AI-powered cybersecurity risks are exposing identity control gaps

At a glance

What this is: RSA Security argues that AI-powered threats and AI deployments are colliding with weak identity controls, especially where passwordless, governance, and agent oversight lag.

Why it matters: This matters because IAM teams now have to govern humans, service identities, and AI agents under the same policy pressure, while the attack surface keeps expanding faster than review cycles.

By the numbers:

• 91% of organisations planned to implement some form of AI into their cybersecurity stack this year.
• Gartner predicted 33% of enterprise apps will include agentic AI by 2028, up from less than 1% in 2024.
• NHI outnumber human users by 45 to 1 in DevOps environments.
• 60% of enterprises expressed a lack of confidence in their ability to adequately secure NHI.

👉 Read RSA Security's analysis of AI-powered cybersecurity risks and identity controls

Context

AI-powered phishing, deepfakes, and autonomous service use are putting pressure on identity controls that were built around slower human workflows and clearer operator boundaries. In practice, organisations are trying to secure AI systems while still treating many of them as if they were ordinary application components.

RSA Security's article sits inside a wider identity problem: when agents, bots, and AI services behave like active runtime identities, traditional account hygiene is not enough. Teams need to understand where identity governance, privilege control, and trust verification now have to cover non-human and increasingly agent-like behaviour.

Key questions

Q: How should security teams govern AI services that act like identities?

A: Security teams should inventory AI services as governed identities, assign an owner, define purpose and data access, and enforce least privilege at the workflow level. The key is to manage AI tools as runtime actors, not as anonymous automation. That makes access reviews, logging, and offboarding part of the control plane rather than an afterthought.

Q: Why do AI-driven phishing attacks still succeed when organisations use modern authentication?

A: Modern authentication reduces some credential theft, but attackers often target the workflow around authentication instead of the password itself. Help desk resets, trust shortcuts, and step-up exceptions can still be manipulated. If identity proofing is weak at escalation points, synthetic social engineering can bypass otherwise strong sign-in controls.

Q: What do security teams get wrong about passwordless authentication and AI risk?

A: Teams sometimes treat passwordless as a complete defence when it is really one layer of protection. It removes reusable passwords, but it does not solve impersonation, delegated privilege abuse, or unsafe recovery processes. Strong programmes pair passwordless with verification hardening, privileged workflow controls, and policy enforcement.

Q: How do organisations stop shadow AI from creating access and data exposure risk?

A: Organisations need explicit usage policy, service discovery, and data access boundaries so employees know what is approved and what is not. Then they must monitor for unauthorised tools, unusual data flows, and unowned identities. Without that combination, shadow AI becomes invisible NHI sprawl with unclear accountability.

Technical breakdown

Why passwordless is only part of the control problem

Passwordless authentication reduces the value of credential theft because there is no reusable password for an attacker to harvest. That helps against AI-driven phishing, but it does not solve the broader problem of authentication confidence, session trust, or downstream privilege misuse. If a help desk can still be socially engineered, or if a device can still be used in a risky context, the control gap simply moves one layer deeper. The real issue is not just eliminating passwords, but ensuring the identity proofing and verification chain remains resistant to synthetic manipulation and abuse.

Practical implication: treat passwordless as a baseline, then validate the surrounding verification and help desk controls.

Identity governance for AI agents and non-human identities

When the vendor says every agent, bot, and AI service should be treated like an identity, it is pointing to a governance shift rather than a tooling tweak. Non-human identities need inventory, ownership, access boundaries, and lifecycle controls because they can be over-permissioned just like human accounts. The difference is scale and speed: AI-driven environments can create identities faster than review processes can track them. That makes visibility, entitlement minimisation, and policy enforcement central to security architecture, especially where agents can act on behalf of employees or other systems.

Practical implication: classify every AI service as a governed identity and tie it to an owner, purpose, and access boundary.

How deepfakes change identity verification and escalation paths

Deepfakes matter because they attack the trust relationship around the identity, not just the identity itself. If attackers can imitate employees or support staff convincingly enough, then verification failures can trigger reset actions, privileged approvals, or help desk exceptions that bypass normal controls. That turns identity security into a bidirectional trust problem: users must verify the organisation, and the organisation must verify the user. For IAM and PAM teams, the architectural consequence is that escalation paths must be designed for social engineering resilience, not only authentication strength.

Practical implication: harden help desk and step-up workflows so that identity proofing survives synthetic voice and text attacks.

Threat narrative

Attacker objective: The attacker wants to turn identity trust into broad access, then use that access to move laterally, harvest data, or execute fraud at scale.

1. Entry occurs when AI-assisted phishing, impersonation, or fake support interactions obtain initial trust or credentials from a target identity.
2. Escalation follows when the attacker uses the captured access to move into higher-privilege accounts, delegated workflows, or privileged support actions.
3. Impact is realised when the adversary expands access, steals data, or leverages the compromised identity path to operate at scale across systems.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI-assisted identity abuse is now a governance problem, not just a phishing problem. The article correctly centres credentials, deepfakes, and agent activity because each one exploits a different trust layer in IAM. Passwordless helps, but it does not address help desk abuse, delegated approvals, or the growth of non-human identities. Practitioners should read this as a call to govern the identity path end to end.

Treat every agent like an identity because AI services now behave like persistent actors in the access model. Once bots and AI services can act on behalf of employees, entitlement sprawl and ownership ambiguity become security issues, not administrative ones. That makes inventory, least privilege, and oversight the minimum viable controls for AI-enabled environments. The practitioner lesson is to govern agents as first-class identities, not as mere automation.

Identity verification must now survive synthetic impersonation at both the user and support layers. The article's focus on bi-directional verification reflects a broader shift in attack design: adversaries do not need to break authentication if they can coerce the workflow around it. That means escalation paths, reset processes, and privileged support channels all need stricter proofing. The implication is that trust calibration is becoming as important as authentication strength.

Shadow AI is the new unmanaged identity sprawl, and it expands the policy gap faster than teams can catalogue it. When employees can introduce AI services without clear approval boundaries, the organisation loses control over what data those services can touch. That is a lifecycle and governance failure, not just an acceptable-use issue. Practitioners should treat shadow AI as a discovery and authorisation problem across human and non-human identity programmes.

Access governance assumptions built for human-paced review cycles are increasingly out of step with AI-mediated work. Least privilege at provisioning time was designed for actors whose access patterns were relatively stable. That assumption weakens when AI services can be spun up, reused, and retired faster than review cadences can observe them. The implication is that identity governance has to adapt to runtime behaviour, not just assigned roles.

From our research:

• The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured, according to The 2024 ESG Report: Managing Non-Human Identities.
• Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, according to The 2024 ESG Report: Managing Non-Human Identities.
• For a broader control lens, compare this with Top 10 NHI Issues and use it to prioritise which identity paths need governance first.

What this signals

Shadow AI is converging with NHI sprawl into a single governance problem. When organisations cannot confidently inventory agents, bots, and AI services, they inherit the same exposure pattern seen in unmanaged service identities. In our 2024 ESG Report, the average organisation said more than 1 in 5 of its non-human identities were insufficiently secured, which shows that visibility gaps are already structural rather than hypothetical. The practical signal is to treat AI adoption as an identity discovery problem first, not a policy exercise.

Identity assurance will increasingly hinge on the trustworthiness of the surrounding workflow, not just the sign-in event. Passwordless adoption matters, but so do step-up controls, recovery processes, and support-channel verification. As deepfakes improve, the next failure mode is not always credential theft, but mistaken trust in an attacker-controlled conversation or exception path.

Trust boundaries now need to follow where AI acts, not where it is deployed. That means IAM teams should map AI access by data sensitivity, delegated authority, and downstream action, then connect those maps to lifecycle review. Resources like Ultimate Guide to NHIs , Key Challenges and Risks help frame the operational questions that board-level AI adoption discussions tend to miss.

For practitioners

• Inventory every AI service and bot as an identity Build a governed register that records owner, purpose, data access, and privilege scope for every AI service, bot, and automation path. Reconcile that inventory against actual runtime use so shadow AI does not bypass policy.
• Extend passwordless beyond humans to agent workflows Remove hard-coded secrets from employee-mediated AI flows and replace them with identity-bound access methods, device trust, or workload credentials. That reduces credential replay risk and makes delegation easier to audit.
• Harden help desk and step-up verification Require stronger identity proofing for password resets, escalation requests, and privileged support actions. Test those workflows against deepfake voice, synthetic chat, and impersonation attempts.
• Tighten least privilege for AI-enabled access paths Review where AI tools can read, write, or trigger downstream actions, then strip access to the minimum required for each use case. Link approvals to business purpose so permissions do not drift.
• Separate approved AI use from shadow AI behaviour Publish explicit policy on which services may be used, what data they may process, and which workflows they may not touch. Pair that policy with monitoring for unauthorised service usage and unusual data movement.

Key takeaways

• AI-powered phishing and deepfake impersonation are forcing identity teams to defend the workflow around authentication, not only the login event.
• AI services, bots, and shadow AI should be governed as identities with ownership, purpose, and least privilege, or they will create unmanaged access paths.
• The next control gap is not whether organisations can deploy AI, but whether their identity programmes can verify, govern, and offboard it safely.

Key terms

• Non-Human Identity: A non-human identity is any credentialed digital actor that accesses systems on its own behalf or on behalf of a process. That includes service accounts, API keys, tokens, certificates, bots, and AI services. The governance challenge is that these identities can scale faster than human review processes if ownership and access boundaries are not explicit.
• Shadow AI: Shadow AI is the use of AI tools or services without clear approval, inventory, or governance. In identity terms, it creates unmanaged non-human identities that may process data, hold access, or trigger actions outside policy. The risk is not just misuse, but the loss of accountability when nobody owns the access path.
• Bi-Directional Identity Verification: Bi-directional identity verification means both sides of a trust exchange must prove who they are. A user must verify the service, and the organisation must verify the user or agent. This matters because deepfakes, impersonation, and support-channel abuse often target the trust relationship, not just the login screen.
• Step-Up Authentication: Step-up authentication is a control that requires stronger proof before a sensitive action is allowed. It is commonly used when a login appears risky or a user moves into a higher-impact workflow. For AI-enabled environments, it should also be applied to delegated actions and support exceptions that could be exploited by social engineering.

Deepen your knowledge

AI-assisted phishing, shadow AI, and agent governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are aligning human and non-human identity controls for the first time, it is worth exploring.

This post draws on content published by RSA Security: Zero Trust Claude Mythos and Capybara: Best Practices for The Next Evolution in AI-Powered Cybersecurity Risks. Read the original.