AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link

Three primary concerns for cybersecurity teams today are identity, pace, and a battleground shaped by global politics. The influence of AI pervades cybersecurity, giving attackers added sophistication, speed and scale. Where attacks are directed and by whom is increasingly influenced by geopolitical tensions and international alliances. But the focus of cybersecurity must remain on identity, since identity is the fulcrum of entry; and is so easily lost. Infostealers and consequent stealer logs feed initial access brokers, who sell the identities to criminals. “At the same time, AI is enabling attackers to generate highly convincing phishing campaigns and impersonations themselves, including deepfake-enabled social engineering,” comments Allison Wikoff, global threat intelligence leader, Americas, at PwC.  “What has changed is the scale and efficiency: identity compromise has effectively become a supply chain, where threat actors mix buying and generating access depending on what is most efficient for how they are conducting their operations and engaging with targeted environments or people.” Allison Wikoff, Global Threat Intelligence Leader, Americas, at PwC.  This scenario is described in PwC’s report, Cyber threats in motion. With access-ability, attacker speed is increasingly problematic. AI is becoming a core component of threat actors’ tradecraft, who use it “to automate reconnaissance, generate convincing phishing lures, accelerate malware development, and scale social engineering across languages and platforms… autonomous AI agents capable of executing entire attack sequences without human intervention are a prime concern.” For the moment, entire automated attack sequences are a concern rather than a dire active threat. Wikoff explains: “This is emerging but not yet widespread at scale. Our report points to early examples – like proof-of-concept autonomous agents and campaigns where a significant portion of activity is AI-driven – but these remain relatively early-stage and not consistently reliable. In practice today, we’re seeing some autonomy: AI is being used to accelerate reconnaissance, phishing, and malware development rather than fully replacing human operators end-to-end.” The doomsday scenario of fully autonomous agentic-AI attacks operating at speed without attacker guidance may be coming but has not yet arrived – and may take longer than we fear. “There are some threat actors we track that have not significantly changed their TTPs in nearly 10 years. Traditional techniques like phishing and credential theft remain highly effective, and many organizations are still grappling with basic security fundamentals,” continues Wikoff. “Until those gaps are addressed, attackers will continue to target the lowest-hanging fruit, meaning AI is augmenting attacks, but the shift will likely be more evolutionary than revolutionary.” That doesn’t mean defenders can relax. The increasingly connected nature of modern business means that company infrastructures are connected between companies and across cloud platforms and continents. Threat actors, whether nation state, cybercriminal, or a blend of both, have already “found new ways to accelerate through the blind corners of edge devices, supply chains, and cloud ecosystems – turning trusted dependencies into high-speed attack paths with cascading impact.” Beyond better defense of identities, it is important for companies to understand their own ‘crown jewels’ and who might wish to steal them. This is largely, but not entirely, driven by geopolitical conditions. “Most organizations are not equally attractive to all threat actors. Some are targets for financial gain, others for intellectual property, strategic access, or geopolitical influence. And some attacks are still opportunistic in nature,” comments Wikoff. “Regardless, it makes it critical for leaders to clearly define their ‘crown jewels’ , the systems, data, identities, and relationships that would have the greatest business or strategic impact if compromised.”  She continues, “Once that’s established, organizations can better align their defenses to the threats most relevant to them, rather than trying to defend everything equally. In practice, effective network defense comes from combining threat intelligence with a clear understanding of what matters most to your business, and how different types of attackers are likely to pursue it.”  Different attackers are likely to have different motivations, from simple crime, espionage, and hacktivism to sabotage, with different tradecrafts. “We assess Russia-based threat actors will likely continue to blend cyber and influence operations against European and transatlantic democracies; China-based threat actors are assessed to sustain persistent access in telecommunications and other critical infrastructure; and tighter attribution and regulation will raise the cost of misjudged risk in mergers and acquisitions, entry into new jurisdictions and markets, and third-party selection,” says PWC. Know yourself and know your enemy is good advice. But the first step must be better protection of identities and access. “In an identity-driven, AI-accelerated threat landscape, resilience belongs to organizations that govern identity at speed, validate trust continuously, and treat cyber risk as inseparable from business and geopolitical strategy,” concludes PwC. Learn More at the AI Risk Summit Related: Russian APT Exploits Zimbra Vulnerability Against Ukraine Related: Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach Related: Cyber Insights 2026: Malware and Cyberattacks in the Age of AI Related: Cyber Insights 2026: Social Engineering WRITTEN BY Kevin Townsend Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines. More from Kevin Townsend DoE Publishes 5-Year Energy Security Plan Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury Hacker Conversations: Ben Harris, From Unintentional Young Hacker to Intentional Adult CEO The Collapse of Predictive Security in the Age of Machine-Speed Attacks Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks CISO Conversations: Aimee Cardwell ‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload Latest News Onit Security Raises $11 Million for Exposure Management Platform Russian Cybercriminal Gets 2-Year Prison Sentence in US  iOS, macOS 26.4 Roll Out With Fresh Security Patches FCC Bans New Routers Made Outside the US Over National Security Risks RSAC 2026 Conference Announcements Summary (Day 2) From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI US Prisons Russian Access Broker for Aiding Ransomware Attacks HackerOne Employee Data Exposed in Massive Navia Breach Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move The US Senate confirmed Markwayne Mullin as DHS Secretary. 7AI has appointed Israel Barak as its first Chief Information Security Officer. Brian Harrell has been appointed Chief Security Officer at FirstEnergy. More People On The Move Expert Insights Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) Flipboard Reddit Whatsapp Email