By NHI Mgmt Group Editorial TeamDomain: Agentic AI & NHIsSource: SiftPublished November 12, 2025

TL;DR: Account takeover is accelerating, with 83% of organisations seeing at least one incident in 2025 and projected losses reaching $17 billion, according to Sift. Static authentication and periodic tuning are no longer enough when attackers can continuously optimise behaviour, while agentic AI is helping fraudsters imitate users and adapt in real time.


At a glance

What this is: This analysis argues that account takeover is shifting from credential abuse to adaptive, AI-assisted fraud that can imitate legitimate behaviour and evade static controls.

Why it matters: It matters because IAM, fraud, and identity security teams need controls that evaluate behaviour continuously across human accounts, non-human access paths, and AI-assisted attack activity.

By the numbers:

👉 Read Sift’s analysis of how agentic AI is reshaping account takeover


Context

Account takeover now sits at the intersection of IAM, fraud controls, and customer trust. The primary problem is not just stolen passwords, but the ability of attackers to imitate legitimate users well enough to defeat static rules, device checks, and periodic risk tuning.

Agentic AI raises the bar because it can adapt tactics during the attack rather than follow a fixed script. That shifts the governance question from whether authentication is strong enough to whether identity signals, behavioural monitoring, and decisioning can keep pace with an attacker that learns mid-campaign.


Key questions

Q: How should security teams reduce account takeover risk in customer-facing applications?

A: Security teams should combine behavioural detection, device intelligence, and adaptive challenges around login, recovery, and payment flows. The goal is not to block every suspicious request. It is to raise attacker cost while preserving a smooth path for legitimate users. That approach works best when fraud, IAM, and customer experience teams use the same risk signals.

Q: Why do static authentication controls fail against modern account takeover?

A: Static controls fail because they assume the attack is visible at login and stays predictable. AI-assisted fraud can imitate normal behaviour, change pace, and shift tactics after the session begins. Once the attacker is inside, controls that only inspect sign-in events leave the highest-risk activity ungoverned.

Q: What do IAM teams get wrong about post-login trust?

A: They often treat successful sign-in as a durable trust decision instead of a temporary one. In account takeover, the attacker may pass the first check and then exploit weaker controls later in the journey. Trust has to be linked to the action being attempted, not only the account state at login.

Q: Who should own fraud controls when IAM and fraud teams overlap?

A: Ownership should sit with the team accountable for the decision point, while IAM, fraud, and compliance all contribute the signals and policy. If one group owns alerts and another owns action, attackers exploit the gap. Shared governance matters more than shared tooling.


Technical breakdown

Why account takeover is moving beyond credential stuffing

Credential stuffing is still part of the threat surface, but it is no longer the whole story. Fraud operations now combine bots, malware, deepfakes, and AI-driven scripting to emulate normal user journeys, test weak points, and adjust when they encounter friction. That means the attacker is not only trying passwords, but also probing behavioural patterns such as timing, device motion, and transaction rhythm. Static controls struggle because they are tuned to known bad signatures, while the attack adapts around them. Practical implication: teams need detection that scores behaviour continuously, not just at login.

Practical implication: move from point-in-time authentication checks to continuous behavioural evaluation across the full session.

How agentic AI changes fraud decisioning

Agentic AI matters because it can plan, select actions, and alter its behaviour in response to what the target system does. In fraud terms, that turns account takeover into an adaptive campaign rather than a single event. The system can vary login cadence, rotate paths through the purchase funnel, and probe for controls that only appear after authentication. This is different from traditional automation, which usually follows a fixed sequence. The control challenge is therefore not just blocking known bad inputs, but identifying when intent and behaviour diverge from normal human use. Practical implication: decisioning models must inspect context across sessions, not isolated events.

Practical implication: build controls that evaluate sequence, intent, and session context instead of relying on one-time challenge events.

Why digital trust now depends on post-login controls

The article points to a shift in trust from the login screen to the full account lifecycle. Once a session is established, attackers can exploit weak verification on purchases, loyalty transfers, profile changes, and payout actions. That is where downstream fraud often appears, because initial access is only the first step. Post-login monitoring therefore becomes part of identity governance, not just fraud prevention. In practice, this aligns with Zero Trust Architecture and continuous verification ideas: identity must be re-evaluated when risk changes, not assumed safe because authentication succeeded earlier. Practical implication: sensitive actions need their own risk checks, even after successful sign-in.

Practical implication: enforce step-up checks and transaction monitoring for sensitive actions, not only at initial authentication.


Threat narrative

Attacker objective: The attacker’s objective is to monetise compromised customer accounts while avoiding detection long enough to extract value from payments, rewards, or stored account balances.

  1. Entry begins with automated or AI-assisted account compromise through credential stuffing, deepfake-enabled social engineering, or other identity abuse that mimics legitimate user access.
  2. Escalation occurs when the attacker adapts in real time, bypasses detection by shaping device and behaviour signals, and reaches sensitive actions such as payments, points transfer, or account changes.
  3. Impact follows as the compromised account is used for downstream fraud, including payment abuse, loyalty theft, churn-driving customer harm, and broader trust erosion.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

Account takeover is becoming an identity governance problem, not only a fraud problem. The article shows that attackers are now using automation and AI to imitate legitimate users, which means the control challenge extends beyond blocking bad credentials. IAM and fraud teams must treat behavioural trust as part of identity assurance, because a valid login no longer proves legitimate intent. The implication is that account governance now has to cover the full session, not just authentication.

Agentic AI introduces adaptive adversaries that can outpace static trust models. Traditional account security assumes the attacker follows a predictable path, but agentic behaviour changes the pace and shape of the attack in real time. That collapses the usefulness of periodic tuning alone, because the adversary can learn during the campaign. Practitioners should read this as a signal that identity trust must be continuously recalculated, not set once at sign-in.

Identity blast radius is the right way to think about modern ATO risk. The most damaging part of account takeover is often not initial access, but how far the attacker can move once inside. If payment actions, loyalty transfers, profile edits, and support-channel abuse are all treated with the same trust level as a simple login, the blast radius becomes unnecessarily large. Practitioners should define narrower trust boundaries for high-value account actions.

Continuous verification must extend into customer journeys, not just workforce access. Many programmes still reserve continuous security thinking for employees and privileged users, but the article shows consumer accounts are now just as exposed to AI-assisted abuse. That means customer identity programmes need behavioural monitoring, risk-based step-up, and transaction-level controls. The field should stop treating consumer ATO as a separate problem from IAM governance.

Named concept: adaptive identity trust debt. This article describes a growing gap between static trust rules and attackers that adjust in session. The longer organisations rely on one-time authentication and periodic rule updates, the more trust debt accumulates in every account journey. Practitioners should recognise that reducing this debt requires continuous identity evaluation across login and post-login actions.

From our research:

  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
  • 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments.
  • That combination of expansion and poor visibility is why agent governance must be designed before scale, as covered in OWASP NHI Top 10.

What this signals

With 52% of companies able to track and audit AI agent data access, the visibility gap is already large enough to undermine any identity programme that depends on auditability after the fact. For IAM and fraud teams, that is a warning that control design has to assume incomplete observability from the outset.

Adaptive identity trust debt: the longer account security depends on static login rules while attackers adapt in-session, the more governance debt accumulates in customer journeys. Teams should expect the next wave of ATO to concentrate on post-authentication actions, where business value is highest and human review is weakest.

This is a programme-level issue as much as a detection issue. Organisations should align their account takeover strategy with continuous verification and risk-based access policies, using guidance from the NIST AI Risk Management Framework only where AI-driven decisioning is actually present.


For practitioners

  • Instrument behavioural trust signals across the full session Measure device movement, timing, transaction patterns, and step sequences after login so fraud models can detect account misuse before value is extracted.
  • Add step-up controls to high-value account actions Require additional verification before payouts, loyalty transfers, profile changes, and other actions that materially increase fraud impact.
  • Separate login success from trust approval Treat authentication as one signal, not the decision itself, and make sensitive workflows depend on contextual risk scoring and policy checks.
  • Tune fraud rules for adaptive attack behaviour Review where static thresholds still dominate decisions, then add models that can respond to changing cadence, routing, and session shape.
  • Align IAM and fraud operations around shared identity risk Create joint review processes for ATO trends, suspicious session data, and customer-impacting events so governance does not split across teams.

Key takeaways

  • Account takeover is evolving into an AI-assisted identity abuse problem that cannot be contained by login-time controls alone.
  • Sift’s figures show the scale is already material, with 83% of organisations affected and projected losses reaching $17 billion.
  • The practical response is continuous trust evaluation across the session, especially for sensitive actions that convert access into loss.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and MITRE ATT&CK address the attack and risk surface, while NIST AI RMF, NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10Agentic AI is central to the article’s attack model and control failure.
NIST AI RMFMANAGERisk treatment and monitoring are needed for AI-driven decisioning in fraud controls.
NIST CSF 2.0PR.AC-1Identity proofing and access control are at the heart of account takeover defence.
MITRE ATT&CKTA0006 , Credential Access; TA0040 , ImpactThe threat chain begins with account compromise and ends in monetisable impact.
NIST SP 800-53 Rev 5IA-2Authentication is necessary but insufficient for modern ATO defence.

Assess where AI-assisted fraud can adapt behaviour after login and add governance for runtime decisioning.


Key terms

  • Account Takeover: Account takeover is the unauthorised use of a legitimate account by an attacker or fraud operator. The attacker may obtain access through stolen credentials, social engineering, or AI-assisted imitation, then use the account to commit fraud, steal value, or evade detection.
  • Agentic AI: Autonomous AI systems capable of planning, deciding, and taking actions — including calling APIs, writing code, and orchestrating other agents — with minimal human oversight. Agentic AI introduces new NHI risks as agents must authenticate to external services.
  • Continuous Verification: A Zero Trust practice that re-evaluates trust during the session instead of relying on a single successful login. The control is stronger when context signals are available in real time and when the identity programme can act on those signals without creating excessive exceptions.
  • Identity Blast Radius: Identity blast radius is the amount of damage an attacker can cause after compromising an account. It depends on which actions are allowed, how much trust is granted post-login, and how quickly high-risk activity is detected and contained.

What's in the full article

Sift's full article covers the operational detail this post intentionally leaves for the source:

  • The full breakdown of Sift’s behavioural and device-signal approach for distinguishing legitimate users from automated fraud.
  • Examples of how post-login monitoring is applied to purchases, account edits, and loyalty activity in real customer journeys.
  • The source article’s discussion of how agentic AI changes fraud velocity, scale, and adaptation patterns.
  • The vendor’s commentary on using generative AI to summarise user actions across sessions for investigation workflows.

👉 Sift’s full post covers the AI-assisted attack patterns, trust signals, and fraud controls in more detail.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM or identity governance programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 12, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org