Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI-powered insider threats: what identity teams need to do now


(@lalit)
Member Admin
Joined: 1 year ago
Posts: 235
Topic starter  

TL;DR: AI-powered insider threats are expanding beyond human-only tactics as attackers use LLMs, deepfakes, shadow AI, and compromised machine identities to accelerate reconnaissance, fraud, and lateral movement, according to Gurucul. Traditional rules-based controls are no longer enough when identity abuse can be generated, impersonated, or orchestrated at machine speed.

NHIMG editorial — based on content published by Gurucul: Insider Threat AI on Both Sides of the Battlefield, The New Face of Insider Threats

By the numbers:

Questions worth separating out

Q: How should security teams govern AI-powered insider threats?

A: Treat AI-powered insider threat as an identity governance problem first.

Q: Why do deepfakes create such a large fraud risk for identity teams?

A: Deepfakes undermine the trust signals many approval processes still depend on, including voice, video, and casual confirmation.

Q: What do teams get wrong about AI agents and insider risk?

A: Teams often focus on the content an AI system produces and miss the identity it uses to operate.

Practitioner guidance

  • Map AI-related identities to named owners Inventory service accounts, API keys, tokens, and model-access credentials that can reach LLMs or adjacent data stores.
  • Separate approval channels for high-risk actions Require out-of-band verification for executive payments, data exports, privilege grants, and session recovery when AI-assisted fraud is possible.
  • Put response authority under explicit guardrails Limit what autonomous security agents can do without human confirmation, especially when revoking access, terminating sessions, or modifying entitlements.

What's in the full article

Gurucul's full blog covers the operational detail this post intentionally leaves for the source:

  • Examples of how behavioural analytics is tuned to distinguish AI-enhanced insider activity from baseline user activity.
  • The article's framing of deepfake-driven fraud patterns across internal approvals and executive impersonation.
  • How the vendor describes autonomous response in the REVEAL platform when suspicious identity behaviour is detected.
  • The broader storyline around insider threat detection and what Gurucul says changes in 2025.

👉 Read Gurucul's analysis of AI-powered insider threats and identity risk →

AI-powered insider threats: what identity teams need to do now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9696
 

AI-powered insider threat is really an identity problem with a faster weapon. The article correctly frames AI as an accelerant, but the security failure sits in identity trust, not in AI alone. When insiders can use model access, deepfakes, and automated reconnaissance to act faster than review cycles, conventional behaviour baselines become reactive rather than preventive. Practitioners should treat the attack surface as a blended human and machine identity problem.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
  • 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.

A question worth separating out:

Q: How do security teams reduce risk from shadow AI use?

A: Start by discovering unsanctioned AI tools in cloud and SaaS environments, then connect them to identity records and data access logs. If the organisation cannot see who is using AI, what it can reach, and whether that access is approved, recertification and investigation will both fail.

👉 Read our full editorial: AI-powered insider threats are reshaping identity and SIEM governance



   
ReplyQuote
Share: