AI Displaces Stolen Credentials as Top Identity Concern
New report highlights a shift toward industrial-scale automation as generative and agentic AI become primary threats to enterprise security.
- By Jesse Jacobs
- Mar 10, 2026
Generative AI and agentic AI have officially overtaken stolen credentials as the leading identity security concern for global organizations, according to a new industry report.
The State of Passwordless Identity Assurance report, released Tuesday, indicates a significant shift in the threat landscape. For the first time, 53% of organizations cited generative AI and 45% cited agentic AI as their primary worries, signaling that the era of human-scale credential theft is being replaced by industrial-scale automated attacks.
This evolution has forced a strategic pivot toward identity verification. While technical literacy regarding modern authentication methods has reached record highs, enterprise-wide adoption continues to lag behind the velocity of AI-driven threats.
The Rise of Synthetic Media
The report found that 87% of organizations have encountered audio or video deepfakes during identity-based attacks. These synthetic media threats are no longer theoretical, with 45% of respondents identifying prerecorded video deepfakes as a top concern and 40% reporting incidents of AI voice cloning targeting call centers.
Identity impersonation incidents have increased by 35% over the past year. Candidate fraud, where attackers use AI to spoof identities during the hiring process, emerged as the second most prevalent threat behind credential misuse.
"In 2026, automated agents will leak more passwords than people," said Bojan Simic, CEO and co-founder of HYPR. "We must move past point-in-time security and make identity verification a permanent part of how we manage every employee, from onboarding to offboarding."
The Velocity Paradox
The speed of modern attacks is creating a "velocity paradox." While defensive tools currently detect 65% of identity-based attacks within hours, AI automation often allows for data exfiltration before security teams can intervene.
The report also highlighted a "hindsight tax" in cybersecurity budgeting. Approximately 59% of organizations only increase their security spend after a breach occurs. Following a compromise, 61% of those companies prioritize the immediate deployment of identity verification and 57% focus on multi-factor authentication.
Bridging the Implementation Gap
Despite the rising threats, a gap remains between awareness and action. Literacy regarding FIDO passkeys has reached 64%, and 64% of leaders now consider them the gold standard for authentication. However, enterprise-wide adoption remains stalled at 43%.
Current data suggests a market shift is imminent. Three-quarters of surveyed organizations plan to invest in passwordless tools this year, and 33% have successfully scaled passwordless protection to more than half of their workforce.
While 76% of organizations still rely on legacy passwords, the report indicates that one-third of enterprises have active passwordless pilots underway—the highest level of any authentication method currently tracked.