Table of Contents
Editor’s Note: This is the first part of a two-part story. Read part two here.
Generative AI is rewiring identity security, accelerating both opportunities and threats as adversaries and defenders battle each other to stay ahead in the gen AI arms race. Adversarial AI techniques, including voice phishing (vishing) and deepfakes, are seeing triple-digit growth rates in the latest security research.
CrowdStrike’s 2025 Threat Hunting report reveals that vishing attacks surged by 442% from the first to the second half of 2024, marking a significant evolution in eCrime tactics. Adversaries are leveraging AI-driven social engineering and deepfake tools to bypass MFA and exploit credentials at scale. The report also found that 52% of all exploited vulnerabilities were related to initial access, most often through compromised identities, while the use of gen AI to create, impersonate, and abuse identities is a driving force behind these trends.
Machine identities now outnumber human users by 45:1 across the average enterprise, while attackers move laterally in just 51 seconds. Traditional identity and access management systems built on static rules and quarterly reviews can’t keep pace with threats moving at machine speed.
The transformation accelerated dramatically in 2024 as gen AI capabilities moved from pilots to production. Gartner predicts information security spending will reach $213 billion in 2025, even with growth revised down to 10.7%. Ongoing threat protection is expected to push spending to $323 billion in 2029. The research firm expects to see more organizations replace legacy rule-based systems with AI-powered platforms that learn, adapt, and respond autonomously.
IDC predicts robust growth in identity security. They’re forecasting the Identity and Access Management (IAM) market will double from $23.5 billion in 2024 to $47.1 billion in 2028.
Gartner’s Big Picture of IAM illustrates how identity and access management (IAM) strategies should prioritize optimal outcomes by systematically addressing user constituencies and managing access through an integrated fabric of tools, rather than focusing narrowly on individual user groups or specific tools.
Source: Gartner, IAM — Taxonomy, Domains and Tooling, 27 June 2025
Gartner’s forecast validates what security leaders are experiencing firsthand.CrowdStrike’s 2025 Global Threat Report found that 79% of detections are now malware-free, signaling that attackers simply log in with valid credentials. Meanwhile,90% of organizations experienced identity-related intrusions in the past year, with80% reporting that better identity management tools would have reduced the damage.
Cristian Rodriguez, Field CTO, Americas at CrowdStrike, added: “Attackers don’t break in anymore – they log in. That’s why we have to think about identity as the new perimeter. With generative AI, defenders finally have tools that can learn, adapt, and respond in real time. The biggest win we’re seeing isn’t just faster detection, but cutting off lateral movement before an attacker can use stolen credentials to move across cloud, endpoint, and application domains.”
Behavioral Intelligence at enterprise scale: The Cushman & Wakefield case study
Cushman & Wakefield’s results demonstrate gen AI’s practical impact on identity security. As the world’s third-largest commercial real estate services firm, the company moves billions in transactions annually across 50,000 employees in every time zone.
Traditional approaches weren’t scaling. As noted in a CrowdStrike published case study, Eric Hart, Global CISO of Cushman & Wakefield, said: “With so many employees working outside our offices, relying on a traditional security stack was never going to be sustainable. “We needed real-time identity protection that could seamlessly integrate into our broader security strategy.”
“In security, there isn’t always a cookie-cutter, one-size-fits-all solution,” explained Hart. “You have to have that same level of protection whether you’re in an office, a hotel, an airport, or working at home.”
Cushman and Wakefield relies on zero trust as a core component of their identity security strategy. Their goals included providing just-in-time privileged access while ensuring security for the full identity attack chain. After a thorough evaluation, they chose CrowdStrike’s Falcon Next-Gen Identity Security.
Image credit: CrowdStrike
The platform uses gen AI to create behavioral baselines for every identity across the infrastructure, regardless if they are human, machine, or AI agents. It monitors over 175 SaaS applications simultaneously, assigns dynamic risk scores, and takes real-time actions when anomalies arise.
Cushman and Wakefield’s service accounts that typically access ten resources but suddenly touch hundreds trigger immediate automated remediation. The system modifies group memberships, enforces step-up authentication, or revokes access entirely, all within seconds of detecting the anomaly.
“With the expansion of different services and offerings, things that they’ve gone into with cloud and data protection, CrowdStrike was the natural fit,” Hart notes. “It’s only further helped us, because implementing a number of those things is as easy as turning it on.”
Rodriguez explained: “The real power of next-gen identity security is unifying everything in one place. You can’t treat human identities, machine accounts, and AI agents as separate problems. They’re all attack paths. The organizations that win are the ones building a single layer of visibility and control across every identity, no matter where it lives.”
Large Language Models are revolutionizing identity governance
Traditional identity governance and vulnerability assessment systems struggle to match today’s rapidly evolving cyber threats. Mike Riemer, Ivanti’s Field CISO, underscores the challenge: “Traditional CVSS scores are nearly worthless for prioritization. Our AI identified that 73% of actively exploited vulnerabilities were rated ‘Important’ rather than ‘Critical.’ ” Ivanti’s Vulnerability Risk Rating (VRR) harnesses real-time threat intelligence and asset-criticality analysis, enabling organizations to patch critical vulnerabilities 85% faster.
Ivanti isn’t alone. CrowdStrike leverages gen AI within its Falcon platform for real-time detection of credential misuse, while SentinelOne integrates AI-driven context prioritization into its Singularity XDR solution. Tenable employs AI analytics to assess vulnerability exposure beyond conventional ratings dynamically. In identity governance, SailPoint utilizes large language models to automate permission reviews, reducing high-risk access combinations by over 70%. ForgeRock applies LLM-driven anomaly detection to identify hidden identity risks proactively. CyberArk integrates generative AI into privileged access management, minimizing privilege creep, while Okta strengthens zero-trust frameworks with adaptive identity-based policies powered by LLM analysis. Additionally, Palo Alto Networks incorporates AI-driven identity correlation in its Cortex XDR suite, and Microsoft Entra ID uses gen AI to enhance identity threat protection and adaptive access management dynamically.
Reputation is taking this further. “We are moving toward an identity-embedding framework where role-based permissions and behavioral baselines are encoded directly into model reasoning, not just enforced in admin dashboards,” Carter Rees, vice president, Artificial Intelligence at Reputation, told VentureBeat in a recent interview.
“This makes identity context a first-class input to the LLM itself. That shift matters for industries like healthcare, where PHI and PII require stronger trust signals. Research from Google on USER-LLM shows how user embeddings can be cross-attended during inference to ground outputs in identity. We see this as the next step beyond traditional IAM augmentation and a way to build lasting trust in AI security,” Rees explained.
VentureBeat asked Rees about the implications of identity security and LLMs. “Embedding identity into LLM reasoning is powerful. It also creates new risks. User embeddings are sensitive identity artifacts. They can expose PHI or PII through inversion attacks or bias if not controlled. Security leaders must treat embeddings like credentials. They must be encrypted, monitored, and governed under HIPAA and GDPR,” Rees said. “Research shows embedding inversion can reconstruct private data from vectors, proving they need the same protection as other identity assets,” he advised
These generative AI advancements collectively shift identity governance and vulnerability management from reactive approaches to proactive, real-time security resilience.
The vendor landscape: leaders and capabilities
Security leaders evaluating identity security vendors face a rapidly evolving market shaped by gen AI delivering measurable, mission-critical results. VentureBeat is seeing CrowdStrike Charlotte AI sharply reduce analyst workloads by integrating natural language threat hunting directly into endpoint and identity telemetry. Charlotte AI references interviewed can quantify the speed gains. Ivanti Neurons provides a practical model for AI-driven patching, using Ring Deployment to manage updates proactively and avoid costly downtime.
Microsoft Security Copilot continues to evolve, providing end-to-end AI-powered defense through Azure, Defender, and Sentinel, automating incident response and threat forecasting. Okta Adaptive MFA behavioral profiling blocks credential-based attacks even when MFA is compromised, while ForgeRock Autonomous Identity continuously eliminates stale permissions.
Additional vendors moving decisively include Ping Identity DaVinci for AI-driven orchestration, SailPoint IdentityAI automating privilege hygiene, SentinelOne Singularity XDR integrating proactive identity threat detection, Abnormal Security’s behavioral AI identifying compromised accounts, and Arctic Wolf’s gen AI-powered managed detection capabilities. CISOs have no shortage of options, but must select vendors capable of translating AI innovation into quantifiable operational advantage today.
Measuring real ROI: Where gen AI delivers value
Ongoing VentureBeat analysis confirms that gen AI delivers measurable identity security ROI in four key areas CISOs need to prioritize. Data from enterprise deployments reveals precisely where gen AI drives significant operational improvements and cost savings.
Investigation times drop 85 to 92 percent. Manual log correlation is notoriously inefficient and costly. Gen AI significantly shortens security investigations, transforming hours into minutes. At Land O’Lakes, what previously took eight hours now averages just 38 minutes, a 92 percent improvement. Forrester’s Total Economic Impact study independently confirms similar results, documenting an average 310 percent ROI and payback within six months.
Excessive privileges were reduced by up to 95 percent. Privilege creep creates significant vulnerabilities. GenAI-driven identity governance platforms like SailPoint IdentityAI and ForgeRock Autonomous Identity continuously identify and automatically remediate unused or excessive permissions. Leading enterprises, including Capital One and Fidelity Investments, achieved 75 to 95 percent reductions in standing privileges within six months, significantly shrinking their attack surfaces.
Mean-Time-to-Detect (MTTD) reduced from hours to seconds. Rapid detection is critical during breaches. IBM’s 2024 Cost of a Data Breach Report found enterprises using AI-driven security automation reduced breach lifecycles by an average of 108 days, saving approximately $2.22 million per incident. Gen AI’s speed and accuracy in threat detection enable organizations to limit damage rather than reactively manage incidents proactively.
False positives decline by more than 90 percent. Legacy SIEM solutions overwhelm analysts with low-quality alerts. GenAI-enhanced security platforms like Cisco SecureX and CrowdStrike Falcon cut false positives by over 90 percent. Security teams benefit by focusing exclusively on high-confidence, actionable alerts, significantly improving operational effectiveness.
The data is clear and compelling. Gen AI isn’t a speculative investment; it’s already transforming identity governance and threat management into measurable strategic advantages that CISOs need to embrace now.
