AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link
PwC report finds AI amplifies attack speed and scale, with identity compromise becoming a cybercriminal supply chain.
Summary
PwC's Cyber Threats in Motion report reveals that AI is accelerating attacker capabilities in reconnaissance, phishing, and malware development, while identity theft has evolved into a structured supply chain where threat actors buy and generate stolen credentials. Though fully autonomous AI-driven attacks remain emerging rather than widespread, traditional identity compromise remains the primary entry vector, with geopolitical factors increasingly shaping threat actor motivations and targets across financial crime, espionage, and state-sponsored operations.
Full text
Three primary concerns for cybersecurity teams today are identity, pace, and a battleground shaped by global politics. The influence of AI pervades cybersecurity, giving attackers added sophistication, speed and scale. Where attacks are directed and by whom is increasingly influenced by geopolitical tensions and international alliances. But the focus of cybersecurity must remain on identity, since identity is the fulcrum of entry; and is so easily lost. Infostealers and consequent stealer logs feed initial access brokers, who sell the identities to criminals. “At the same time, AI is enabling attackers to generate highly convincing phishing campaigns and impersonations themselves, including deepfake-enabled social engineering,” comments Allison Wikoff, global threat intelligence leader, Americas, at PwC. “What has changed is the scale and efficiency: identity compromise has effectively become a supply chain, where threat actors mix buying and generating access depending on what is most efficient for how they are conducting their operations and engaging with targeted environments or people.” Allison Wikoff, Global Threat Intelligence Leader, Americas, at PwC. This scenario is described in PwC’s report, Cyber threats in motion. With access-ability, attacker speed is increasingly problematic. AI is becoming a core component of threat actors’ tradecraft, who use it “to automate reconnaissance, generate convincing phishing lures, accelerate malware development, and scale social engineering across languages and platforms… autonomous AI agents capable of executing entire attack sequences without human intervention are a prime concern.” For the moment, entire automated attack sequences are a concern rather than a dire active threat. Wikoff explains: “This is emerging but not yet widespread at scale. Our report points to early examples – like proof-of-concept autonomous agents and campaigns where a significant portion of activity is AI-driven – but these remain relatively early-stage and not consistently reliable. In practice today, we’re seeing some autonomy: AI is being used to accelerate reconnaissance, phishing, and malware development rather than fully replacing human operators end-to-end.” The doomsday scenario of fully autonomous agentic-AI attacks operating at speed without attacker guidance may be coming but has not yet arrived – and may take longer than we fear. “There are some threat actors we track that have not significantly changed their TTPs in nearly 10 years. Traditional techniques like phishing and credential theft remain highly effective, and many organizations are still grappling with basic security fundamentals,” continues Wikoff.Advertisement. Scroll to continue reading. “Until those gaps are addressed, attackers will continue to target the lowest-hanging fruit, meaning AI is augmenting attacks, but the shift will likely be more evolutionary than revolutionary.” That doesn’t mean defenders can relax. The increasingly connected nature of modern business means that company infrastructures are connected between companies and across cloud platforms and continents. Threat actors, whether nation state, cybercriminal, or a blend of both, have already “found new ways to accelerate through the blind corners of edge devices, supply chains, and cloud ecosystems – turning trusted dependencies into high-speed attack paths with cascading impact.” Beyond better defense of identities, it is important for companies to understand their own ‘crown jewels’ and who might wish to steal them. This is largely, but not entirely, driven by geopolitical conditions. “Most organizations are not equally attractive to all threat actors. Some are targets for financial gain, others for intellectual property, strategic access, or geopolitical influence. And some attacks are still opportunistic in nature,” comments Wikoff. “Regardless, it makes it critical for leaders to clearly define their ‘crown jewels’ , the systems, data, identities, and relationships that would have the greatest business or strategic impact if compromised.” She continues, “Once that’s established, organizations can better align their defenses to the threats most relevant to them, rather than trying to defend everything equally. In practice, effective network defense comes from combining threat intelligence with a clear understanding of what matters most to your business, and how different types of attackers are likely to pursue it.” Different attackers are likely to have different motivations, from simple crime, espionage, and hacktivism to sabotage, with different tradecrafts. “We assess Russia-based threat actors will likely continue to blend cyber and influence operations against European and transatlantic democracies; China-based threat actors are assessed to sustain persistent access in telecommunications and other critical infrastructure; and tighter attribution and regulation will raise the cost of misjudged risk in mergers and acquisitions, entry into new jurisdictions and markets, and third-party selection,” says PWC. Know yourself and know your enemy is good advice. But the first step must be better protection of identities and access. “In an identity-driven, AI-accelerated threat landscape, resilience belongs to organizations that govern identity at speed, validate trust continuously, and treat cyber risk as inseparable from business and geopolitical strategy,” concludes PwC. Learn More at the AI Risk Summit Related: Russian APT Exploits Zimbra Vulnerability Against Ukraine Related: Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach Related: Cyber Insights 2026: Malware and Cyberattacks in the Age of AI Related: Cyber Insights 2026: Social Engineering Written By Kevin Townsend Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines. More from Kevin Townsend Iran Readied Cyberattack Capabilities for Response Prior to Epic FuryHacker Conversations: Ben Harris, From Unintentional Young Hacker to Intentional Adult CEOThe Collapse of Predictive Security in the Age of Machine-Speed AttacksShadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesAI, APIs and DDoS Collide in New Era of Coordinated CyberattacksCISO Conversations: Aimee Cardwell‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating PayloadKevin Mandia’s Armadin Launches With $190 Million in Funding Latest News Russian Cybercriminal Gets 2-Year Prison Sentence in US iOS, macOS 26.4 Roll Out With Fresh Security PatchesFCC Bans New Routers Made Outside the US Over National Security RisksRSAC 2026 Conference Announcements Summary (Day 2)From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPIUS Prisons Russian Access Broker for Aiding Ransomware AttacksHackerOne Employee Data Exposed in Massive Navia BreachDoE Publishes 5-Year Energy Security Plan Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveThe US Senate confirmed Markwayne Mullin as DHS Secretary.7AI has appointed Israel Barak as its first Chief Information Security Officer.Brian Harrell has been appointed