The rapid advancement of artificial intelligence is revolutionizing industries at breakneck speed. However, as AI continues to fuel innovation, it is also exposing critical vulnerabilities in cybersecurity - particularly in identity protection. John Paul Cunningham, Chief Information Security Officer (CISO) at Silverfort, warns that the unchecked expansion of AI integration across organizations is creating a perfect storm for identity-based threats.
AI: A Double-Edged Sword for Innovation and Security
“AI has had a profound impact on the way businesses operate and the speed at which they are able to innovate,” Cunningham said. “By 2025, the continued rapid adoption of AI will spark an unprecedented wave of innovation, but it will also expose glaring gaps in security that have been left untouched—specifically when it comes to identity, which accounts for 80% of all data breaches.”
Cunningham highlighted a troubling disconnect: while organizations eagerly deploy AI to drive efficiency and competitiveness, many are neglecting the need for robust security frameworks to guard against evolving threats.
“With the rapid pace of AI adoption and manipulation, siloed identity management tools and traditional MFA tools are no longer enough,” he stated. “Identities need to be checked continuously, especially amid the rise of sophisticated threats and DarkAI.”
Cunningham predicts a pivot in the coming years, with organizations prioritizing end-to-end identity security solutions. “Identity was misunderstood and unloved for so many years; it’s finally getting the attention it needs. It’s gone from a help desk ticketing thing where we provisioned to being mission-critical for a good cybersecurity program,” he said.
Cyber Insurance and the Rise of Identity-Based Threats
The impact of these vulnerabilities extends beyond the tech stack to the financial world, particularly cyber insurance. Cunningham foresees a shift in how insurers assess risk and determine coverage.
“With the sheer volume of identity-based attacks in 2024—such as Change Healthcare, the Midnight Blizzard breach of Microsoft, Snowflake, and Ticketmaster—we’re already seeing insurance providers crack down,” he explained.
Traditional cyber insurance policies, which often rely on checkbox compliance questions, will become more sophisticated. “The questions insurers will ask prospective policyholders in 2025 will no longer be simple hygienic questions such as whether your organization has implemented multi-factor authentication (MFA), but rather what those MFA tools are truly protecting, are you successfully achieving least privilege, and can you stop lateral movement,” Cunningham said.
This shift will put pressure on organizations to adopt advanced identity protection measures that prioritize real-time detection and prevention over static compliance. Businesses that act early to strengthen their identity security infrastructure may benefit from reduced insurance premiums and a competitive edge.
A Call to Action for Cybersecurity Leaders
As 2025 approaches, Cunningham urges security leaders to evolve their strategies. “Leaders must shift their focus from merely educating teams about AI risks to actively detecting and preventing attacks,” he said. For many, this will mean breaking down silos between identity providers and implementing comprehensive security measures across all environments—on-premises, cloud, and hybrid.
By aligning innovation with proactive security practices, organizations can harness the power of AI without becoming vulnerable to its darker implications. “The organizations that get ahead of this curve will be the ones that not only survive but thrive in the AI era,” Cunningham concluded.
The clock is ticking for businesses to rethink their security priorities. Will they rise to the challenge, or will they be left exposed in the rapidly evolving digital battleground? One thing is clear: identity security is no longer a luxury—it’s a necessity.