Two biometric identity companies made headlines this week — BIO-key secured $4.23 million in new funding and a Nordic distribution partnership, while Fingerprint Cards reported a 35% revenue jump in Q3 2025. On the surface, these are human authentication stories. But for CISOs and IAM practitioners thinking seriously about non-human identity (NHI) security, the underlying dynamics are worth examining. Investment patterns in the identity market consistently preview where enterprise security priorities are heading.
The Human Authentication Market as a NHI Indicator
BIO-key’s growth — including a 49% revenue increase in Q2 2025 and a new partnership with Scandinavian distributor IT2Trust — reflects sustained enterprise demand for stronger, GDPR-compliant authentication. Their portfolio spans PortalGuard, Passkey:YOU, and Identity-Bound Biometrics, all targeting the elimination of password-based authentication for human users.
The problem is that as human authentication becomes stronger through biometrics and passkeys, the relative vulnerability of machine identities becomes more pronounced. Service accounts, API keys, and automated pipeline credentials don’t benefit from biometric controls. They remain a significant weak point — and adversaries know it. Strengthening human authentication without addressing NHI security creates an asymmetric attack surface that sophisticated threat actors will exploit.
Fingerprint Cards and the Passwordless Shift
Fingerprint Cards’ Q3 performance was boosted by a licensing deal with Egis Technology and, notably, their entry into the Microsoft Entra Marketplace alongside partner Anonybit, offering AAL2-compliant passwordless authentication. The Microsoft Entra integration is significant — it positions biometric authentication directly within the identity governance ecosystem that many enterprises already use to manage both human and machine identities.
For IAM practitioners, AAL2 compliance signals a maturation of the passwordless market. As human identity authentication reaches higher assurance levels, the governance gap for Agentic Identity — AI agents, automated workflows, and service-to-service communications — becomes harder to ignore. Machine identity management needs equivalent assurance frameworks, and the industry does not yet have a settled standard.
Investment Signals and NHI Security Priorities
BIO-key’s fundraising urgency and Fingerprint Cards’ revenue growth both point to a market that is actively investing in identity security infrastructure. For security leaders, the takeaway is strategic: the same organisational appetite that is funding stronger human authentication should be applied to machine identity governance. NHI security, including credential lifecycle management, least-privilege enforcement for service accounts, and attestation frameworks for AI agents, deserves equivalent investment priority.
The biometric IAM market is maturing. The machine identity market is still catching up. That gap is where the next generation of identity-related breaches will occur.