AI Both Endangers And Protects Identities

Artificial intelligence is a double-edged sword, according to the new Cisco DUO report 2025 State of Identity Security, which surveyed 650 IT and security managers across Europe and North Africa. The key finding: According to 44 per cent of executives, AI-based phishing will be one of the biggest threats to identities in 2025. At the same time, however, AI is also modernising identity protection. 85 per cent of companies are introducing appropriate security solutions into their corporate networks to block AI-based attacks.

Significant Risks To Identity Security

Although executives recognise the importance of identity security, there are major gaps in confidence and execution. According to the report, only a third (33 per cent) of executives believe that their current identity provider (IdP) can prevent attacks on identities. This is due, among other things, to complex systems and a lack of transparency regarding potential vulnerabilities.

A significant 94 per cent of executives say that a complex identity infrastructure compromises their overall security. In addition, 69 per cent admit that they do not have a complete overview of the identity risks in their company. No wonder: on average, IT and security teams use roughly five tools to solve an identity problem.

The consequences can be costly. Nearly half (51 per cent) of decision-makers report financial losses due to identity theft. In response to this threat, 82 per cent have already increased their investment in identity security for 2025.

Constant Phishing And MFA Gaps

This is particularly important given the constant threat of phishing, which requires the comprehensive implementation of multi-factor authentication (MFA). But while 87 per cent of executives believe that phishing-resistant MFA is critical to their security, only 30 per cent are confident in their phishing controls.

Nevertheless, 19 per cent of companies have already introduced FIDO2 tokens for phishing-resistant MFA. Hardware tokens that comply with the standards of the FIDO Alliance (Fast IDentity Online) are connected to a computer as a USB stick, for example, and offer a high security level because the private key remains on the device. However, these tokens are often reserved for privileged users due to the effort involved in management (57 per cent), hardware costs (47 per cent), and additional training (53 per cent). At least 61 per cent of executives want to introduce passwordless access but anticipate challenges in implementation.

79 per cent want to consolidate providers – also to improve real-time transparency.

There are several hurdles to overcome when it comes to securing identities. A remarkable 74 per cent of IT executives admit that identity security solutions are added to infrastructure planning as an afterthought, rather than being integrated from the beginning. This can lead to additional costs, complexity, and impaired transparency. To improve this, 79 per cent of teams are actively considering consolidating providers.

In addition, real-time visibility into identity and device behaviour is necessary for security and IT teams to make informed decisions. After all, 52 per cent of companies have now fully integrated identity and device telemetry.

“Companies need modern identity solutions that prioritise security without compromising user experience,” summarises Nabeel Rajab, Technical Solutions Architect at Cisco. “Only security-oriented IAM – Identity and Access Management – in the corporate network ensures strong identity protection against AI attacks.”