AI-Driven Risks and Identity Abuse in Modern Enterprise Security
Recent analyses highlight that the most significant cybersecurity losses in 2025 stemmed from identity and OAuth token abuse, rather than high-profile zero-day vulnerabilities. Attackers leveraged AI to scale social engineering, phishing, and OAuth consent abuse, leading to widespread incidents across logistics, manufacturing, and other sectors. The rapid adoption of AI in enterprise environments has expanded the attack surface, with 99% of surveyed organizations experiencing at least one attack on their AI systems in the past year. The proliferation of GenAI-assisted coding has further outpaced security teams’ ability to secure production environments, compounding risk.
Security leaders are increasingly concerned about the misalignment between teams, tools, and workflows, which exacerbates the impact of these AI-driven threats. Effective management of non-human identities (NHIs), such as machine credentials and tokens, is now critical, especially in cloud and SaaS environments. The need for robust governance, visibility, and context-aware controls is underscored by the growing sophistication of attacks targeting both human and machine identities. Organizations are urged to prioritize identity and secrets management, as well as to adapt their security strategies to address the evolving risks introduced by AI and automation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
CSO Online outlines AI risk governance and security framework needs
CSO Online published an analysis of generative AI risk, emphasizing governance, human oversight, and the use of frameworks such as NIST AI RMF, CSA AI Model Risk Management Framework, and the AI Control Matrix.
Alpha Hunt publishes 2025 cyber loss retrospective on tokens and OAuth
Alpha Hunt published a 2025 retrospective arguing that the year's biggest losses came from stolen tokens, OAuth abuse, identity and SaaS attacks, and edge-device weaknesses rather than major zero-day events.
Palo Alto Networks publishes 2025 cloud security report findings
Palo Alto Networks released its State of Cloud Security Report 2025, reporting widespread attacks on AI systems, rising API and IAM weaknesses, and calling for consolidated cloud and SOC operations with agentic security approaches.
Security Boulevard advocates agentic AI for non-human identity security
Security Boulevard published an article describing agentic AI as a way to improve management of non-human identities in cloud environments, especially for the travel industry, through automated and context-aware security operations.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Zero-Days Are a Distraction: 2025’s Biggest Losses Were Stolen Tokens + OAuth
blog.alphahunt.io
Open sourceWhere Cloud Security Stands Today and Where AI Breaks It
paloaltonetworks.com
Open sourceDemystifying risk in AI
csoonline.com
Open sourceHow Agentic AI shapes the future of travel industry security
securityboulevard.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Emerging Security Risks from AI Agents and Identity Management Failures
Organizations are facing a new wave of security challenges as internally built no-code applications and AI agents proliferate across enterprise environments. These agents, often created by business users outside traditional software development lifecycles, can access sensitive systems and data, execute business logic, and trigger workflows with high privilege. Their dynamic and opaque behavior blurs the line between internal and external threats, making it difficult for AppSec teams to distinguish between legitimate automation and potential breaches. Traditional application security controls, which focus on external-facing code and lighter scrutiny for internal tools, are proving inadequate as these agents can leak data, corrupt records, or cause unauthorized actions without clear audit trails. Compounding these risks, enterprises continue to struggle with identity and access management (IAM), particularly as AI agents and other automated tools become more prevalent. Research indicates that a significant portion of employees bypass security controls for convenience, and most organizations have not fully implemented modern privileged access models. Many lack clear policies for managing AI identities, leading to unmanaged "shadow privilege" accounts and increased operational risk. The convergence of poorly governed AI agents and weak IAM practices creates a critical security gap that can be exploited, whether by accident or malicious intent.
Mar 21, 2026
AI-Driven Transformation of Enterprise Security and Identity Management
CISOs are fundamentally rethinking their security organizations as artificial intelligence becomes deeply integrated into business strategies and cybersecurity operations. According to a Deloitte survey, 43% of US cyber decision-makers are already leveraging AI extensively within their cybersecurity programs, which is gradually increasing the influence of CISOs in strategic technology investment discussions. While AI has not yet revolutionized security organizations, it is steadily reshaping operational models, with speed and adaptability becoming critical factors for both defense and attack. Security leaders emphasize that AI accelerates all aspects of cybersecurity, magnifying the impact of both strong and weak security fundamentals, such as provisioning, permissions, and network segmentation. Organizations with mature security postures are realizing efficiencies by layering AI-driven tools into their workflows, while those lacking foundational controls face amplified risks. At industry events like Oktane 2025, experts highlighted that identity has become the new frontline in protecting AI-driven enterprises, as the proliferation of SaaS and AI agents leads to a surge in both human and non-human identities. This identity explosion introduces new risks, including misconfigured access, orphaned accounts, and sophisticated identity-based attacks. Security teams are adopting open standards such as IPSIE, MCP, and A2A to build secure, interoperable AI ecosystems and maintain centralized control over AI-driven interactions. Companies like Adyen have demonstrated success in unifying identity management across global operations, improving both security and user experience. Embedding AI into workflows, as seen at Box, enhances data protection even in highly regulated industries. Security practitioners are also focusing on behavioral monitoring, automation, and fostering a security-first culture to counter attackers who increasingly exploit identity systems rather than traditional hacking methods. The rise of AI-driven social engineering, including deepfakes and multi-channel phishing, is prompting organizations to implement phishing-resistant multi-factor authentication, zero-trust architectures, and comprehensive employee training. The convergence of AI and identity management is shaping the future of enterprise security, requiring a blend of advanced technology, disciplined fundamentals, and adaptive strategies to address evolving threats.
Mar 21, 2026
AI Agents and Non-Human Identities as Emerging Cybersecurity Risks
The rapid adoption of AI agents, bots, and other non-human identities (NHIs) is fundamentally reshaping the cybersecurity landscape, introducing new attack surfaces and operational challenges for enterprises. As organizations increasingly rely on automation and AI-driven processes, NHIs are being granted broad access to critical systems, often without the same oversight or security controls applied to human users. This shift has led to heightened risks such as over-permissioned accounts, static credentials, and insufficient monitoring, making NHIs attractive targets for cybercriminals seeking to exploit gaps in identity and access management (IAM). Security leaders are urged to implement zero-trust principles, least-privilege access, automated credential rotation, and robust secrets management to mitigate these risks and prevent privileged account compromise. The complexity of managing AI agents is further compounded by the need for effective governance and the challenge of balancing control with operational simplicity in security operations centers (SOCs). Experts emphasize that adversaries are increasingly "logging in, not breaking in," leveraging weaknesses in identity controls—especially those related to AI agents—to gain unauthorized access. The cybersecurity workforce must adapt, as AI-driven automation is expected to take over high-volume, repetitive tasks, requiring new skills in AI security and orchestration. Organizations are advised to treat every human, workload, and agent as a managed identity, enforce phishing-resistant multi-factor authentication, and continuously monitor for anomalous permission changes or session hijacking to stay ahead of evolving threats.
Mar 21, 2026