In most organizations, the identities logging into systems aren't people. They're software: automated accounts, access keys, and AI agents that let applications move data and complete tasks. These machine identities outnumber human ones, and roughly half hold privileged access. For law firms, the accounts most likely to expose client secrets to an attacker are the ones nobody owns, reviews, or watches.
The pace is accelerating as firms deploy AI agents. Security programs have hardened human login with multifactor authentication, passkeys, and access reviews. A person can be phished or tricked into approving a sign-in, so defenders hardened the human. But you can't phish an automated account. A machine identity typically logs in with a fixed secret - a password or access key it presents every time - with no human present to approve a prompt or provide a fingerprint. That credential can remain valid for years and be stolen or leaked.
How Breaches Happen
The pattern isn't hypothetical. In December 2024, a state-linked group stole one access key from a remote-support vendor and used it to reach into the Treasury Department, opening workstations and unclassified documents, including in its sanctions arm. One machine credential did the work. By one estimate, half of organizations had a breach tied to a compromised machine identity last year.
The legal world isn't exempt. A 2026 breach at a major legal research provider reportedly traced to one automated account that could read nearly every secret in that account, exposing data tied to 21,000 enterprise customers, including law firms. The credential that exposes your clients may not even live inside your walls.
Attackers prize these identities because they are the conduits most data moves through. Picture the automated connection that copies every email into the records system, or syncs the document store to backup nightly. A paralegal can open files for her own matters. That connection touches all of them, because moving the data is its only job. A human login opens one mailbox. A compromised machine account opens the pipeline.
The AI Agent Problem
Many firms are racing to deploy AI agents - software handed a goal and permitted to act on it: read the inbox, find the documents, draft the reply, update the matter. It logs in to each system through stored credentials rather than a typed password. If your firm uses Microsoft 365 Copilot, Salesforce Agentforce, or legal tools such as Harvey, you're already being asked to deploy these agents. The danger is aggregation.
To be useful, a single agent is wired to several tools at once - email, the document system, billing, research - under one identity. Unless someone restricts what it can do in each, that identity inherits broad access across all of them. One over-permissioned agent, or one manipulated into misbehaving, becomes a direct line to a large share of the firm's records, with no one in the loop. For legal professionals, AI Agents & Automation training is becoming essential to understanding these risks before deployment.
Every machine identity is delegated authority, often with more reach than any single employee, and the duty of confidentiality attaches to whatever can touch a client's data. Insurers are starting to condition coverage on a governance framework for these identities. Outside counsel guidelines are beginning to ask how machine identities and AI agents are managed. A firm that can't answer may pay more for coverage or have to make lengthy justifications to clients.
What Firms Can Do
Inventory first. You can't govern what you can't see, so build a real inventory of machine identities and AI agents and the access each holds. Give every machine identity an owner. An account with no person accountable for it should be disabled, not legacied in.
Apply least privilege and mean it. Scope each identity, especially each AI agent, to the minimum access it needs, and strip the standing access it doesn't. Keep credentials in a vault, rotate and expire them, and retire an identity when its job ends. Treat AI agents as privileged users. Require human approval before they take sensitive actions on client matters.
Monitor them in real time. Baseline how each machine identity and AI agent normally behaves, and alert when one deviates, so a stolen credential shows up in minutes, not months. Bring machines under the same governance as people - put machine identities and AI agents into your access reviews, monitoring, and board-level risk reporting, not a separate track everyone ignores.
Why this matters for legal professionals
When a breach traces to an account no one owned, the hard part isn't the forensics. It's explaining to a client, a regulator, or a court why no one was accountable. The identities that matter most in the next breach are the ones a firm has never looked at. They run quietly in the background, carry real access to privileged material, and answer to no one. AI is about to multiply them. AI for Legal training helps firms build the governance frameworks that insurers and clients are now demanding. The firms that get ahead of this will decide - before an incident forces it - that every identity with access to a client's secrets has a name attached, human or not.
Your membership also unlocks: