As cybercrime grows in scale and complexity, cybersecurity experts are warning that identity has become the primary target for attackers, replacing traditional infrastructure as the main gateway for breaches.
This shift is a central theme of World Identity Security Management Day 2026, which highlights the increasing risks linked to both human and non-human identities. With the rise of cloud computing, artificial intelligence and automation, organisations are facing mounting pressure to control who—or what—can access their systems.
Security leaders say the threat landscape has changed significantly. Morey Haber noted that identity management now extends beyond human users to include autonomous systems operating continuously. He warned that AI-driven identities tied to privileged access present a growing risk, as they can be exploited at machine speed if not properly governed.
The rapid expansion of AI technologies has introduced what experts describe as an “identity paradox.” Mortada Ayad said enterprises are increasingly dependent on non-human identities such as AI agents, which are deeply embedded in critical operations. Despite their importance, these systems are often treated as simple tools rather than high-risk access points, leaving gaps in security frameworks.
Cybercriminals are adapting quickly to these changes. Vibin Shaju said attackers are now focusing on exploiting trust rather than breaking through technical defences. By targeting credentials and access pathways, they can scale attacks rapidly from a single compromised account, making detection and containment more difficult.
Threat intelligence findings support this trend. Santiago Pontiroli explained that many attackers now gain entry by logging in with stolen or purchased credentials, rather than hacking systems directly. This approach has turned identity compromise into the core of many cyberattacks, supported by a growing underground market for access data.
Emerging technologies are adding urgency to the issue. Dr. Moataz Bin Ali said quantum computing is becoming a strategic concern for organisations, with the potential to transform data security risks. He warned that businesses must begin preparing now as the combination of AI and quantum advances reshapes the digital environment.
In regions such as the UAE, the challenge is becoming more complex. Bilal Baig said organisations are managing a growing network of identities, including employees, contractors, cloud services and automated systems. Each represents a potential vulnerability if not continuously monitored.
Experts also stress the importance of recovery planning. Fady Richmany said that once identity systems are compromised, attackers can move freely across networks. He warned that restoring data without securing identities leaves organisations exposed to further attacks.
The evolving role of identity in cybersecurity reflects a broader shift in how organisations approach digital risk. What was once a matter of access control has become central to trust, resilience and operational continuity in an increasingly automated world.
