Logging In, Not Breaking In: The Rise of Malware-Free Intrusions

Transforming Identity Security with Generative AI

Identity security is undergoing a significant transformation with the rise of generative AI technology. This cutting-edge advancement is reshaping the landscape of security, presenting both opportunities and challenges as security professionals strive to outpace adversaries in the ever-evolving gen AI arms race.

Adversarial AI techniques such as voice phishing (vishing) and deepfakes are experiencing exponential growth rates according to the latest security research. CrowdStrike’s 2025 Threat Hunting report highlights a 442% surge in vishing attacks from the first half to the second half of 2024, signaling a major shift in eCrime tactics. Adversaries are harnessing AI-driven social engineering and deepfake tools to circumvent Multi-Factor Authentication (MFA) and exploit credentials on a large scale.

The report also reveals that a significant portion of exploited vulnerabilities are related to initial access, with compromised identities being a common entry point. The use of generative AI to create, impersonate, and abuse identities is a driving force behind these trends.

Machine identities now outnumber human users in the average enterprise, with attackers able to move laterally in just 51 seconds. Traditional identity and access management systems, based on static rules and periodic reviews, are struggling to keep pace with threats that move at machine speed.

The year 2024 saw a dramatic acceleration in the adoption of gen AI capabilities, transitioning from experimental phases to full-scale production. Analysts predict a substantial increase in information security spending, with estimates reaching $213 billion in 2025. Organizations are expected to replace legacy rule-based systems with AI-powered platforms that can learn, adapt, and respond autonomously to security threats.

According to IDC, the Identity and Access Management (IAM) market is projected to double from $23.5 billion in 2024 to $47.1 billion in 2028, indicating robust growth in identity security. Gartner’s Big Picture of IAM emphasizes the importance of prioritizing optimal outcomes by addressing user constituencies and managing access through an integrated fabric of tools.

Real-world data from CrowdStrike’s 2025 Global Threat Report indicates that a significant number of detections are now malware-free, indicating that attackers are gaining access through valid credentials rather than traditional malware. A high percentage of organizations have experienced identity-related intrusions, with many acknowledging that better identity management tools could have mitigated the damage.

Cristian Rodriguez, Field CTO, Americas at CrowdStrike, emphasizes the shift towards viewing identity as the new perimeter in security. With the advent of generative AI, defenders now have the tools to detect and respond to threats in real-time, preventing lateral movement across different domains.

Behavioral Intelligence at Enterprise Scale: The Cushman & Wakefield Case Study

The practical impact of gen AI on identity security is exemplified by Cushman & Wakefield, a leading commercial real estate services firm. Facing the challenge of securing identities for a vast workforce spread across multiple locations, the company turned to CrowdStrike’s Falcon Next-Gen Identity Security for real-time protection.

Traditional security approaches were deemed inadequate for the evolving threat landscape, prompting the need for a solution that could seamlessly integrate into the broader security strategy. Embracing zero trust principles, Cushman & Wakefield sought to provide privileged access on-demand while ensuring security across the identity attack chain.

The Falcon platform leverages gen AI to establish behavioral baselines for every identity within the infrastructure, whether human, machine, or AI agents. It monitors a multitude of SaaS applications simultaneously, assigns dynamic risk scores, and takes immediate action in response to anomalies.

Service accounts that exhibit unusual behavior, such as accessing a significantly higher number of resources than usual, trigger automated remediation processes. Group memberships are adjusted, step-up authentication is enforced, or access is revoked in real-time, preventing potential security breaches.

Rodriguez highlights the importance of unifying identity security across all types of identities, including human, machine, and AI agents. By establishing a single layer of visibility and control, organizations can effectively manage security threats across diverse environments.

Large Language Models Revolutionizing Identity Governance

Traditional identity governance and vulnerability assessment systems are struggling to keep pace with the rapidly evolving cyber threats. Mike Riemer, Ivanti’s Field CISO, emphasizes the limitations of traditional scoring systems in prioritizing vulnerabilities effectively.

Ivanti’s Vulnerability Risk Rating (VRR) harnesses real-time threat intelligence and asset-criticality analysis to expedite patching processes and reduce vulnerability exposure. CrowdStrike, SentinelOne, Tenable, SailPoint, ForgeRock, CyberArk, Okta, Palo Alto Networks, and Microsoft are among the leading vendors integrating AI-driven solutions into identity governance and threat management.

Reputation is at the forefront of embedding identity context directly into AI reasoning models, enhancing trust signals and security in industries like healthcare. The shift towards incorporating identity into AI reasoning introduces new challenges regarding data privacy and security, requiring stringent encryption and governance measures.

These advancements in generative AI are reshaping identity governance and vulnerability management, transitioning from reactive approaches to proactive, real-time security resilience.

The Vendor Landscape: Leaders and Capabilities

Security leaders evaluating identity security vendors are faced with a dynamic market driven by gen AI technology. Vendors such as CrowdStrike, Ivanti, Microsoft, Okta, ForgeRock, Ping Identity, SailPoint, SentinelOne, Abnormal Security, and Arctic Wolf are offering AI-driven solutions for enhanced identity security.

These vendors are translating AI innovation into tangible operational advantages, enabling organizations to bolster their security posture and mitigate emerging threats effectively.

Measuring Real ROI: Where Gen AI Delivers Value

Gen AI is proving to deliver substantial returns on investment in key areas that CISOs should prioritize. Enterprises deploying gen AI technology have seen significant improvements in investigation times, reduction of excessive privileges, faster detection of threats, and a decline in false positives.

The data underscores the transformative impact of gen AI on identity security, offering measurable strategic advantages that organizations can leverage to enhance their security operations.