Three primary concerns for cybersecurity teams today are identity, pace, and a battleground shaped by global politics.
The influence of AI pervades cybersecurity, giving attackers added sophistication, speed and scale. Where attacks are directed and by whom is increasingly influenced by geopolitical tensions and international alliances. But the focus of cybersecurity must remain on identity, since identity is the fulcrum of entry; and is so easily lost.
Infostealers and consequent stealer logs feed initial access brokers, who sell the identities to criminals. “At the same time, AI is enabling attackers to generate highly convincing phishing campaigns and impersonations themselves, including deepfake-enabled social engineering,” comments Allison Wikoff, global threat intelligence leader, Americas, at PwC.
“What has changed is the scale and efficiency: identity compromise has effectively become a supply chain, where threat actors mix buying and generating access depending on what is most efficient for how they are conducting their operations and engaging with targeted environments or people.”
This scenario is described in PwC’s report, Cyber threats in motion. With access-ability, attacker speed is increasingly problematic. AI is becoming a core component of threat actors’ tradecraft, who use it “to automate reconnaissance, generate convincing phishing lures, accelerate malware development, and scale social engineering across languages and platforms… autonomous AI agents capable of executing entire attack sequences without human intervention are a prime concern.”
For the moment, entire automated attack sequences are a concern rather than a dire active threat. Wikoff explains: “This is emerging but not yet widespread at scale. Our report points to early examples – like proof-of-concept autonomous agents and campaigns where a significant portion of activity is AI-driven – but these remain relatively early-stage and not consistently reliable. In practice today, we’re seeing some autonomy: AI is being used to accelerate reconnaissance, phishing, and malware development rather than fully replacing human operators end-to-end.”
The doomsday scenario of fully autonomous agentic-AI attacks operating at speed without attacker guidance may be coming but has not yet arrived – and may take longer than we fear. “There are some threat actors we track that have not significantly changed their TTPs in nearly 10 years. Traditional techniques like phishing and credential theft remain highly effective, and many organizations are still grappling with basic security fundamentals,” continues Wikoff.
“Until those gaps are addressed, attackers will continue to target the lowest-hanging fruit, meaning AI is augmenting attacks, but the shift will likely be more evolutionary than revolutionary.”
That doesn’t mean defenders can relax. The increasingly connected nature of modern business means that company infrastructures are connected between companies and across cloud platforms and continents. Threat actors, whether nation state, cybercriminal, or a blend of both, have already “found new ways to accelerate through the blind corners of edge devices, supply chains, and cloud ecosystems – turning trusted dependencies into high-speed attack paths with cascading impact.”
Beyond better defense of identities, it is important for companies to understand their own ‘crown jewels’ and who might wish to steal them. This is largely, but not entirely, driven by geopolitical conditions.
“Most organizations are not equally attractive to all threat actors. Some are targets for financial gain, others for intellectual property, strategic access, or geopolitical influence. And some attacks are still opportunistic in nature,” comments Wikoff. “Regardless, it makes it critical for leaders to clearly define their ‘crown jewels’ , the systems, data, identities, and relationships that would have the greatest business or strategic impact if compromised.”
She continues, “Once that’s established, organizations can better align their defenses to the threats most relevant to them, rather than trying to defend everything equally. In practice, effective network defense comes from combining threat intelligence with a clear understanding of what matters most to your business, and how different types of attackers are likely to pursue it.”
Different attackers are likely to have different motivations, from simple crime, espionage, and hacktivism to sabotage, with different tradecrafts. “We assess Russia-based threat actors will likely continue to blend cyber and influence operations against European and transatlantic democracies; China-based threat actors are assessed to sustain persistent access in telecommunications and other critical infrastructure; and tighter attribution and regulation will raise the cost of misjudged risk in mergers and acquisitions, entry into new jurisdictions and markets, and third-party selection,” says PWC.
Know yourself and know your enemy is good advice. But the first step must be better protection of identities and access.
“In an identity-driven, AI-accelerated threat landscape, resilience belongs to organizations that govern identity at speed, validate trust continuously, and treat cyber risk as inseparable from business and geopolitical strategy,” concludes PwC.
Learn More at the AI Risk Summit
Related: Russian APT Exploits Zimbra Vulnerability Against Ukraine
Related: Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach
Related: Cyber Insights 2026: Malware and Cyberattacks in the Age of AI
