4 Critical Threats Where Attackers Have the Advantage
Dark ReadingArchived Jun 05, 2026✓ Full text saved
Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.
Full text archived locally
✦ AI Summary· Claude Sonnet
VULNERABILITIES & THREATS
CYBER RISK
APPLICATION SECURITY
IDENTITY & ACCESS MANAGEMENT SECURITY
NEWS
4 Critical Threats Where Attackers Have the Advantage
Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.
Rob Wright,Senior News Director,Dark Reading
June 4, 2026
4 Min Read
SOURCE: TADAMICHI VIA GETTY IMAGES
GARTNER SECURITY & RISK MANAGEMENT SUMMIT – National Harbor, Md. – Enterprise defenses for four critical threats are overmatched and in urgent need of improvement.
That's according to several analysts who spoke at the Gartner Security and Risk Management Summit this week. In a session on Monday, John Watts, VP analyst at Gartner, highlighted deepfakes, software supply chain risks, prompt injections, and AI application compromises as the four most pressing threats for enterprises.
These four threats ranked at the top of Gartner's 2026-27 ThreatScape chart, which contrasts threat actor signals against the effectiveness of the attack against enterprise defenses. And in these cases, "the attacker holds the advantage," Watts said, because organizations' security capabilities and current solutions aren't yet up to the task.
Other Gartner analysts emphasized these threats across numerous sessions throughout the conference, urging enterprises to improve their security postures through additional controls and stronger policies. But that may be easier said than done.
Related:With Complex Cloud Integrations, Small Errors Lead to Major Compromises
Deepfakes and Software Supply Chain Risks
There was a time not too long ago when AI's role in vishing or videoconferencing attacks was unclear. But that time is long past — deepfakes are "clearly a problem," Watts said.
According to Gartner, 62% of organizations have been hit with some kind of deepfake attack involving social engineering or bypassing facial or voice recognition systems. In a Tuesday session, Zachary Smith, director analyst at Gartner, said that even if some deepfake detection technologies work today, the AI market is moving so fast that they may not work tomorrow.
To that point, Smith urged organizations to apply a layered security approach with additional authentication requirements as well as tools to detect caller ID spoofing and SIM swapping. "You don't need to detect the deepfake to stop a deepfake attack," Smith said, explaining that a failed authentication check will thwart an attacker.
Bryson Byrd, cybersecurity adviser at Huntress, tells Dark Reading that additional authentication measures are a must. "Multifactor authentication doesn't just apply to passwords. It's everything now," he says.
Gartner's 2026-27 ThreatScape chart has deepfakes, prompt injections, software supply chain risks and AI application compromises as the most pressing threats. SOURCE: Gartner
Like deepfakes, supply chain attacks aren't new. However, the landscape has changed with automated worms like Shai-Hulud, which became a force multiplier for attackers looking to sweep up credentials and secrets and continue compromising repositories.
In addition to the worms, organizations are struggling with securing their code on third-party platforms. While GitHub has introduced security features like secrets scanning, organizations sometimes skip over them and exposure sensitive data. Watts said "NPM is kind of a mess," even though some improvements have been made.
Related:Microsoft Issues Out-of-Band SharePoint Patch
But organizations need to apply controls around their software and development environments, Watts added. Those controls include strong version-control policies, secrets scanning and management, and applying the principle of least privilege to CI/CD pipelines.
Prompt Injections and AI Application Compromises
Prompt injections have been an ongoing problem for AI companies and their customers. But the threat is even more concerning with the massive growth of AI agents. Watts explained that threat actors can execute indirect injection attacks by planting malicious prompts in webpages, for example, and waiting for agents to read them.
Watts cited data from Google that showed a 32% increase in indirect prompt injections attacks between November 2025 and February 2026. "The big issue is that as you get to agentic, autonomous AI, once the execution chain is poisoned, the whole thing goes downhill," he said. "You can't really recover from that."
Watts said some security vendors that claim to focus on prompt injection security are merely looking for keywords typically featured in malicious prompts. "That's not going to work," he said. In another session on rogue AI agents, Dennis Xu, research vice president at Gartner, emphasized that there is no way to stop prompt injection and jailbreaking attacks 100% of the time,
Related:Microsoft Exchange Zero-Day Under Attack, No Patch Available
Instead of relying solely on third-party solutions, Watts encouraged organizations to use penetration testing and red teaming on their AI systems to find and address prompt injections.
Last but not least, Watts flagged AI application compromises, which can stem from variety of sources. For example, Watts noted there were 2,130 AI-related CVEs disclosed in 2025, a nearly 35% year-over-year increase. Additionally, memory poisoning attacks and insecure resources and infrastructure can also lead to compromise.
"As you build and scale your AI applications and get more out of AI, you're going to increase the attack surface," he said, which threat actors are counting on.
It doesn't help matters when, for example, OpenClaw spreads like wildfire across the industry. The popular open source AI framework, which has had numerous critical vulnerabilities, has been deployed widely — and often insecurely — by many organizations since it was launched earlier this year.
"Right now you can still run scans and find OpenClaw on the Internet with admin rights," Watts said. "You've got to make sure you've got some controls around how people are doing this stuff."
About the Author
Rob Wright
Senior News Director, Dark Reading
Rob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends.
Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. At TechTarget and Dark Reading, he has won several Azbee awards, including the 2026 National Silver Award for a series on vibe coding.
At Dark Reading, Rob currently covers security operations, cloud security, and Internet infrastructure. He has a keen interest in malvertising activity and the certificate authority industry, and has written extensively on both topics. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area.
Want more Dark Reading stories in your Google search results?
ADD US NOW
More Insights
Industry Reports
How Organizations Are Managing Incident Response
How Enterprises Are Developing Secure Applications
Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy
Essential News & Insights from Black Hat USA 2025
How Enterprises Are Harnessing Emerging Technologies in Cybersecurity
Access More Research
Webinars
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
Defending in the Shadow Era: When the CVE Feed Goes Dark
Building SecOps That Make the Most of Every Dollar
AI-Powered Credential Security: Intelligence Without Exposure
More Webinars
You May Also Like
VULNERABILITIES & THREATS
Cheap Hardware Module Bypasses AMD, Intel Memory Encryption
by Rob Wright
NOV 25, 2025
VULNERABILITIES & THREATS
Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs
by Jai Vijayan, Contributing Writer
NOV 11, 2025
VULNERABILITIES & THREATS
Microsoft Issues Emergency Patch for Critical Windows Server Bug
by Rob Wright
OCT 24, 2025
VULNERABILITIES & THREATS
350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE
by Nate Nelson, Contributing Writer
JUL 11, 2025
Editor's Choice
CYBERSECURITY OPERATIONS
20 Leaders Who Built the CISO Era: 2 Decades of Change
byDark Reading Editorial Team
MAY 12, 2026
41 MIN READ
APPLICATION SECURITY
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
byJai Vijayan
MAY 12, 2026
5 MIN READ
CYBERATTACKS & DATA BREACHES
Instructure Breach Exposes Schools' Vendor Dependence
byAlexander Culafi
MAY 6, 2026
4 MIN READ
Want more Dark Reading stories in your Google search results?
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
SUBSCRIBE
Webinars
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
TUESDAY, JUNE 23, 2026 1:00 PM EDT
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
THURS, JUNE 25, 2026, AT 1PM EST
Defending in the Shadow Era: When the CVE Feed Goes Dark
TUES, JUNE 16, 2026 AT 1PM EST
Building SecOps That Make the Most of Every Dollar
THURS, JULY 9, 2026 AT 1PM EST
AI-Powered Credential Security: Intelligence Without Exposure
WED, JUNE 17, 2026, AT 1PM EST
More Webinars
BLACK HAT USA | MANDALAY BAY, LAS VEGAS
The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.
GET YOUR PASS