NewsNewsletterGuidesAnalysisExplainersAbout Us

AI Agents Are Fueling Identity Attacks and Ransomware, Sophos Warns

News
by Robin Heester
Thursday, 14 May 2026 at 20:30
AI-agents vergroten risico op identiteitsaanvallen en ransomware (2)
Cybersecurity firm Sophos reports that 71 percent of organizations fell victim to at least one identity-related security incident in the past year. Its new State of Identity Security 2026 report points to human error and poor digital identity management as core drivers, while the rise of so-called agentic AI is amplifying the risks. Sophos shared the findings in a press release to the newsroom.
The study, based on a survey of 5,000 IT and cybersecurity managers across 17 countries, shows identity compromise has become one of the top attack vectors for ransomware and data theft. Sophos says AI systems are increasingly creating new digital accounts, access rights, and sub-agents on their own, causing organizations to lose visibility.

AI agents are opening fresh security gaps

The standout theme of the report is the role of agentic AI—systems that can execute tasks, make decisions, and orchestrate other software agents without constant human oversight.
According to Sophos, this fuels a fast-growing problem around Non-Human Identities (NHIs): digital identities such as API keys, service accounts, machine accounts, and AI agents that gain access to systems and data.
The security firm warns that AI agents are spinning up new permissions faster than security teams can review them, creating extra entry points for attackers.
Ross McKerchar, Chief Information Security Officer at Sophos, now calls identity “the most important attack surface in modern cybersecurity.” He says organizations can’t keep up with the speed at which AI systems generate new digital identities.

Ransomware now closely tied to identity compromise

Identity breaches aren’t just hypothetical. Two-thirds of ransomware victims in the study said their attack started with a compromised identity or stolen credentials.
The financial hit is significant:
  • Average recovery costs reached $1.64 million
  • 73 percent of affected organizations reported costs above $250,000
  • Weak non-human identity management correlated with higher rates of financial theft
  • Poor NHI management added an average of $150,000 in extra recovery costs
Human error remains the top cause of incidents, Sophos notes. In nearly 43 percent of cases, employees were tricked into handing over credentials. At the same time, weak non-human identity management was cited in 41 percent of attacks.

Why AI is accelerating the threat

The rise of generative AI and autonomous software agents is pushing organizations to spin up new digital infrastructure at speed. Modern AI tools interact via APIs, cloud platforms, and automated workflows—constantly generating new access tokens and machine identities.
That makes defense more complex.
Where traditional security focused on human users, the center of gravity is shifting to millions of machine accounts and AI-driven processes that talk to systems on their own. Existing identity frameworks, Sophos argues, weren’t built for this scale or speed.
AI agents can also trigger chain reactions. A single agent can automatically create sub-agents, each with fresh permissions and credentials. Without tight governance, this sprawl becomes a hard-to-control web of digital identities.

Critical infrastructure is especially exposed

Vital sectors are being hit hardest, the research shows. Energy, oil and gas, and utilities reported the highest rates of identity breaches, followed by government entities.
Many organizations also lack visibility into suspicious logins. Only 24 percent continuously monitor for anomalous login activity. More than half check just quarterly—or less.
That blind spot grows more dangerous as AI systems act autonomously and spawn new access points faster.

Read also

Hermes Agent Beats Claude Code and OpenClaw on the Global AI LeaderboardHermes Agent Beats Claude Code and OpenClaw on the Global AI Leaderboard
Fake Microsoft Teams Calls Are Becoming a Serious Security ThreatFake Microsoft Teams Calls Are Becoming a Serious Security Threat

Sophos pushes Zero Trust and AI-aware monitoring

Sophos urges a fundamental reset of identity security and lists several measures:
  • Mandatory multi-factor authentication (MFA)
  • Least-privilege access by default
  • Removal of unused accounts
  • Inventory of all non-human identities
  • Use of secrets management platforms
  • Deployment of Identity Threat Detection and Response (ITDR)
  • Adoption of a Zero Trust security model
Analysts expect ITDR to play a larger role as AI systems gain autonomy. The technology focuses on detecting suspicious behavior around identities, accounts, and access rights.
Sophos’ findings reflect a broader shift in cybersecurity: it’s less about devices and networks, and more about identity, access control, and AI-driven automation.

byRobin Heester

AI AgentsDeepfakeCrime
loading

Popular news

What Is Prompt Injection Advanced Threats in AI Security

What Is Prompt Injection? Advanced Threats in AI Security

AI Inference Chip | AI World Today

Fractile Secures $220M to Make AI Think a Month's Work in a Day

OpenAI brengt Codex naar smartphone via ChatGPT-app

OpenAI Puts Codex in Your Pocket with the ChatGPT App

Cerebras

The Nvidia Challenger That Almost Never Listed Just Hit $95 Billion on Day One

Latest comments

    Loading