SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft

SpyCloud's 2026 Identity Exposure Report documents a sharp rise in non-human identity (NHI) theft, with 18.1 million exposed API keys and tokens and 6.2 million credentials tied to AI tools recaptured in 2025. The report highlights that attackers are increasingly targeting session tokens, authentication cookies, and machine credentials alongside traditional username/password pairs. Key findings include 8.6 billion stolen cookies and session artifacts, 642.4 million credentials from 13.2 million infostealer infections, phishing surging 400% YoY with 28.6 million phished records, and 80% of exposed corporate credentials containing plaintext passwords. The report warns that NHIs often lack MFA enforcement and rotate infrequently, making them high-value targets with broad access to cloud and enterprise systems.