The 2025 Identity Security Landscape report by CyberArk highlights the rising identity-centric risks driven by AI, including the surge of machine identities and sophisticated AI-powered phishing attacks that have led to widespread breaches. Security leaders must adapt to managing AI as both a threat and a defense mechanism to protect sensitive data and mitigate privilege sprawl exacerbated by identity silos. #CyberArk #MachineIdentities #AIPhishing #FuzzyAI
Keypoints
- The report typically starts with an Executive Overview, presenting global survey insights and the reportβs key themes, followed by focused chapters on AIβs role in identity risk, machine identity proliferation, identity silos, and concluding with strategic guidance and an appendix.
- AI is recognized as the top identity-centric risk creator in 2025, with 68% of organizations lacking proper identity security controls for AI and 47% unable to secure shadow AI usage, which leads to significant vulnerabilities.
- Machine identities overwhelm human identities by over 80 to 1, with 94% of respondents reporting an increase in machine identities in the past three years, and 88% of these identities having access to sensitive data, fueling privilege sprawl.
- Identity silos contribute heavily to cybersecurity risks, with 70% of security leaders citing them as a root cause, 49% reporting incomplete visibility into cloud entitlements, and 94% noting lack of integration among identity and security tools hinders attack detection.
- Phishing remains the primary vector for identity breaches, now enhanced with AI-driven personalized and context-aware attacks, causing 90% of organizations to report successful identity-centric breaches recently, with over half experiencing multiple attacks.
- AI offers security teams significant advantages by automating analysis, reducing response times, enabling advanced analytics, and strengthening identity verification, as 61% of respondents plan to enhance identity protection processes using AI within 12 months.
- The report emphasizes the dual nature of AI: while it empowers defense operations, it also introduces new threat vectors, including vulnerabilities from AI model jailbreaking and the rapid proliferation of unmanaged machine identities.
- CyberArkβs FuzzyAI tool is highlighted as an innovative, open-source solution designed to identify and remediate AI security weaknesses by testing vulnerabilities in language learning models (LLMs).
- Organizations face challenges controlling shadow AI, with many employees using unapproved AI tools, compounding identity security risks due to lack of visibility and controls.
- Overall, the report underscores the urgent need for modernized identity risk strategies that address AI-driven risks, machine identity management, and the breaking down of identity silos to maintain business resiliency.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)