Thales warns AI ecosystems could become new insider threat without stronger governance - Biometric Update

Thales warns AI ecosystems could become new insider threat without stronger governance Jun 2, 2026, 11:38 am EDT | Lu-Hai Liang CATEGORIES Access Control  |  Biometrics Market Reports  |  Biometrics News Data is the gold of the twenty-first century, the valuable commodity that big tech, governments and bad actors all covet. Securing it and innovating with it is the defining competition in the modern marketplace as Thales is back with its 2026 report. The 2026 Thales Data Threat report examines the rise in AI security, AI-fueled attacks such as deepfakes, the lack of encryption for data stored in the cloud, and the importance of security discipline when it comes to identity and access management. “Effective data security has never been easy, and the pressures of AI and agentic applications are making it much harder,” the report concludes. “Data must be available for a wider range of uses, in greater volumes and at higher velocity, all while maintaining strong security controls.” Thales found a 50 percent year-over-year growth in the proportion of respondents designating security funds for AI. This proportional increase in budget specifically for AI is reflected in the integration of new elements, including chat interfaces and Model Context Protocol servers, which security teams have to secure. The 2026 report found 70 percent of respondents citing the speed of AI change within AI ecosystems as top of mind when it comes to AI security. Significantly more than half – 61 percent – report their AI applications being targeted by attackers, with sensitive data the main goal, and 57 percent report AI-generated misinformation, as deepfakes showed the second-highest attack increase. Exactly half of respondents rank secrets management as the priority concern in application security while just over half – 52 percent – regard identity and access management as the leading security discipline, as attackers target credentials. Meanwhile, only 47 percent of sensitive data in the cloud is encrypted. The findings reinforce a growing focus on identity-centric security as organizations deploy AI systems. With credential theft remaining the leading attack technique against cloud infrastructure and identity and access management ranked as the top security discipline by 52 percent of respondents, the report suggests that controlling access to data may become as important as protecting the data itself. “Organizations are struggling with data quality and security as they work to safely deliver access to the raw material from which AI value is built,” the report says in its introduction. “As agentic applications gain access to greater volumes of data, organizations must improve data security and management practices to ensure that AI does not become a new insider threat.” The cloud still a solid target, data sovereignty concerns rise  While agentic AI grows, the cloud remains an area of concern, with cloud assets a significant attack target. Cloud storage, applications and management are the top three attack targets. Crucially, credential theft is the leading attack technique against cloud infrastructure, with 67 percent seeing credential theft and misappropriated secrets increasing, the Thales report found. Data sovereignty is given greater weight in the new report compared to 2025’s, with 54 percent pursuing reworking and refactoring of application and data architectures to achieve sovereignty aims. The rise in geopolitical risks means critical assets like identity data and the technology on which it relies is becoming a priority among businesses and governments in general. A significant proportion of organizations – 59 percent – are prototyping and evaluating Post-Quantum Cryptographic (PQC) algorithms. The 2026 Thales report found that 61 percent cited quantum as their top concern for future risks. Recently, the Cybersecurity Agency of Catalonia announced it is investing in the post-quantum era as it prepares the region’s digital identity infrastructure for a time when quantum computing renders current encryption standards obsolete. One of Thales’ recommendations focuses on trust, especially as AI‑driven misinformation and disinformation are now widespread. The company’s research found 97 percent of respondents reporting some form of organizational harm from AI‑generated false content. These incidents include deepfake business email compromise, brand misuse, reputational damage, harm to key personnel and fraudulent hiring activity. Security tools that meet users and stakeholders where they are — and work consistently across environments — will be essential for faster prevention, detection and response, the report says. The 2026 Thales Data Threat Report was based on a global survey of 3,120 respondents gained via online survey with targeted populations for each country, targeted at professionals in security and IT management. Related Posts Thales highlights cybersecurity leadership in competitive digital ID market January 2, 2026 Thales partners with Goaco to ease biometric onboarding for SMEs August 7, 2025 Netherlands weighs data sovereignty concerns with Solvinity digital identity contract April 24, 2026 Continuum Identity launches to bring ‘human touch’ to reusable digital identity September 16, 2025 EU wants its Digital Identity Wallet accepted internationally June 6, 2025 Encompass selected for corporate digital identity, financing by BNP Paribas October 2, 2025 Article Topics AI agents  |  cloud services  |  cybersecurity  |  data sovereignty  |  digital identity  |  Thales Digital Identity and Security Latest Biometrics News   Major UK banks back reusable digital ID network for financial services Jun 26, 2026, 3:27 pm EDT Major UK banks and financial institutions, including Barclays, HSBC and Lloyds, are teaming up with industry group UK Finance to…   Kenya considers linking national ID database to CCTV facial recognition network Jun 26, 2026, 2:59 pm EDT Kenya’s government is planning to link the country’s civil registry database with a CCTV network spanning six cities to enable…   Jumio integrates Trinsic to expand reach in growing IDV market Jun 26, 2026, 2:36 pm EDT What’s the future? For identity verification, it’s biometrics. A new study from Juniper Research predicts that digital identity verification checks…   BixeLab addresses market confusion around biometrics testing with new resources Jun 26, 2026, 1:59 pm EDT Independent biometrics testing has grown dramatically over the past decade, in terms of the number of evaluations, their scope and…   Pressure grows to suspend EES checks during European summer travel Jun 26, 2026, 1:32 pm EDT Airports in Rome are considering suspending the Entry-Exit System (EES) during the summer travel season. Marco Troncone, chief executive of…   Tasmania removes driver photos from national face biometrics database Jun 26, 2026, 12:46 pm EDT Tasmania’s government has pulled 468,000 driver’s licence photos from a national facial recognition database over concerns about biometric data security…. Comments Leave a Reply This site uses Akismet to reduce spam. Learn how your comment data is processed.