Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI-augmented workforce identity attacks: what IAM teams missed


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10965
Topic starter  

TL;DR: AI-generated voice clones, deepfake video, synthetic employee fraud, MFA bypass, and third-party access gaps defined workforce identity risk in 2025, according to Incode's analysis. Conventional onboarding, MFA, and offboarding controls failed because they were built for static trust signals, not adversarial identity manipulation across the employment lifecycle.

NHIMG editorial — based on content published by Incode: The Workforce Identity Crisis of 2025 and what it exposed about modern attacks

Questions worth separating out

Q: How should security teams reduce workforce identity risk beyond onboarding checks?

A: They should connect onboarding, access provisioning, periodic re-verification, and offboarding into a single lifecycle model.

Q: Why do conventional MFA methods struggle in workforce identity attacks?

A: Because attackers increasingly target the weakest assurance path rather than the strongest one.

Q: What breaks when third-party access is managed outside identity governance?

A: Access can outlive the business relationship, remain over-provisioned, and evade normal recertification or offboarding.

Practitioner guidance

  • Rebuild workforce verification around lifecycle assurance Connect candidate verification, onboarding, access provisioning, and periodic re-verification into one control path so identity trust does not end at hire date.
  • Move high-risk access to phishing-resistant MFA Prioritise FIDO2 or passkey-based authentication for privileged users and sensitive workforce roles, then remove SMS and push methods where session theft would be high impact.
  • Bring third-party access into the same governance process Inventory contractor and vendor accounts, assign owners, and enforce recertification and offboarding through the same identity governance workflow used for employees.

What's in the full article

Incode's full article covers the operational detail this post intentionally leaves for the source:

  • The article's breakdown of AI-augmented fraud patterns across voice cloning, deepfake video, and personalised phishing.
  • The specific workforce assurance changes Incode argues for across onboarding, MFA, and employment lifecycle verification.
  • The vendor's perspective on how identity verification tooling fits into workforce and third-party access governance.
  • The closing implications for 2026 identity strategy and where verification controls are expected to tighten.

👉 Read Incode's analysis of the 2025 workforce identity crisis →

AI-augmented workforce identity attacks: what IAM teams missed?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10520
 

Identity assurance, not endpoint control, is the primary failure surface in workforce attacks. The article's pattern is consistent with what identity teams see across modern breach chains: attackers do not need to break every control if they can get a legitimate identity to carry the session for them. That shifts the centre of gravity from network visibility to issuance, verification, and lifecycle governance. Practitioners should treat workforce identity as an assurance programme with measurable failure modes, not a collection of point tools.

A few things that frame the scale:

A question worth separating out:

Q: Who is accountable when a synthetic employee gains access and causes harm?

A: Accountability sits with the organisation that issued the access, not with the attack narrative. HR, IAM, security, and business owners all share responsibility for the lifecycle controls that failed. The governing question is whether the process could have detected fabrication, limited privilege, and removed access fast enough to matter.

👉 Read our full editorial: Workforce identity controls are failing under AI-augmented attacks



   
ReplyQuote
Share: