TL;DR: AI-powered insider threats are expanding beyond human-only tactics as attackers use LLMs, deepfakes, shadow AI, and compromised machine identities to accelerate reconnaissance, fraud, and lateral movement, according to Gurucul. Traditional rules-based controls are no longer enough when identity abuse can be generated, impersonated, or orchestrated at machine speed.
At a glance
What this is: This is Gurucul’s analysis of how AI is changing insider threats, including deepfake fraud, shadow AI, LLMjacking, and agentic detection.
Why it matters: It matters because IAM, PAM, and security operations teams now have to govern both human misuse and machine identity abuse in the same operating environment.
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
👉 Read Gurucul's analysis of AI-powered insider threats and identity risk
Context
AI-powered insider threats are what happens when attackers or malicious insiders use generative AI, deepfakes, and machine identities to increase the speed and plausibility of abuse. In this article, Gurucul argues that those capabilities are now being used to bypass traditional monitoring, especially where identity controls were built for slower, human-paced misuse.
The identity problem is broader than classic insider risk. Teams now have to watch for human users abusing AI tools, while also understanding how privileged machine identities can be turned into an attack path for LLM access, data theft, and fraudulent approvals. That makes the topic relevant to both human IAM and non-human identity governance, with a growing overlap into agentic AI oversight.
The article’s starting point is typical for current market commentary: it treats AI as both an offensive accelerant and a defensive detection layer. That is directionally correct, but the governance challenge is still the same. Security teams need visibility into who or what is acting, what identity is being used, and whether that identity is operating inside its intended scope.
Key questions
Q: How should security teams govern AI-powered insider threats?
A: Treat AI-powered insider threat as an identity governance problem first. Track human users, machine identities, and AI-assisted workflows together, then apply ownership, approval, and logging to each access path. Deepfakes and model access only become dangerous when the organisation cannot verify who acted, what credentials were used, and whether the action stayed within scope.
Q: Why do deepfakes create such a large fraud risk for identity teams?
A: Deepfakes undermine the trust signals many approval processes still depend on, including voice, video, and casual confirmation. When a process allows high-risk actions after a single conversational check, a convincing impersonation can become enough to trigger payment, data transfer, or privilege escalation. The fix is stronger verification, not better perception.
Q: What do teams get wrong about AI agents and insider risk?
A: Teams often focus on the content an AI system produces and miss the identity it uses to operate. If a model, tool, or agent has valid credentials, the real risk is the scope of access behind those credentials and whether the resulting actions are visible to governance and detection systems.
Q: How do security teams reduce risk from shadow AI use?
A: Start by discovering unsanctioned AI tools in cloud and SaaS environments, then connect them to identity records and data access logs. If the organisation cannot see who is using AI, what it can reach, and whether that access is approved, recertification and investigation will both fail.
Technical breakdown
LLMjacking and machine identity abuse
LLMjacking describes a pattern where a privileged identity is used to gain access to large language model environments, then probe data, alter outputs, or chain into other systems. The core issue is not the model itself, but the identity layer around it: API keys, service accounts, tokens, and other secrets that grant access to model endpoints and adjacent data. When those credentials are valid, telemetry often looks legitimate, which makes misuse harder to separate from normal usage. That is why machine identity governance and access scoping matter as much as model security.
Practical implication: classify LLM access credentials as high-risk NHIs and audit their scope, owners, and downstream permissions.
Deepfakes, social engineering, and identity verification failure
Deepfake-enabled fraud works by weakening the trust signals people use to verify authority, such as voice, video, timing, and tone. In practice, the attack does not need to defeat cryptography if it can defeat judgment. That means the control failure sits at the intersection of human identity verification, approval workflows, and payment or access escalation paths. Where organisations rely on a single communication channel or an informal confirmation habit, deepfakes can turn routine authorisation into a fraud path. The issue is not just deception, but the absence of strong challenge and verification steps.
Practical implication: require independent verification paths for high-risk approvals, especially where executives can authorise access or transfers.
Agentic AI in the SIEM stack
The article uses agentic AI to describe security agents that can interpret context, decide what to do next, and orchestrate response actions across tooling. That is materially different from static automation because the system is making runtime decisions rather than following a fixed playbook. In identity terms, that raises governance questions about delegated authority, approval boundaries, and what actions an autonomous security agent is allowed to take without human review. If those constraints are vague, the detection layer itself becomes an identity risk surface.
Practical implication: define explicit action limits and review gates before giving AI-driven detection systems response authority.
Threat narrative
Attacker objective: The attacker wants to use AI to move faster than human review cycles, expand access silently, and complete fraud or exfiltration while appearing legitimate.
- Entry occurs through AI-enabled insider activity, including deepfake social engineering, shadow AI use, or compromised machine identities that already have access to model environments and internal systems.
- Escalation follows when the actor uses AI to automate reconnaissance, identify over-permissioned roles, and move from a single access path into broader system or data exposure.
- Impact is reached through fraudulent approvals, data exfiltration, malware generation, or altered model outputs that are hard to distinguish from legitimate platform activity.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
AI-powered insider threat is really an identity problem with a faster weapon. The article correctly frames AI as an accelerant, but the security failure sits in identity trust, not in AI alone. When insiders can use model access, deepfakes, and automated reconnaissance to act faster than review cycles, conventional behaviour baselines become reactive rather than preventive. Practitioners should treat the attack surface as a blended human and machine identity problem.
LLMjacking is the clearest sign that machine identities are now part of insider risk governance. A privileged service account or token that reaches an LLM environment can be turned into a hidden channel for data exposure, output manipulation, or lateral movement. That makes machine identity scope, ownership, and downstream privilege part of insider-threat detection, not a separate hygiene task. The practical conclusion is that insider programmes must include NHI governance, not just user monitoring.
Deepfakes expose the weakness of trust built on human perception. Voice, video, and conversational tone are no longer reliable authority signals in high-risk workflows. That does not mean every interaction needs heavy friction, but it does mean approval design has to assume that a convincing identity presentation can be fabricated. Security teams should stop treating social proof as a control and start treating it as an input that must be verified.
Agentic AI in detection creates a governance mirror of the threat it is meant to stop. If defenders are using autonomous decision-making to interpret incidents and trigger response, then the response layer itself needs explicit authority boundaries and auditability. That is especially important in SIEM and SOAR-adjacent workflows where automated action can affect accounts, sessions, and data access. Practitioners should evaluate whether their security automation has become an unmanaged identity domain.
Shadow AI operations widen the gap between policy and reality. Once employees can spin up unsanctioned AI tools inside cloud environments, the organisation loses a clean boundary between approved and rogue usage. That gap affects logging, attribution, and recertification because the inventory of active identities no longer matches the inventory in governance tools. The practitioner takeaway is that AI usage discovery now belongs in identity governance and cloud visibility together.
From our research:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
- 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- For a deeper view of how identity exposure turns into breach paths, see The 52 NHI breaches Report, which maps recurring access failures across real incidents and helps teams prioritise controls.
What this signals
AI-powered insider threat is forcing identity programmes to unify human misuse, machine privilege, and AI-driven response. The old separation between user monitoring and NHI governance is collapsing because the same workflow can now involve an employee, a service account, and an AI tool in one chain. That means inventory, ownership, and access review have to cover every identity that can act, not just named users.
Shadow AI turns governance gaps into discovery problems. If security teams cannot see unsanctioned model use, then recertification and alerting are both working from incomplete data. The practical change is to fold AI usage discovery into cloud and identity visibility, then use the findings to decide which paths need PAM controls, which need policy, and which need immediate shutdown.
With 52% of companies able to track and audit the data their AI agents access, per AI Agents: The New Attack Surface report, the compliance problem is already measurable. That creates a strong case for linking identity telemetry to data access telemetry before autonomous or semi-autonomous systems multiply the blind spots.
For practitioners
- Map AI-related identities to named owners Inventory service accounts, API keys, tokens, and model-access credentials that can reach LLMs or adjacent data stores. Tie each credential to a human owner, a business purpose, and an expiration or review date so hidden access paths do not remain anonymous.
- Separate approval channels for high-risk actions Require out-of-band verification for executive payments, data exports, privilege grants, and session recovery when AI-assisted fraud is possible. Use independent challenge methods instead of relying on voice, video, or chat authenticity alone.
- Put response authority under explicit guardrails Limit what autonomous security agents can do without human confirmation, especially when revoking access, terminating sessions, or modifying entitlements. Define the exact actions they may execute, the logs they must produce, and the cases that always require review.
- Add shadow AI discovery to governance workflows Extend discovery and recertification to unsanctioned AI tools, not just approved applications. Where possible, correlate cloud activity, identity logs, and data access so the programme can see who is using AI, what it touches, and whether access is authorised.
- Treat LLM access as privileged access Apply PAM-style controls to credentials that can modify model behaviour, retrieve sensitive prompts, or access training and inference data. Review those entitlements with the same discipline used for other high-impact administrative paths.
Key takeaways
- AI-powered insider threats are now an identity governance issue, not just a detection problem.
- Machine identities, deepfakes, and shadow AI expand the insider risk surface beyond human behavior alone.
- Teams need ownership, verification, and action limits across every identity that can reach data or security tools.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST AI RMF and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | The article discusses autonomous security agents and AI-driven misuse. | |
| OWASP Non-Human Identity Top 10 | NHI-03 | Privileged machine identities and exposed secrets are central to LLMjacking risk. |
| NIST CSF 2.0 | PR.AC-4 | Identity and access governance is the core control theme across the article. |
| NIST AI RMF | MANAGE | Agentic AI response and decision-making raise governance and accountability questions. |
| NIST Zero Trust (SP 800-207) | The article's fraud and AI misuse patterns depend on continuous verification. |
Treat high-risk identity actions as continuously verified events rather than trusted sessions.
Key terms
- Ai-Powered Insider Threat: An insider threat in which a human actor uses generative AI, deepfakes, or automation to increase speed, scale, and plausibility. The risk is not the AI alone, but the way identity controls, approval paths, and detection logic can be outpaced by AI-assisted misuse.
- LlMjacking: The abuse of a privileged identity to access, interrogate, or manipulate a large language model environment. In practice, the attacker often stays inside valid credentials, which makes the activity look legitimate unless ownership, scope, and data access are tightly governed.
- Shadow AI: AI tools, models, or services used without approval or governance visibility. For identity teams, the problem is not just unsanctioned software, but unknown identities, unknown permissions, and unknown data paths that bypass normal review and logging processes.
- Agentic Ai: AI systems that can decide what to do next, select tools, and execute actions within a runtime context. For governance, the key difference is that their behaviour can shift during execution, so fixed approvals and static access assumptions may no longer describe the full risk.
What's in the full article
Gurucul's full blog covers the operational detail this post intentionally leaves for the source:
- Examples of how behavioural analytics is tuned to distinguish AI-enhanced insider activity from baseline user activity.
- The article's framing of deepfake-driven fraud patterns across internal approvals and executive impersonation.
- How the vendor describes autonomous response in the REVEAL platform when suspicious identity behaviour is detected.
- The broader storyline around insider threat detection and what Gurucul says changes in 2025.
👉 The full Gurucul blog covers behavioral analytics, deepfake fraud, and self-driving SIEM use cases.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an identity security programme, it is worth exploring.
Published by the NHIMG editorial team on 2025-07-23.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org