CyberArk has released its 2025 Identity Security Threat Landscape Report revealing AI as a triple threat: A weapon, a shield and a risk.

The global study examines how security leaders are navigating evolving identity security challenges.

The report issues findings from UK cybersecurity decision makers, revealing the complex challenges they face as they navigate the “AI Trifecta” – AI as an attacker, defender and a critical system that itself requires protection.

The CyberArk 2025 Identity Security Threat Landscape Report was conducted across private and public sector organisations with over 500 employees.

The analysis was conducted by market researchers Vanson Bourne amongst 2,600 cybersecurity decision-makers.

Respondents were based all across the world however this press release represents the UK cut of the data.

Cyber-criminals harnessing AI

Phishing is still the leading cause of identity breaches and AI is reportedly making it worse.

According to the report, cyber-criminals are now even more empowered to create tailored and highly convincing video, voice and text-based communications that deceive even the most vigilant users.

CyberArk’s study found that this form of deception is opening the doors to credential theft and system exploitation:

• Almost seven out of ten (66%) UK organisations were hit by successful phishing attacks last year (including AI-driven deepfake scams)
• More one in three (35%) of these fell victim more than once

AI: A threat or a tool?

AI is said to transform how security teams fight back.

According to CyberArk, AI’s ability to continually analyse threats and respond within seconds, sort through huge swatches of data and automate routine tasks is already helping human analysts step back and focus on strategic decisions.

The report found that:

• A staggering 87% of UK organisations are using AI and Large Language Models (LLMs) as part of their organisation’s identity security strategy
• 59% use AI for advanced identity verification
• 49% believe AI and Large Language model (LLM) adoption will be the top driver of their cybersecurity spend this year

Combatting AI with AI

In CyberArk’s report they found that security leaders are already ‘walking the tightrope’ of combatting AI with AI and yet security leaders are also trying to keep up with their rapidly growing AI footprint.

CyberArk has found that 72% of employees regularly use AI tools on the job, with machine identities vastly outnumbering its human employees, leading to 61% of AI tools that are utilised within said businesses having access to sensitive information.

The analysis revealed that for every one human in a UK organisation there are 100 machine identities and yet 59% of organisations lack identity security controls for these technologies

AI control: Slipping through the fingers of organisations

Even more shockingly, according to the report, AI adoption – outside the purview of IT and security teams – is also spinning out of control:

• While 75% of decision makers have effective oversight and control over all the AI tools that employees use, there are evident knowledge gaps – as 36% of respondents report using AI tools that are not fully approved or managed by IT
• 45% also admit their organisation can not secure and manage all of the “shadow AI” tools that are in use

AI developing human-like capabilities

Autonomous machine identities with human-like reasoning capabilities – are also an emerging challenge according to CyberArk.

With 61% of UK organisations agreeing that the manipulation of AI agent behaviour by unauthorised access is the top challenges they face with adoption.

Evolving strategies to defend against developing attacks

David Higgins, Director, Field Technology Office, CyberArk said: “Security teams are being pulled in all directions when it comes to secure against AI threats – both internally and externally – while continuing to use these tools to strengthen defences.

“Easing that strain is critical to preventing major cyber incidents. AI integration isn’t a race – it’s a security challenge.

“Private and public sector organisations must prioritise identity security for the UK to realise its AI leadership ambitions.

“Attackers are already using AI on a broad scale and security leaders need to evolve their strategies to defend against a growing, AI-driven attack surface – whether AI is used for innovation or defence.”