In August 2025,
Check Point security researcher
Coral Tayar wrote that the vendor had seen a year-over-year 160% jump in compromised credentials and that in 2024, it reported 14,000 such cases involving its customers’ employee credentials in just one month. Even the credentials of those who were complying with their companies’ password policies were expose in data breaches.
Threat actors are “constantly innovating new ways to steal credentials and finding new techniques to bypass MFA [multifactor authentication].” Tayar
wrote in a blog post. “As long as credential stealing and usage continues to yield results, threat actors will continue to use this method.”
Check Point’s report illustrated an ongoing trend in cybersecurity of bad actors shifting from exploiting vulnerabilities to abusing stolen or compromised identities and credentials to gain access to corporate networks. The common refrain now is “attackers don’t break into systems – they log in.”
Don’t expect that trend to end in 2026, according to security experts. The problems that fueled the fueled the shift to begin with – like reused or weak passwords and stolen credentials available for sale on the dark web – are still around, and now there is AI in the form of rapidly improving deepfake technologies that can seamlessly mimic audio or video of any person.
The Deepfake Threat
February will mark the second anniversary of the Hong Kong financial firm admitting that
fraudsters stole $25 million by convincing an office worker that the person on a video conference call was the multinational’s chief financial officer telling them to send the money to five bank accounts controlled by the bad actors.
Two years later, deepfake technology has only gotten better, and in the new year, it will be virtually impossible to detect.
“Deepfake technology will be nearly indistinguishable from reality,”
Armis President
Alex Mosher said. “Attackers will use synthetic media to impersonate executives, politicians, and trusted individuals on live video calls to authorize fraudulent transactions or manipulate decisions. Entire portfolios of synthetic identities will be created to infiltrate financial institutions, health systems, and government databases, overwhelming existing identity verification systems and blurring the line between human and machine deception.”
Security Needs AI Expertise
Keatron Evans, vice president of portfolio product and AI strategy at
Infosec Institute, agreed, adding that the proliferation of highly convincing deepfakes makes it even more important for security teams and MSSPs to bring AI expertise into their operations. Threat actors aren’t waiting for the cybersecurity industry to catch up. Instead, they’re growing their use of AI in attacks, with deepfakes in particular moving from proofs-of-concept (PoCs) to “front-and-center threats.”
“We’ve already seen AI-generated voices and video used in social engineering attacks that resulted in significant financial losses,” Evans said. “In 2026, deepfake-driven fraud will explode as the technology becomes even more accessible and convincing. Organizations are simply not prepared for this new threat landscape, and the awareness gap around AI-powered attacks is dangerously wide.”
It's becoming a good business for hackers, said
Arik Atar, senior researcher for cyber threat intelligence at
Radware, who warned that “if you thought phishing emails were getting good, wait until you hear your ‘bank representative’ call you … and they sound exactly like your mom.”
Social-Engineering-as-a-Service
“A new underground economy is forming: AI-powered social-engineering-as-a-service attacks, Atar said. “We’re already seeing OTP [over-the-phone]-bot platforms with automated scripts that spoof caller IDs and play fraudulent voice recordings to trick victims into handing over 2FA codes. The next step? Personalized AI voicebots that mimic real people – relatives, coworkers, even your boss – to make account takeovers almost effortless.”
The adoption of two-factor authentication is expanding, he said. Attackers are evolving to get around it, “the cat-and-mouse game we wish would end, but probably won’t.”
The growing use of AI tools, including deepfakes and AI agents by bad actors will fuel an ongoing shift among bad actors away from volume-based social engineering campaigns to a greater focus on quality and adaptive threat models, according to
Ashley Jess, senior intelligence analyst with
Intel 471.
“Looking ahead, we are likely to see selective escalation rather than mass adoption,” Jess said. “We can expect more deepfake-enabled impersonation calls targeting executives and AI-voiced fraud against high-value targets, alongside a surge in synthetic media during elections, geopolitical flash points and social justice debates.”
AI Agents to Bring Threats, Needed Change
The fast adoption of agentic AI will be a challenge for organizations as well, according to
Jacob DePriest, CISO and CIO at
1Password. Identity and access management will shift from visibility and control to governing agents. Humans will continue granting AI agents more access to data and systems and security teams will need to track this across identity, endpoint, and data protection surfaces, DePriest said.
“They will need to handle agents operating with employee permissions, differentiate their actions from humans, and control the credentials granted to them,” he said. “Those who gain visibility and control of agent access will set the standard for trusted AI ecosystems.”
That said, AI agents also will force what
Anand Srinivas, vice president of product and AI at 1Password, calls a “security revolution.” As companies operationalize agentic AI at scale, the unpredictable interactions – agents works as both traditional software and as a user that operates outside of identity systems – will bring about new threat vectors.
Rise of Better Identity Management
“Securing this new paradigm will require breaking down the identity silos and creating a unified, policy-driven identity fabric that governs access deterministically, no probabilistically. In doing so, a new generation of cohesive, secure-by-default identity management solutions will emerge that protect all access for human, machines, and AI identities.”
The AI-fueled threats to identity will bring about the need for a range of new protections. SecureAuth CEO Joseph Dhanapal sees a number of ways businesses will need to adapt. With hackers attacking insecure multifactor authentication (MFA) channels like SMS texts and emails, enterprises will need to shift toward push-based notifications and passwordless authentication.
There also will need to be thorough auditing, continue policy updates, and improved risk-based authentication to close gaps that attackers will exploit. In addition, there will be a push for conversation identity and access management (IAM) tools.
“The market will demand IAM solutions that allow business analysts to interact conversationally with tools, enabling them to build and implement solutions more intuitively and efficiently, utilizing the collective intelligence present within the IAM tool,” Dhanapal said.
Identity Wallets and a Warning
Increasing identity threats also is fueling a sharp rise in the global identity wallet market, which
Juniper Research said will grow from $51 billion in 2025 to
$80 billion in 2030.
However,
Jordan Burris, head of public sector for
Socure, said that in 2026, identity wallets will “escalate into a global arms race in 2026” that will eventually hurt users.
“Entities across the public and private sectors are competing to become the go-to digital wallet provider for consumers” Burris said. “The winners will quickly control public trust, acquire large shares of an emerging market, and access new data flows in the digital economy. But the real losers will be consumers who will suffer a worse online experience, managing just as many wallets as logins.”
Eventually, as the AI-vs.-AI battleground expands, a significant incident will happen, he said.
“At some point in the AI era, a major technology platform will trigger the first global trust crisis,” Burris said. “Whether it’s a large-scale identity breach, a coordinated fraud event, or a deepfake-driven attack, the misuse of digital identity on a widely used platform will set off a domino effect across industries. The result won’t just be technical disruption; it will be a shock to public confidence in the digital ecosystem itself.”
