TL;DR: 99% of organisations faced account takeover threats during the study period, with targeted attacks succeeding more than twice as often as non-targeted ones and 88% of impacted organisations showing post-access abuse, according to Proofpoint. In agentic workspaces, identity compromise extends into downstream agents, OAuth apps, and workflows, so login-only controls no longer contain the blast radius.
NHIMG editorial — based on content published by Proofpoint: LLMjacking, account takeover, and identity abuse in the agentic workspace
By the numbers:
- 99% of organizations experienced account takeover threats during the study period.
- 88% of organizations experience abuse after attackers gain access.
Questions worth separating out
Q: How should security teams respond to account takeover in SaaS environments?
A: Prioritise containment over password changes alone.
Q: Why do MFA controls still fail against account takeover?
A: MFA reduces password-only compromise, but it does not stop attackers who steal session tokens, hijack browsers, or obtain access through adversary-in-the-middle phishing.
Q: What do organisations get wrong about post-compromise identity risk?
A: They often focus on entry control and underweight what happens after access is granted.
Practitioner guidance
- Model takeover as a lifecycle event Tie ATO detection, containment, and recovery into joiner-mover-leaver workflows so compromised identities can be revoked, isolated, and re-certified as part of one process.
- Instrument post-authentication abuse signals Monitor suspicious mailbox rules, unusual file activity, MFA setting changes, and token reuse because these are the behaviours that appear after initial compromise.
- Treat OAuth grants as governed entitlements Inventory consented applications, remove stale grants, and require review of app permissions that can survive password resets.
What's in the full report
Proofpoint's full analysis covers the operational detail this post intentionally leaves for the source:
- The study's phase-by-phase ATO breakdown across pre-takeover, takeover, and post-takeover activity.
- The per-activity detection patterns for mailbox rules, file access, MFA manipulation, and OAuth abuse.
- The sector comparison data showing how compromise rates vary across financial services, education, and public sector environments.
- The dataset description covering 50M+ accounts and the 12-month analysis window.
👉 Read Proofpoint's analysis of account takeover in the agentic workspace →
Account takeover in agentic workspaces: what IAM teams must rethink?
Explore further
Account takeover is now an identity lifecycle failure, not a point-in-time authentication event. Proofpoint's data shows that attackers are not stopping at login success. They are moving into post-access abuse, where identity becomes the control surface for persistence, fraud, and workflow abuse. That means joiner-mover-leaver, session control, and offboarding logic all belong in the ATO response model. Practitioners should treat every successful takeover as a lifecycle governance incident, not just a security alert.
A few things that frame the scale:
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, according to the 2024 Non-Human Identity Security Report.
- 35.6% of organisations cite managing consistent access across hybrid and multi-cloud environments as their top NHI security challenge, according to the 2024 Non-Human Identity Security Report.
A question worth separating out:
Q: How can organisations reduce the blast radius of compromised agent identities?
A: Organisations reduce blast radius by shrinking scopes, separating high-risk permissions from routine tasks, and enforcing runtime controls on tool use. They should also rotate and revoke secrets, remove unnecessary admin consent, and tie every agent to a human owner who can act quickly when behavior changes. The goal is to make one compromised identity affect as little as possible.
👉 Read our full editorial: Account takeover is the core identity risk in agentic workspaces