Agentic AI Adoption Accelerates Security Risks and Identity Gaps
The rapid integration of agentic AI and automated tools into enterprise environments is outpacing the ability of security teams to adapt, according to recent industry reports. Attackers are leveraging both automation and early forms of agentic AI to bypass traditional defenses, forcing organizations to increase investments in AI-powered security solutions. Despite these efforts, many enterprises continue to experience significant losses, with measurable improvements in defense remaining inconsistent. Security leaders are urged to focus on the broader business impact of these threats and to accelerate the training and upskilling of their teams to effectively manage and tune AI-driven security tools.
A parallel trend is the proliferation of non-human identities (NHIs) as organizations adopt AI agents within their identity infrastructure. This expansion is creating new security gaps, with a majority of IT leaders expecting agentic AI to be responsible for a substantial portion of cyberattacks in the near future. As a result, there is a marked shift in identity and access management strategies, with many organizations changing IAM providers due to security concerns. Confidence in the ability to recover quickly from incidents is declining, highlighting the urgent need for more robust and adaptive security measures in the face of evolving AI-driven threats.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
SINET Identity Working Group proposes an 'AI Trust Fabric' model
The SINET Identity Working Group proposed an 'AI Trust Fabric' approach to modernize identity for the AI era, calling for cryptographically verifiable identities and dynamic, fine-grained, revocable, just-in-time access controls. The proposal was presented as a response to the growing autonomy and scale of AI agents.
Varonis research warns AI agents expose weaknesses in traditional IAM
Varonis research and related expert analysis warned that autonomous AI agents are stressing human-centered identity and access management systems that were not built for machine-speed interactions. The reporting emphasized risks such as prompt injection, data poisoning, model extraction, and CI/CD pipeline abuse.
Verizon's 2025 DBIR identifies compromised identities as a leading intrusion cause
Verizon's 2025 Data Breach Investigations Report highlighted compromised identities as the leading cause of cyber intrusions, underscoring attackers' growing reliance on stolen credentials. This finding became a key data point in later warnings about AI-driven identity risk.
Industry reports say agentic AI adoption is widening identity security gaps
Multiple November 2025 reports and articles said growing enterprise adoption of agentic AI is expanding identity sprawl and exposing gaps in existing security controls. The coverage framed the issue as an urgent need for defenders and CISOs to adapt identity governance and access models.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Can enterprises freely choose scalable Agentic AI solutions
securityboulevard.com
Open sourceAgentic AI puts defenders on a tighter timeline to adapt
helpnetsecurity.com
Open sourceRethinking identity for the AI era: CISOs must build trust at machine speed
csoonline.com
Open sourceAccess under attack: Rethinking identity as the new cyber battleground
scworld.com
Open sourceAgentic AI and Identity Sprawl: The Convergence Redefining Cyber Risk
securitysenses.com
Open sourceReport: AI agent adoption widens identity security gaps
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Enterprise Security Challenges with Agentic AI and Identity Management
The rapid adoption of agentic AI in enterprise environments is introducing unprecedented security challenges, particularly around identity and authentication. As organizations deploy autonomous AI agents to automate business operations, security experts warn that the vast majority of enterprises lack adequate identity protections for these agents. Without robust mechanisms such as public key infrastructure (PKI) or agent-specific authentication controls, there is a significant risk that rogue or hijacked agents could communicate with legitimate systems, potentially leading to prompt injection attacks and unauthorized actions within enterprise networks. IT leaders are recognizing the need to restructure internal operations and establish strong security and compliance frameworks to safely integrate agentic AI at scale. Operational readiness, interoperability, and orchestration across multicloud environments are becoming essential as organizations move from experimentation to production deployments involving thousands of autonomous agents. The lack of mature identity management for AI agents remains a critical concern, with experts emphasizing the importance of foundational security measures to prevent exploitation and maintain trust in automated workflows.
Mar 21, 2026
Agentic AI Expands Identity Attack Surface and Security Risks
Rubrik Zero Labs has released research highlighting how the rapid adoption of agentic AI is fundamentally altering the landscape of identity-driven cyber threats. The report, titled *Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats*, reveals that 89% of organizations have already integrated AI agents into their identity infrastructure, with non-human identities (NHIs) now outnumbering human users by a staggering 82 to 1. As organizations increasingly rely on these AI agents, the identity attack surface is expanding faster than most can secure it, creating a significant gap in cyber defense capabilities. The research warns that more than half of all cyberattacks in the coming year are expected to be driven by agentic AI, as threat actors exploit trust and valid credentials rather than bypassing traditional network defenses. The dissolution of network boundaries due to cloud migration, remote work, and AI integration has made identity the primary attack vector. Rubrik emphasizes that securing NHIs is becoming as critical as protecting human identities, and organizations must adapt their security strategies to address this emerging threat landscape.
Mar 21, 2026
Challenges in Securing Rapid Adoption of AI and AI Agents in Enterprise Environments
Organizations are rapidly integrating generative and agentic artificial intelligence into their cybersecurity and IT operations, with a particular focus on identity and access management (IAM) and security operations centers (SOC). While AI offers significant potential for proactive threat detection, adaptive authentication, and streamlined investigations through natural language interfaces, most enterprises are struggling to keep pace with the security, governance, and operational challenges that accompany this technological shift. Surveys indicate that the speed of AI adoption is outstripping the development of adequate security controls, governance frameworks, and incident response playbooks, leaving many organizations exposed to new and evolving AI-driven threats. Security leaders and practitioners report that building production-ready AI agents for security operations requires far more engineering rigor than prototyping or demos, with challenges such as context management, reliability, and multi-user execution. Despite the promise of AI as a productivity multiplier, nearly two-thirds of IT and business leaders acknowledge that their organizations are deploying AI faster than they can fully understand or secure it, and about half have already encountered vulnerabilities in their AI systems. The lack of mature governance and security practices around AI adoption is a growing concern, especially as the technology becomes more deeply embedded in critical enterprise workflows.
Mar 21, 2026