AI-driven deception for identity attacks: what changes for IAM teams?

TL;DR: AI-assisted and agentic attacks are compressing response windows to minutes and seconds, while deception controls aim to expose reconnaissance, credential abuse, and lateral movement before compromise, according to Acalvio and Gartner. The structural issue is that reactive confirmation now arrives after attacker trust has already been weaponised.

NHIMG editorial — what this means for NHI practitioners

By the numbers:

• Acalvio says 360 Deception delivered 100% true positives and denial of attacker objectives in a U.S. Navy evaluation.

Questions worth separating out

Q: How should security teams defend identities against AI-driven attack automation?

A: Security teams should assume that reconnaissance, credential validation, and lateral movement can happen faster than human investigation can complete.

Q: Why do deceptive controls matter more when attacks move at machine speed?

A: Deceptive controls matter because machine-speed attacks depend on a stable environment to confirm what is real and what is worth pursuing.

Q: What breaks when identity response is still built around alert confirmation?

A: What breaks is the assumption that there will be enough time to detect, investigate, and act before the attacker has moved on.

Practitioner guidance

• Map the identities that attackers validate first Identify which service accounts, tokens, and exposed trust paths would give an intruder the fastest confirmation during reconnaissance.
• Deploy deceptive identity artefacts at high-value trust points Place honeytokens, decoys, and cloaked assets where automated tooling is likely to test access, especially around credential abuse and lateral movement.
• Rebuild detection around pre-impact interruption Tune workflows so suspicious identity activity triggers disruption, diversion, or containment before privilege escalation is complete.

What's in the full announcement

Acalvio's full press release covers the operational detail this post intentionally leaves for the source:

• How 360 Deception orchestrates decoys and honeytokens across its deception fabric to influence attacker movement
• The specific deployment and operational claims behind making deceptive assets look like production systems
• The U.S. Navy exercise context and the performance claims Acalvio associates with that evaluation

👉 Read Acalvio's press release on 360 Deception and AI attack automation →

AI-driven deception for identity attacks: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →