AI-Driven Cyberattacks Rise; Identity Controls Urged

Recent assessments warn that AI is transforming cybercrime, enabling attackers to automate reconnaissance, craft hyper‑real phishing and deepfake scams, and generate polymorphic malware that evades traditional defenses. Adversaries are using LLMs and other AI to produce highly targeted, scalable campaigns—examples include AI‑obfuscated phishing payloads hidden in SVGs, fake CAPTCHAs, and audio/video deepfakes—complicating detection and attribution. The healthcare sector has been severely affected, with hundreds of millions of records exposed, patient harm, and identity-theft costs, while ransomware has evolved into an AI-driven extortion business with higher payouts and turnkey offerings. Defenders are adopting AI-driven detection, fraud-prevention, dark‑web intelligence, and endpoint protections, but persistent gaps in anti‑phishing training and the changing application landscape mean identity (authentication and fine‑grained authorization for AI agents) must become the new security boundary. Organizations are urged to assume AI-enabled attacks are already underway, accelerate strategic investments in identity controls and AI defenses, and pair human governance with technical protections to reduce exposure.