Identity and AI Threats: Developing an Access Management Defence-in-Depth Strategy

In a matter of months, AI became a tool relied on for daily critical tasks. Now, we are seeing it used just as easily to attack systems, deceive users, or even manipulate data. While full capabilities are still being explored, the most significant threats posed by AI are yet unknown. For rapidly growing tech hubs like Chandigarh, being proactive is not an option—it's a necessity.

Even without knowing exactly what's coming, organizations can take meaningful steps now and develop identity security strategies to defend against AI-driven threats to avoid being an easy target.

Watch the On-Demand Webcast: AI-Powered Identities

Dive deeper into the intersection of Artificial Intelligence and Identity Access Management with our expert panel.

  • Examine how AI is reshaping IAM — and where the real risks lie.
  • Uncover security challenges posed by deepfakes, data manipulation, and AI-driven attacks.
  • Learn how to separate hype from reality when applying AI in identity solutions.
  • Discover how AI can still enhance reliability and risk detection when implemented responsibly.
Watch Now: AI Powered Identity: Fact or Fantasy

Your 4-Step Defence Strategy

01

Suggestion 1: Foundation First: Master the Identity Security Basics

In the face of unknown AI-driven threats, one of the best places to start is with an identity security strategy that addresses the fundamentals. When it comes to identity and access management, solutions that offer 'Preemptive Defense' (a term coined by Gartner) allow detection and protection before a user even authenticates to your systems.

Think IP reputation checks, web application firewalls, machine learning-based risk scoring, and robust user/app policies. Risky behavior is flagged early, and authentication requirements are adjusted to block high-risk attempts outright. Other attempts may trigger more stringent authentication challenges to reduce risk while allowing legitimate users access.

02

Suggestion 2: Evolve Your Authentication for Smarter AI Phishing

AI-driven phishing attacks are getting more convincing, can better replicate human behavior and bypass existing detection mechanisms. Context-based authentication challenges paired with multiple authentication types are key defenses.

Context-based authentication can be used to adjust the choice of authentication option in response to detected risk levels, but should also be based on the resource being accessed. Within an application, this can be achieved through step-up authentication controls.

Multiple authentication options (from OTPs to FIDO2 passkeys) allow organizations to reduce the risk of compromise. For extremely sensitive access, consider leveraging two or more ID-verification solutions.

03

Suggestion 3: Resist Session Hijacking with Step-Up Authentication

With session hijacking bad actors can steal session-related details and bypass the need to authenticate. Expect to see AI used to lure users into actions which lead to the harvesting of crucial information and session cookies.

Consider implementing step-up authentication controls when users access applications with sensitive information. Additionally, enforce the use of phishing-resistant factors to prevent lateral movement. Remember to enforce MFA challenges for users accessing their IDP profile to prevent a bad actor from registering new authentication factors.

04

Suggestion 4: Bring Shadow AI Out of the Shadows

Even with strict AI usage policies, there is very little organizations can do to prevent employees from using unauthorized AI. They may be using chatbots on personal devices and copying results into work documents. It's difficult to track and even harder to stop.

The most effective approach to limit shadow AI is the same used for shadow IT: make it easy for departments to request and gain access to approved, corporate-controlled AI services. This provides organizations oversight over its usage and offers the ability to retain the history and learning it generates.

The Way Forward: Act Now, Adapt Always

AI is moving fast, and so are the threats that come with it. While we can't predict every tactic, organizations can prepare by strengthening their defenses now. That starts with getting the basics right: build a solid foundation of identity security that includes preemptive defence, smarter authentication, and layered protections.

As AI becomes more embedded in our systems, we need to treat it like any other identity that is governed, monitored, and secured. The organizations that prepare early and adapt are the ones that will stay ahead of the curve and keep their systems secure.