- Exabeam Report states that AI is promoting internal threats, which are now surpassing external cyber attacks
- Most companies have internal programs, but lack advanced behavior analysis necessary for early detection
- The generative agents of AI create faster and more stealthy risks than traditional defenses cannot be easily caught
The way in which organizations see the internal risk is changing, according to a new Exabamo report that states that internal threats have overcome external attacks to become the number one security concern, and is mainly due to AI.
Almost two thirds (64%) of respondents said that experts now see, whether malicious or committed, as a greater danger than external actors, and the generative AI is behind an increase in faster and more stealthy attacks that are much more difficult to detect.
“The experts are no longer just people,” warned the former AI manager and Exabeam Products Officer Steve Wilson. “They are AI agents who log in with valid credentials, supply voices of trust and make movements at machine speed. The question is not just who has access, it is if it can detect when that access is being abused.”
AI-FISHING AND SOCIAL ENGINEERING
More than half of the organizations reported an increase in internal incidents in the last year, and most expect that growth to continue.
The government, manufacturing and medical care are among the sectors that are prepared for the most clear increases, while Asia-Pacific and Japan anticipate the greatest regional increases.
The Middle East region is the atypical value here, with almost a third of organizations that expect a decrease, something that exable suggests that it could be due to stronger defenses or a substation of new risks of AI.
The phishing and social engineering improved with AI are now among the main internal tactics, capable of adapting in real time and imitating the communications of scale confidence.
The unauthorized use of the generative AI causes the challenge to face even more difficult companies, with three quarters of organizations that report an unveiled activity.
Technology, government and financial services show the highest levels of concern.
Despite the generalized adoption of AI in safety tools, internal threat programs remain a mixed bag, as Exabeam found, while 88% of organizations have such established programs, only 44% really use the user behavior analysis and the entity.
“The AI has added a layer of speed and subtlety to the internal activity that the traditional defenses were not built to detect,” said Kevin Kirkwood, Ciso, Exabeam. “Security teams are deploying AI to detect these threats in evolution, but without strong governance or clear supervision, it is a career that is struggling to win. This paradigm shift requires a fundamentally new approach for the defense of internal threats.”
Exabam’s report said that their findings “point to a clear and consistent challenge” in which “organizations are aware of internal threats, but most lack the visibility and interfunctional alignment necessary to address them effectively.”
“As IA becomes more integrated in business workflows, the appearance of AI agents add a new layer of complexity. These agents are not inherently malicious, but their ability to act independently introduces risks that traditional controls can lose.
