AI-driven attacks and identity controls: what changes for teams?

TL;DR: AI-driven attacks are scaling social engineering, intrusion, and monetization faster than traditional defenses expect, and RSA says identity, governance, and operational controls can slow autonomous attackers while reducing business exposure, regulatory risk, and reputational damage. The practical shift is that recovery speed and control effectiveness now matter more than user-facing friction alone.

NHIMG editorial — here’s why we think this discussion matters

Questions worth separating out

Q: How should security teams evaluate identity controls against AI-driven attacks?

A: Security teams should evaluate identity controls by how much they reduce attacker speed and leverage, not by how strict they feel for users.

Q: Why do AI-driven attacks change the value of PAM and IAM controls?

A: AI-driven attacks change the value of PAM and IAM controls because the attacker can chain identity abuse faster than traditional response processes expect.

Practitioner guidance

• Measure attacker interruption, not just control coverage Track whether identity and governance controls shorten the time from initial compromise to containment, especially where AI-driven abuse can move faster than manual review.
• Review controls for attacker leverage reduction Classify controls by whether they reduce standing privilege, block credential reuse, constrain session scope, or limit lateral movement.
• Test autonomous abuse against approval loops Evaluate whether automated or AI-mediated attack paths can complete meaningful abuse before human approval gates or periodic governance checks would intervene.

What to expect at the briefing

RSA Security's full on-demand webinar covers the operational detail this post intentionally leaves for the source:

• How RSA experts map AI-driven attack behaviour to specific identity and governance control points.
• Which controls measurably reduce attacker risk rather than only making life harder for legitimate users.
• How the webinar connects business exposure, regulatory risk, and reputational impact to operational controls.
• Mitigation recommendations discussed in the session for identity, access, and AI governance alignment.

👉 Watch RSA Security's on-demand webinar on AI threats, exposure, and controls →

AI-driven attacks and identity controls: what changes for teams?

Explore further

View Full Forum →  |  NHI Foundation Course →