Agentic AI Adoption Accelerates Security Risks and Identity Gaps
The rapid integration of agentic AI and automated tools into enterprise environments is outpacing the ability of security teams to adapt, according to recent industry reports. Attackers are leveraging both automation and early forms of agentic AI to bypass traditional defenses, forcing organizations to increase investments in AI-powered security solutions. Despite these efforts, many enterprises continue to experience significant losses, with measurable improvements in defense remaining inconsistent. Security leaders are urged to focus on the broader business impact of these threats and to accelerate the training and upskilling of their teams to effectively manage and tune AI-driven security tools.
A parallel trend is the proliferation of non-human identities (NHIs) as organizations adopt AI agents within their identity infrastructure. This expansion is creating new security gaps, with a majority of IT leaders expecting agentic AI to be responsible for a substantial portion of cyberattacks in the near future. As a result, there is a marked shift in identity and access management strategies, with many organizations changing IAM providers due to security concerns. Confidence in the ability to recover quickly from incidents is declining, highlighting the urgent need for more robust and adaptive security measures in the face of evolving AI-driven threats.
Timeline
Nov 18, 2025
SINET Identity Working Group proposes an 'AI Trust Fabric' model
The SINET Identity Working Group proposed an 'AI Trust Fabric' approach to modernize identity for the AI era, calling for cryptographically verifiable identities and dynamic, fine-grained, revocable, just-in-time access controls. The proposal was presented as a response to the growing autonomy and scale of AI agents.
Nov 18, 2025
Varonis research warns AI agents expose weaknesses in traditional IAM
Varonis research and related expert analysis warned that autonomous AI agents are stressing human-centered identity and access management systems that were not built for machine-speed interactions. The reporting emphasized risks such as prompt injection, data poisoning, model extraction, and CI/CD pipeline abuse.
Nov 18, 2025
Verizon's 2025 DBIR identifies compromised identities as a leading intrusion cause
Verizon's 2025 Data Breach Investigations Report highlighted compromised identities as the leading cause of cyber intrusions, underscoring attackers' growing reliance on stolen credentials. This finding became a key data point in later warnings about AI-driven identity risk.
Nov 17, 2025
Industry reports say agentic AI adoption is widening identity security gaps
Multiple November 2025 reports and articles said growing enterprise adoption of agentic AI is expanding identity sprawl and exposing gaps in existing security controls. The coverage framed the issue as an urgent need for defenders and CISOs to adapt identity governance and access models.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
1 more from sources like scworld
Related Stories
Enterprise Security Challenges with Agentic AI and Identity Management
The rapid adoption of agentic AI in enterprise environments is introducing unprecedented security challenges, particularly around identity and authentication. As organizations deploy autonomous AI agents to automate business operations, security experts warn that the vast majority of enterprises lack adequate identity protections for these agents. Without robust mechanisms such as public key infrastructure (PKI) or agent-specific authentication controls, there is a significant risk that rogue or hijacked agents could communicate with legitimate systems, potentially leading to prompt injection attacks and unauthorized actions within enterprise networks. IT leaders are recognizing the need to restructure internal operations and establish strong security and compliance frameworks to safely integrate agentic AI at scale. Operational readiness, interoperability, and orchestration across multicloud environments are becoming essential as organizations move from experimentation to production deployments involving thousands of autonomous agents. The lack of mature identity management for AI agents remains a critical concern, with experts emphasizing the importance of foundational security measures to prevent exploitation and maintain trust in automated workflows.
1 months ago
Agentic AI Expands Identity Attack Surface and Security Risks
Rubrik Zero Labs has released research highlighting how the rapid adoption of agentic AI is fundamentally altering the landscape of identity-driven cyber threats. The report, titled *Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats*, reveals that 89% of organizations have already integrated AI agents into their identity infrastructure, with non-human identities (NHIs) now outnumbering human users by a staggering 82 to 1. As organizations increasingly rely on these AI agents, the identity attack surface is expanding faster than most can secure it, creating a significant gap in cyber defense capabilities. The research warns that more than half of all cyberattacks in the coming year are expected to be driven by agentic AI, as threat actors exploit trust and valid credentials rather than bypassing traditional network defenses. The dissolution of network boundaries due to cloud migration, remote work, and AI integration has made identity the primary attack vector. Rubrik emphasizes that securing NHIs is becoming as critical as protecting human identities, and organizations must adapt their security strategies to address this emerging threat landscape.
1 months ago
Challenges in Securing Rapid Adoption of AI and AI Agents in Enterprise Environments
Organizations are rapidly integrating generative and agentic artificial intelligence into their cybersecurity and IT operations, with a particular focus on identity and access management (IAM) and security operations centers (SOC). While AI offers significant potential for proactive threat detection, adaptive authentication, and streamlined investigations through natural language interfaces, most enterprises are struggling to keep pace with the security, governance, and operational challenges that accompany this technological shift. Surveys indicate that the speed of AI adoption is outstripping the development of adequate security controls, governance frameworks, and incident response playbooks, leaving many organizations exposed to new and evolving AI-driven threats. Security leaders and practitioners report that building production-ready AI agents for security operations requires far more engineering rigor than prototyping or demos, with challenges such as context management, reliability, and multi-user execution. Despite the promise of AI as a productivity multiplier, nearly two-thirds of IT and business leaders acknowledge that their organizations are deploying AI faster than they can fully understand or secure it, and about half have already encountered vulnerabilities in their AI systems. The lack of mature governance and security practices around AI adoption is a growing concern, especially as the technology becomes more deeply embedded in critical enterprise workflows.
1 months ago