Shadow AI doubles every 18 months, creating blind spots SOCs never see

The rapid evolution of technology has brought about a new wave of security threats that organizations must address. From deepfake attacks to the proliferation of AI agents and machine identities, the landscape of cybersecurity is constantly changing. In a recent incident, a CFO fell victim to a deepfake attack, resulting in a $1 million transfer to a fraudulent account. This type of attack is becoming increasingly common, with deepfakes projected to cost organizations $40 billion by 2027.

Deepfakes are just one aspect of the growing threat landscape. The integration of gen AI into identity systems has created new attack vectors that organizations are still struggling to understand. AI agents with broad permissions, machine identities multiplying exponentially, and shadow AI systems creating unauthorized accounts are all contributing to the complexity of cybersecurity defenses.

Statistics show that organizations are facing millions of deepfake attempts, especially in hiring fraud. The rise of deepfake incidents has been exponential, with contact centers experiencing a surge in voice-based attacks. OpenAI has even integrated deepfake detection capabilities into its security documentation, highlighting the severity of the threat.

In a recent Tech News Briefing with the Wall Street Journal, CrowdStrike CEO George Kurtz discussed the challenges of defending against deepfakes and AI-powered attacks. He emphasized the need for AI to defend against AI, with humans setting the strategic direction. The era of “shallow trust” in digital interactions means that organizations must be vigilant against all types of AI-driven threats.

AI agents represent a significant challenge for organizations, as they operate as superusers with continuous access to systems. Machine identities, which already outnumber human identities, are also growing exponentially, posing a significant security risk. Organizations must invest in automation and visibility to manage the growing complexity of machine identities.

Shadow AI, or unauthorized AI applications within organizations, is another major concern. These applications can lead to breaches and data leaks, costing organizations millions of dollars. Governance frameworks and zero trust architectures are essential for managing the risks associated with shadow AI.

Security leaders must be proactive in addressing these emerging threats. They should assume that identity compromises will occur and focus on limiting the blast radius of breaches. Investing in identity visibility, preparing for deepfakes, and governing AI agents are all critical steps in securing organizations against evolving threats.

The transformation of identity security through gen AI represents a pivotal moment for cybersecurity. Organizations that can adapt to these changes and implement strategic security measures will thrive in the face of growing threats. The race between AI-powered attacks and defenses will define the next decade of cybersecurity, making it essential for security leaders to act decisively in the face of evolving risks.