SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft

SpyCloud's 2026 Identity Exposure Report documents a major shift in identity threats, with attackers increasingly targeting non-human identities (NHIs) alongside traditional credentials. Key findings include 18.1 million exposed API keys and tokens, 6.2 million credentials tied to AI tools, and 8.6 billion stolen cookies and session artifacts. Phishing surged 400% year-over-year, with nearly half of 28.6 million phished records belonging to corporate users. Infostealer malware contributed over 642 million exposed credentials from 13.2 million infections. The report also highlights weak password hygiene, with 80% of exposed corporate credentials in plaintext, and raises concerns about password manager master password exposure. SpyCloud advocates for continuous identity threat monitoring and automated remediation to shrink attacker windows of opportunity.