CyberArk Boosts Machine Identity Security with Discovery & Control

CyberArk (NASDAQ: CYBR), the global leader in identity security, today announced new discovery and context capabilities across its Machine Identity Security portfolio. The enhancements enable security teams to automatically find, understand and secure machine identities – spanning certificates, keys, secrets, workloads and more – reducing risk and simplifying compliance at scale.

Machine identities outnumber human identities by an estimated 82 to 1, driven by increased AI adoption and cloud native growth. As a result, machine identity-related security incidents are on the rise, with 72% of security leaders reporting certificate-related outages and 50% experiencing security incidents or breaches from compromised machine identities, according to CyberArk research. Manual processes can no longer keep up, and organizations need an automated discovery and context-driven approach to stay ahead.

“Implementing machine identity security programs has become increasingly complex as organizations grapple with shrinking certificate lifespans, the rise of AI agents, vault sprawl and vulnerable software supply chains. With these new discovery, context and remediation capabilities, customers gain the visibility and control they need to tame sprawl, enforce policy and secure their environments more efficiently,” said Kurt Sand, GM of Machine Identity Security at CyberArk. “This milestone, just one year after our acquisition of Venafi, marks a significant step forward in our commitment to delivering the industry’s most comprehensive, end-to-end machine identity security solution.”

CyberArk’s expanded Machine Identity Security portfolio delivers centralized visibility, automated policy enforcement and context-driven insights to help organizations monitor and secure every machine identity, anywhere, across the enterprise. Key enhancements include:

CyberArk Secrets Hub

• Discovery and Context for HashiCorp Vault¹ – Helps address critical vault sprawl challenges by providing visibility into dispersed HashiCorp Vault instances and ensuring enterprise-wide policy compliance without disrupting developer workflows.
• Risk Management and Remediation Dashboard² – Centralizes observability across market-leading secrets vaults and integrates third-party scanner data to identify high-risk areas, enabling organizations to prioritize remediation and track compliance progress.

CyberArk Certificate Manager, SaaS

• CA/B Forum TLS Certificate (47-day) Dashboard¹ – Provides real-time visibility into certificate expiration timelines, renewal projections and certificate authority usage to help organizations prepare for reduced TLS certificate lifespans (from 398 days today to 200 days in 2026, 100 days in 2027 and 47 days by 2029), allowing them to easily manage renewals and prevent outages.
• Code Sign Management, Policy Enforcement and Deep DevOps Integrations² – Provide automated, policy-enforced code signing and governance alongside certificate lifecycle management to reduce infrastructure overhead, accelerate adoption and help ensure only trusted, compliant software is released.

CyberArk SSH Manager for Machines

• New Authorization and Policy Controls¹ – Grant real-time authorization tracking and discovery for centralized visibility, risk reduction and audit compliance to help better manage SSH key sprawl and unmitigated access.