AI-Driven Transformation of Enterprise Security and Identity Management
CISOs are fundamentally rethinking their security organizations as artificial intelligence becomes deeply integrated into business strategies and cybersecurity operations. According to a Deloitte survey, 43% of US cyber decision-makers are already leveraging AI extensively within their cybersecurity programs, which is gradually increasing the influence of CISOs in strategic technology investment discussions. While AI has not yet revolutionized security organizations, it is steadily reshaping operational models, with speed and adaptability becoming critical factors for both defense and attack. Security leaders emphasize that AI accelerates all aspects of cybersecurity, magnifying the impact of both strong and weak security fundamentals, such as provisioning, permissions, and network segmentation. Organizations with mature security postures are realizing efficiencies by layering AI-driven tools into their workflows, while those lacking foundational controls face amplified risks. At industry events like Oktane 2025, experts highlighted that identity has become the new frontline in protecting AI-driven enterprises, as the proliferation of SaaS and AI agents leads to a surge in both human and non-human identities. This identity explosion introduces new risks, including misconfigured access, orphaned accounts, and sophisticated identity-based attacks. Security teams are adopting open standards such as IPSIE, MCP, and A2A to build secure, interoperable AI ecosystems and maintain centralized control over AI-driven interactions. Companies like Adyen have demonstrated success in unifying identity management across global operations, improving both security and user experience. Embedding AI into workflows, as seen at Box, enhances data protection even in highly regulated industries. Security practitioners are also focusing on behavioral monitoring, automation, and fostering a security-first culture to counter attackers who increasingly exploit identity systems rather than traditional hacking methods. The rise of AI-driven social engineering, including deepfakes and multi-channel phishing, is prompting organizations to implement phishing-resistant multi-factor authentication, zero-trust architectures, and comprehensive employee training. The convergence of AI and identity management is shaping the future of enterprise security, requiring a blend of advanced technology, disciplined fundamentals, and adaptive strategies to address evolving threats.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Story first reported
Initial story creation
Sources
2 references tracked. Mallory keeps watching after this page renders.
CISOs rethink the security organization for the AI era
csoonline.com
Open sourceAI & IAM: Where Security Gets Superhuman (Or Supremely Stuck) – Dor Fledel, Alexander Makarov, Aaron Parecki, Heather Ceylan, Matt Immler, Nitin Raina – ESW #427
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI-Driven Cybersecurity Risks and Strategies for Enterprise Defense
Artificial intelligence is rapidly transforming both the threat landscape and defensive strategies in cybersecurity, prompting CISOs and security leaders to rethink their approaches. A global study by Gigamon found that 86% of CISOs now view metadata and packet-level data as essential for detecting threats in complex hybrid cloud environments, but 97% admit to making trade-offs that leave visibility gaps. The rise of AI-driven attacks is fueling demand for real-time visibility and observability tools, with 75% of CISOs regarding public cloud as their highest security risk and 73% considering moving workloads back to private clouds. Security teams are investing heavily in AI-specific security tools, with 73% of companies spending over $1 million annually, yet 70% cite the rapid pace of AI development as their top concern. Recent high-profile breaches, such as those at LexisNexis Risk Solutions and McLaren Health Care, illustrate the increasing scale and sophistication of attacks, often amplified by AI. AI is accelerating the reconnaissance phase of attacks, enabling adversaries to map environments and identify vulnerabilities with unprecedented speed and precision, though human direction remains necessary for effective exploitation. The proliferation of AI-generated code, including through practices like 'vibe coding,' introduces new risks as less experienced developers may overlook security fundamentals, leading to insecure applications. Agentic AI systems, which act autonomously or on behalf of users, present urgent challenges in authentication, authorization, and identity management, with experts calling for scalable frameworks and robust credentials to prevent security lapses. CISOs are urged to build security into the design phase of software development, leveraging platform-native controls and enforcing policies like Row Level Security to minimize risk. The integration of AI into security operations is seen as both an opportunity and a challenge, requiring adaptive access solutions, post-quantum cryptography, and continuous monitoring. As AI reshapes digital transformation, organizations must balance the benefits of rapid innovation with the imperative to secure their environments against increasingly sophisticated, AI-powered threats. The consensus among experts is that security must evolve in tandem with AI capabilities, emphasizing proactive risk management, cryptographic agility, and a culture of security awareness across all levels of the organization.
Mar 21, 2026
AI-Driven Risks and Identity Abuse in Modern Enterprise Security
Recent analyses highlight that the most significant cybersecurity losses in 2025 stemmed from identity and OAuth token abuse, rather than high-profile zero-day vulnerabilities. Attackers leveraged AI to scale social engineering, phishing, and OAuth consent abuse, leading to widespread incidents across logistics, manufacturing, and other sectors. The rapid adoption of AI in enterprise environments has expanded the attack surface, with 99% of surveyed organizations experiencing at least one attack on their AI systems in the past year. The proliferation of GenAI-assisted coding has further outpaced security teams’ ability to secure production environments, compounding risk. Security leaders are increasingly concerned about the misalignment between teams, tools, and workflows, which exacerbates the impact of these AI-driven threats. Effective management of non-human identities (NHIs), such as machine credentials and tokens, is now critical, especially in cloud and SaaS environments. The need for robust governance, visibility, and context-aware controls is underscored by the growing sophistication of attacks targeting both human and machine identities. Organizations are urged to prioritize identity and secrets management, as well as to adapt their security strategies to address the evolving risks introduced by AI and automation.
Mar 21, 2026
Enterprise Security Challenges and Risks from AI Adoption
The rapid integration of artificial intelligence into enterprise operations is fundamentally altering the cybersecurity landscape. AI is now embedded in core business workflows, infrastructure, and decision-making processes, expanding the attack surface and introducing new exposure points in data, models, applications, and infrastructure. Security leaders are grappling with governance gaps, especially as agentic AI systems move from pilot to production, and are seeking new standards and controls to manage the risks of autonomous agents and application-to-application access. The need for robust data governance, updated identity and access management, and resilient infrastructure is driving a major IT transformation, with increased spending and a focus on AI-enabled security solutions. Industry experts and CISOs emphasize the importance of adapting security strategies to address the unique challenges posed by AI, including the concentration of sensitive data, the risk of model manipulation, and the complexity of AI-driven environments. Security vendors and analysts highlight the inadequacy of traditional security practices in the face of AI-driven threats, calling for the elimination of outdated controls and the adoption of new standards such as those proposed by Okta for managing OAuth permissions for AI agents. The evolving role of the CISO, the rise of zero trust as a business necessity, and the persistent importance of the human element in defense are recurring themes. Predictions for 2026 underscore the urgency for enterprises to refresh IT infrastructure, strengthen data governance, and prepare for a future where AI agents operate autonomously across interconnected systems, requiring continuous adaptation of security policies and controls to mitigate emerging risks.
Mar 21, 2026