Skip to content

Home

Welcome to the OWASP Non-Human Identity (NHI) Top 10 - 2025!

This project outlines the top 10 risks associated with non-human identities (NHIs) for application developers. With NHIs becoming vital in development pipelines, understanding these risks is critical.

The list was compiled by identifying key risks organizations face with NHIs and ranking them using the OWASP Risk Rating Methodology. Data sources included real-world breaches, surveys, CVE databases, and more. For details on our process, see Ranking Criteria and Methodology and Data.

Start with the project's Introduction, and explore the OWASP Non-Human Identity Top 10 - 2025 for an overview of the risks.

Contributions are welcome! See our Contributing Guidelines to get involved and help improve the project.