CyberArk, a global leader in identity security, has introduced new discovery and context capabilities across its Machine Identity Security portfolio, aiming to automate the identification, understanding, and securing of machine identities to mitigate risk and streamline compliance for organizations. The announcement was made at the CyberArk IMPACT World Tour 2025 in Long Beach, California.

Machine identities, which encompass certificates, keys, secrets, and workloads, now outnumber human identities by an estimated 82 to 1, largely due to increased AI adoption and cloud-native growth. This proliferation has coincided with a rise in machine identity-related security incidents. CyberArk research indicates that 72% of security leaders have reported certificate-related outages, and 50% have experienced security incidents or breaches stemming from compromised machine identities. The company notes that traditional manual processes are insufficient to manage this scale, necessitating an automated, context-driven approach.

Kurt Sand, GM of Machine Identity Security at CyberArk, stated, “Implementing machine identity security programs has become increasingly complex as organizations grapple with shrinking certificate lifespans, the rise of AI agents, vault sprawl and vulnerable software supply chains. With these new discovery, context and remediation capabilities, customers gain the visibility and control they need to tame sprawl, enforce policy and secure their environments more efficiently.” Sand also noted that this development, occurring one year after CyberArk’s acquisition of Venafi, represents a step in delivering a comprehensive, end-to-end machine identity security solution.

The expanded Machine Identity Security portfolio from CyberArk is designed to provide centralized visibility, automated policy enforcement, and context-driven insights for monitoring and securing machine identities across enterprise environments.

Key enhancements include:CyberArk Secrets Hub Discovery and Context for HashiCorp Vault, available now, which provides visibility into dispersed HashiCorp Vault instances and helps ensure enterprise-wide policy compliance without disrupting developer workflows.

A Risk Management and Remediation Dashboard, anticipated by late 2025, will centralize observability across market-leading secrets vaults and integrate third-party scanner data to identify high-risk areas, enabling prioritized remediation and compliance tracking.

The CyberArk Certificate Manager, SaaS CA/B Forum TLS Certificate (47-day) Dashboard, available now, offers real-time visibility into certificate expiration timelines, renewal projections, and certificate authority usage. This feature assists organizations in preparing for reduced TLS certificate lifespans, which are projected to decrease from 398 days currently to 47 days by 2029, facilitating renewal management and outage prevention.

Code Sign Management, Policy Enforcement and Deep DevOps Integrations, expected by late 2025, will provide automated, policy-enforced code signing and governance, alongside certificate lifecycle management, to reduce infrastructure overhead, accelerate adoption, and help ensure only trusted, compliant software is released.

New Authorization and Policy Controls for CyberArk SSH Manager for Machines, available now, grant real-time authorization tracking and discovery for centralized visibility, risk reduction, and audit compliance, designed to manage SSH key sprawl and unmitigated access.