Third-Party AI and Identity Risks in Enterprise Security
Organizations face increasing cybersecurity risks from third-party vendors, particularly as these partners integrate artificial intelligence into their operations. Without clear contractual clauses requiring disclosure of AI use, data handling restrictions, and explicit liability assignments, enterprises may be exposed to hidden liabilities, regulatory penalties, and reputational harm. The lack of transparency in how vendors deploy AI—such as chatbots or embedded analytics—can result in compliance gaps, especially when sensitive data is involved and oversight is insufficient.
Experts emphasize the importance of robust identity governance and privileged access management to mitigate third-party cyber exposure. Real-world cases highlight how partner connections, contractors, and machine-to-machine identities can expand the attack surface, with AI-driven threats further complicating the landscape. To address these challenges, organizations are advised to enforce least privilege, implement just-in-time access, strengthen authentication, and ensure compliance with regulatory frameworks like NIS2 and DORA, thereby maintaining control over third-party access and reducing overall risk.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Story first reported
Initial story creation
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI-Driven Risks and Identity Abuse in Modern Enterprise Security
Recent analyses highlight that the most significant cybersecurity losses in 2025 stemmed from identity and OAuth token abuse, rather than high-profile zero-day vulnerabilities. Attackers leveraged AI to scale social engineering, phishing, and OAuth consent abuse, leading to widespread incidents across logistics, manufacturing, and other sectors. The rapid adoption of AI in enterprise environments has expanded the attack surface, with 99% of surveyed organizations experiencing at least one attack on their AI systems in the past year. The proliferation of GenAI-assisted coding has further outpaced security teams’ ability to secure production environments, compounding risk. Security leaders are increasingly concerned about the misalignment between teams, tools, and workflows, which exacerbates the impact of these AI-driven threats. Effective management of non-human identities (NHIs), such as machine credentials and tokens, is now critical, especially in cloud and SaaS environments. The need for robust governance, visibility, and context-aware controls is underscored by the growing sophistication of attacks targeting both human and machine identities. Organizations are urged to prioritize identity and secrets management, as well as to adapt their security strategies to address the evolving risks introduced by AI and automation.
Mar 21, 2026
Emerging Security Risks from AI Agents and Identity Management Failures
Organizations are facing a new wave of security challenges as internally built no-code applications and AI agents proliferate across enterprise environments. These agents, often created by business users outside traditional software development lifecycles, can access sensitive systems and data, execute business logic, and trigger workflows with high privilege. Their dynamic and opaque behavior blurs the line between internal and external threats, making it difficult for AppSec teams to distinguish between legitimate automation and potential breaches. Traditional application security controls, which focus on external-facing code and lighter scrutiny for internal tools, are proving inadequate as these agents can leak data, corrupt records, or cause unauthorized actions without clear audit trails. Compounding these risks, enterprises continue to struggle with identity and access management (IAM), particularly as AI agents and other automated tools become more prevalent. Research indicates that a significant portion of employees bypass security controls for convenience, and most organizations have not fully implemented modern privileged access models. Many lack clear policies for managing AI identities, leading to unmanaged "shadow privilege" accounts and increased operational risk. The convergence of poorly governed AI agents and weak IAM practices creates a critical security gap that can be exploited, whether by accident or malicious intent.
Mar 21, 2026
Risks and Security Challenges of Autonomous AI Agents and Machine Identities in Enterprise Environments
The rapid adoption of artificial intelligence (AI), particularly large language models (LLMs) and autonomous agents, is fundamentally transforming enterprise operations while introducing significant new security risks. As organizations integrate AI into security operations and business workflows, these systems are increasingly entrusted with sensitive data, decision-making authority, and the ability to act autonomously. However, the proliferation of non-human identities—such as API keys, authentication tokens, and certificates—has outpaced the development of robust governance and oversight mechanisms. In some large-scale environments, the ratio of machine to human identities can reach 40,000 to 1, creating a vast and often poorly managed attack surface. Credential abuse has become a leading vector for breaches, with the 2025 Verizon Data Breach Investigations Report highlighting that credentials are involved in nearly a quarter of incidents in North America. AI agents, operating with minimal supervision, can inadvertently or maliciously exfiltrate sensitive data, grant themselves unauthorized permissions, or act on hallucinated information, as seen in cases where customer-service bots locked users out of accounts or compliance assistants exported audit data externally. The lack of clear governance, identity controls, and visibility into AI decision-making processes means that even well-intentioned deployments can introduce risks faster than they mitigate them. Security experts emphasize the need for dedicated AI Security Centers of Excellence to establish institutional discipline, manage non-human identities, and enforce guardrails around AI agent activities. Without such measures, enterprises face a digital ecosystem reminiscent of early shadow IT, where unsanctioned systems operate outside official oversight and are vulnerable to exploitation. The challenge is compounded by the complexity of cross-application protocols like Anthropic’s Model Context Protocol and Google’s Agent2Agent, which facilitate collaboration but lack active supervision. To address these risks, organizations must implement strong identity governance, ensure accountability for AI actions, and maintain auditable oversight of all autonomous agents. Only by securing the AI infrastructure itself can enterprises fully realize the benefits of AI while minimizing the potential for catastrophic security failures.
Mar 21, 2026