than traditional data exposures, averaging $13.46 million per incident.

Regulatory enforcement is intensifying. The Department of Health and Human Services imposed $301.2 million in HIPAA penalties in 2024, with 34% of violations linked to inadequate access controls for automated systems processing patient data.

Why traditional security tools cannot govern AI credentials

Healthcare organisations typically deploy identity and access management (IAM), privileged access management (PAM), and multi-factor authentication (MFA) systems designed for human users. These tools assume interactive login sessions, regular password updates, and deliberate access decisions.

AI diagnostic systems operate continuously, processing patient data through automated workflows that can span hours or days. Traditional IAM systems cannot effectively govern these persistent, non-interactive sessions. When radiology AI analyses thousands of medical images overnight, standard session timeout policies become irrelevant.

Privileged access management tools face similar limitations. PAM solutions excel at managing administrator credentials for servers and databases, but struggle with API-based authentication patterns common in healthcare AI. Machine learning platforms authenticate through programmatic interfaces using tokens, certificates, and service account credentials that PAM systems often cannot detect or control.

Zero Trust architectures promise "never trust, always verify" access controls, but healthcare AI systems require different verification patterns. A diagnostic AI system might legitimately need access to patient records across multiple departments, time periods, and data types to function effectively. Traditional Zero Trust implementations cannot easily distinguish between legitimate AI analysis patterns and unauthorised data access.

Organisational credential control as structural solution

The fundamental issue is that healthcare organisations allow AI systems—like human users—to hold and present their own access credentials. Once an AI platform possesses database passwords, API keys, or authentication certificates, the healthcare organisation loses control over how those credentials are used.

MyCena's approach inverts this model. Rather than allowing AI systems to hold credentials, the organisation retains complete control over authentication. Each time an AI diagnostic tool needs patient data access, it requests permission from the central credential authority. The organisation validates the request, grants temporary access, and maintains continuous oversight of AI authentication patterns.

This model means AI systems never possess persistent credentials that could be compromised, misused, or overlooked during security audits. Healthcare IT departments gain real-time visibility into which AI tools access what patient data, when access occurs, and whether usage patterns align with clinical protocols.

The approach addresses regulatory requirements by creating audit trails for every AI authentication event. When regulators investigate patient data access, healthcare organisations can demonstrate granular control over AI system permissions rather than relying on static credential assignments.

Implications for healthcare leadership

Healthcare executives should assess their AI credential governance immediately. Map every AI diagnostic tool, automated clinical system, and machine learning platform currently accessing patient data. Document what credentials these systems possess and who controls access permissions.

Establish policies for AI system authentication that align with clinical governance structures. AI tools should not possess permanent patient data access any more than temporary clinical staff should receive unrestricted database permissions.

Budget for AI-specific access control solutions. Traditional healthcare IT security tools cannot adequately govern the credential patterns that AI systems require. Investment in appropriate governance infrastructure will prove less costly than regulatory penalties or breach remediation.

The integration of AI into healthcare delivery is inevitable. Ensuring proper governance of AI credentials is not.