TL;DR: 37% of organisations changed their security approach after AI-driven attacks, according to Netwrix’s 2025 Cybersecurity Trends Report, while 29% now say auditors require proof of data security and privacy in AI-based systems. The pressure point is no longer whether AI matters, but whether identity and data governance can keep pace with AI-amplified attack speed.
NHIMG editorial — based on content published by Netwrix: Netwrix Research on AI-Driven Threats and Security Strategy Changes
By the numbers:
- 37% said AI-driven attacks forced them to adjust their security approach over the past year.
- 29% report auditors now require proof of data security and privacy in AI-based systems.
- AI-based tools as a top-five IT priority has surged 189% in two years, from 9% in 2023 to 26% in 2025.
Questions worth separating out
Q: How should security teams govern AI systems that use identity credentials?
A: They should treat AI-connected credentials as governed identities, not as implementation details.
Q: Why do AI-driven attacks increase risk for identity and access management programmes?
A: They increase risk because they compress the time between exposure and impact.
Q: What do organisations get wrong when they separate AI risk from identity risk?
A: They assume AI is only an application layer issue, when it often depends on the same credentials and permissions that govern other non-human identities.
Practitioner guidance
- Inventory AI-connected identities Map every AI workload, service account, API key, token, and orchestration account that can access sensitive data or security tooling.
- Bring AI systems into access review Add AI-related credentials and permissions to the same entitlement review and recertification process used for other non-human identities.
- Reduce identity blast radius Split high-risk AI functions from broader operational permissions, remove standing privilege where possible, and require narrower task-scoped access for any workflow that can reach sensitive systems.
What's in the full report
Netwrix's full research covers the survey detail this post intentionally leaves for the source:
- Regional and industry breakdowns of how AI-driven threats are changing security strategy.
- Survey methodology from 2,150 IT and security professionals across 121 countries.
- Additional findings on how AI tools are improving detection and reducing manual effort.
- The full set of priority actions respondents ranked for strengthening cybersecurity.
👉 Read Netwrix's research on how AI-driven threats are changing security strategy →
AI-driven threats and identity controls: what changes for security teams?
Explore further
AI-driven threats are now an IAM governance problem, not just a security operations problem. When attack speed rises, the limiting factor becomes whether identities, secrets, and permissions are governed with enough precision to survive automated abuse. That changes the centre of gravity from isolated detection to lifecycle control, entitlement scope, and provable access boundaries. Practitioners should treat AI pressure as a governance redesign trigger.
A few things that frame the scale:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
Q: Who is accountable when an AI system exposes sensitive data through access misuse?
A: Accountability should sit with the team that owns the identity, the data path, and the control evidence, not with the AI label itself. In practice, that usually means IAM, security, and application owners share responsibility for access scope, secrets handling, and revocation. Auditability should prove the chain of ownership.
👉 Read our full editorial: AI-driven threats are reshaping identity and data security strategies