Why do posture tools miss runtime identity risk?
By Identra · Updated
Posture tools miss runtime identity risk because they evaluate configuration, not behavior. ISPM, CSPM, and CIEM score how an identity is set up: permissions, MFA status, key age. They cannot see what it does with a valid session. Stolen tokens, manipulated AI agents, and dormant service accounts that wake up all pass posture checks mid-attack. Catching them requires watching identities act, not auditing how they were configured.
Key numbers
- Credential abuse was the top initial access vector, involved in 22% of breaches (Verizon 2025 Data Breach Investigations Report)
- Machine identities outnumber human identities 82 to 1, and nearly half have sensitive or privileged access (CyberArk 2025 Identity Security Landscape)
- 147,000 token replay attacks detected in 2023, a 111% increase year over year (Microsoft, 2024 token theft attack chain analysis)
- By 2028, 25% of enterprise breaches will be traced back to AI agent abuse (Gartner Top Strategic Predictions, October 2024)
What posture tools actually check
Posture tools answer one question: is this identity configured safely? Identity security posture management inventories accounts across identity providers and SaaS apps, then flags weak MFA, dormant accounts, and excessive entitlements. CIEM maps cloud permissions against actual usage to find violations of least privilege. CSPM checks infrastructure configuration; SSPM does the same for SaaS settings. Different scopes, one shared method: scan the current state, compare it against policy, and produce a ranked list of findings.
That work is genuinely valuable. Every over-permissioned role you trim and every stale credential you revoke removes an option from the attacker's menu, and it produces the audit evidence regulators ask for. Nothing in this essay argues against posture. The problem is the assumption buried in the method: that risk lives in configuration, so a well-configured identity is a safe one. Attackers disagree. The Verizon 2025 Data Breach Investigations Report found credential abuse was the top initial access vector, involved in 22% of breaches. Those attackers did not break a misconfiguration. They used a valid identity, correctly configured, exactly as the system allowed.
Three failures that pass every posture check
The stolen session token. An employee has phishing-resistant MFA, tight role assignments, and a clean posture score. An infostealer on a personal device lifts a session cookie from the browser, and the attacker replays it from their own infrastructure. There is no login event, so MFA is never rechallenged, and nothing about the account's configuration changes. The posture dashboard stays green through the entire session hijacking, because the takeover happened after every control the scanner measures. Microsoft's token theft analysis counted 147,000 token replay attacks in 2023, up 111% year over year, and this class of account takeover is invisible to configuration scanning by design.
The manipulated AI agent. A support agent is provisioned with OAuth scopes to read the ticketing system and the internal wiki. Access review approves it; on paper it is least privilege done right. Then a customer-submitted ticket carries a prompt injection, and the agent uses its legitimate scopes to pull customer records into a reply the attacker can read. This is the confused deputy problem at machine speed: every API call was authorized, the agent's identity was configured exactly as designed, and posture never changed. Gartner predicts that by 2028, 25% of enterprise breaches will be traced back to AI agent abuse. A tool that evaluates entitlements at grant time cannot evaluate a decision the agent makes at run time.
The dormant NHI that wakes up. A service account created for a 2019 migration still holds a never-rotated key, and its owner left the company years ago. A posture tool might flag it, as stale finding number four thousand in a backlog nobody has cleared. One night the account authenticates from a new network and starts enumerating storage buckets. Between last week's scan and this week's, its configuration is byte-for-byte identical; only its behavior changed, and behavior is not in the data model. With machine identities outnumbering humans 82 to 1 and nearly half holding sensitive access, per CyberArk's 2025 Identity Security Landscape, the odds that one forgotten non-human identity or service account becomes the entry point keep improving for the attacker. Lifecycle hygiene shrinks that population but never reaches zero.
Posture vs runtime: the capability matrix
The two approaches are not competing answers to one question. They are answers to two different questions, asked at two different times.
| Capability | Posture tools (ISPM, CIEM, CSPM, SSPM) | Runtime identity security (ITDR and behavioral detection) |
|---|---|---|
| Unit of analysis | Configuration state: permissions, MFA settings, key age | Behavior: sessions, API calls, actions as they happen |
| When it evaluates | On a scan interval, before any attack | Continuously, during the attack window |
| Catches misconfiguration and excessive privilege | Yes, this is the core job | Only indirectly, as context for a detection |
| Catches a stolen token or hijacked session in use | No, configuration is unchanged | Yes, via anomalous session and access behavior |
| Catches a prompt-injected agent abusing valid scopes | No, every action is authorized | Yes, via deviation from the agent's behavioral baseline |
| Catches a dormant NHI suddenly activating | No, it sees the same static account | Yes, first-use and anomaly signals fire immediately |
| Primary output | A prioritized findings backlog | Detections, alerts, and response actions |
| Failure mode | Clean scorecard during an active breach | Noise if baselines are poorly tuned |
The gap is structural, not a missing feature
It is tempting to treat this as a roadmap problem, something posture vendors will patch in a future release. The gap is more fundamental than that. Posture tools are built on periodic snapshots of state; runtime attacks live in the space between snapshots. An attacker replaying a stolen token can finish lateral movement and exfiltration inside a single scan interval, and no amount of scan frequency fixes it, because the artifact being scanned, the configuration, never changes during the attack. A posture finding describes a possibility. A runtime signal describes an event. Collapsing one into the other would require posture tools to ingest and model live behavioral telemetry, at which point they have become a different product category.
Agentic AI widens the gap further. A human's access pattern is somewhat predictable from their role, which is why role-based entitlements were a workable proxy for intent. An agent composes actions at run time, chains tools through interfaces like MCP, and can be steered by any content it reads. The entitlement granted at provisioning cannot anticipate the sequence of actions the agent will assemble three weeks later, and delegation chains blur which principal is even acting. When the decision about what to do moves to run time, the security evaluation has to move there too.
You still need posture: a sequencing framework
None of this makes posture optional, and the honest conclusion of every posture-versus-detection comparison is that mature programs run both. The useful question is ordering, and the answer depends on where you are.
Start with posture if the fundamentals are missing: no MFA baseline, no inventory of non-human identities, entitlements never reviewed, secrets scattered across repos and pipelines. Detection on top of that foundation drowns in noise, because everything looks anomalous when nothing has a baseline. Posture-first is also the right call when the forcing function is an audit, since posture output maps directly to compliance evidence.
Prioritize runtime coverage when your risk has moved past configuration: you are deploying AI agents or scaling machine identities faster than any review cycle can track, you have already hardened the front door with strong MFA so the residual threat is post-authentication abuse, or you have lived through an incident where the attacker used valid credentials and your posture stack said nothing. In those situations identity threat detection and response and broader runtime identity security are what shrink the window between compromise and containment. Pair either layer with just-in-time access and zero standing privileges, which reduce how much a stolen identity is worth, though they never reduce it to zero: an attacker inside a JIT-granted session is still an attacker only runtime signals will catch.
Compare the categories
How Identra thinks about it
Identra's view is that the runtime layer is where identity security now gets decided. Posture tools, and the ISPM, SSPM, CSPM, and SIEM categories around them, each see a slice of identity risk, and each stops at the moment an identity starts acting. Identra watches that moment: humans, machines, and AI agents exercising valid access across browsers, SaaS, and cloud, so the token replay, the injected agent, and the awakened service account surface as detections instead of postmortems. Posture hardens the estate; runtime defends it while it runs.
Go deeper: The Non-Human Majority
