In my years as a cybersecurity CEO, I have seen many threats evolve, but nothing compares to the dangers emerging now. Organizations face a new type of adversary—digital warlords—artificial intelligence-driven adversaries who are fundamentally redesigning identity vulnerabilities in the enterprise. These people are not bad in the traditional sense; They are experienced operators who use artificial intelligence to expand their cybercriminal activities from individual attacks to systemic digital warfare activities.
Understanding the identity security crisis
Before we dive in, let’s first understand what’s at stake. Service accounts—the automated, non-human identities that keep digital infrastructure running—have become a preferred entry point for sophisticated attackers. These accounts run silently in the background, often with elevated permissions and minimal oversight, making them perfect targets for exploitation.
AI amplification effect
Let me get this straight: AI has transformed identity-based cybercrime attacks from targeted individual campaigns to scalable system operations that can bring down entire organizations without the right tools and identity security teams. This is not fear mongering; This is a strategic wake-up call about widespread identity vulnerabilities.
The intersection of artificial intelligence and identity vulnerabilities creates a perfect storm. Artificial intelligence enables attackers to:
- Automatically discover and exploit forgotten credentials
- Conduct scaled attacks across multiple systems simultaneously
- Deploy sophisticated social engineering tactics
- Operate at machine speeds, outperforming human defenders
Take the recent Wiz CEO incident, an attack that perfectly illustrates this new landscape of identity vulnerabilities. The attackers used artificial intelligence to accurately replicate the executive’s voice, thereby bypassing traditional security measures and authorizing fraudulent transmissions. This isn’t just a sophisticated hack; it’s a glimpse into a new era of identity infiltration, where the lines between the real and the artificial become dangerously blurred.
AI Agents: Non-Human Security Assistants
While digital warlords are weaponizing AI to scale their attacks, organizations are deploying their own AI-driven solutions to strengthen their security postures. Considered a non-human identity, these helpful AI agents never tire of continuously monitoring potential identity breaches, investigating suspicious behavior, and speeding up security professionals’ response times to security threats.
To be clear, AI agents cannot replace a strong security team. Rather, they are an elite tool in an organization’s arsenal against cyber adversaries. These agents can process large volumes of alerts, identify complex attack patterns and predict potential identity vulnerabilities before they are exploited. The truly elite thing about this tool is its ability to learn and adapt. When AI agents defend an organization’s network, they establish a baseline of normal behavior, enabling them to decisively spot anomalies.
For overwhelmed security teams, AI agents can serve as reliable assistants that can provide immediate help. Shift the identity security battle from reactive combat to proactive defense, dramatically reducing response times and human error and allowing organizations to scale identities efficiently and effectively.
Hidden Identity Ecosystem
The threat landscape has fundamentally changed. Ten years ago, cybersecurity was primarily focused on protecting human users and their credentials. Machine identities are exploding in infrastructure today. A recent assessment revealed a shocking reality: For every human user in an organization, 40 interconnected non-human identities are running in the background. The explosion of machine identities creates unprecedented challenges because these machine identities often exist across an organization’s various environments, and tracking them can become a headache without the right tools.
Statistics on enterprise vulnerability assessments tell a sobering story:
- 465% increase in number of service accounts discovered across cloud and on-premises environments
- 55% of identity accounts were found dormant or forgotten
- 255 service account passwords have not been changed in more than 12 years
Imagine there’s a ticking time bomb hidden within your organization’s digital infrastructure: a service account created years ago, forgotten by employees long gone, but still holds the keys to your most critical systems. These dormant identities are the perfect hunting ground for what I call “digital warlords”—cybercriminals who have transformed from talented bad guys into strategic predators, weaponizing artificial intelligence to expand their reach and precision. As they lurk within corporate networks, any credentials they gain in the system can help them extend their attack beyond the initial breach.
regulatory transformation
The regulatory environment is evolving rapidly to address these emerging threats. We are witnessing a fundamental shift in the way authorities and governments view digital identity. Security frameworks that once viewed human and machine identities as separate entities are being redesigned to reflect the interconnected reality of modern IT infrastructure.
The traditional separation between human and machine identities is collapsing. Regulators are starting to realize what we at Anetac have been saying: tokens, service accounts and APIs are no longer peripheral, but core to an organization’s identity ecosystem. The shift is similar to the evolution of car safety – seat belts have been around since the 1950s but became mandatory much later.
Strategic threats beyond traditional boundaries
Nation-state actors are taking notice. Top security agencies including CISA, the NSA and the FBI have warned of growing risks to critical infrastructure. Recently, CISA directed federal agencies to secure their cloud environments. These are not just theoretical threats, they are strategic attempts to disrupt health care systems, supply chain operations, financial services infrastructure and other aspects of civilian life.
The battleground has shifted into what security experts call the “grey zone” — a murky realm between peace and war, where nation-states deploy digital warlords as their cyber mercenaries. These actors exploit forgotten service accounts and dormant machine identities to wage war that will never trigger a traditional military response. This is a new kind of conflict where weapons are credentials, soldiers are AI-driven algorithms, and casualties are the critical systems that power our daily lives. The evidence is clear: Microsoft has reported a sharp increase in cyberattacks targeting critical infrastructure in the past. This dramatic surge reflects a new reality in which forgotten service accounts and dormant machine identities become the weapons of choice for state-sponsored actors.
What is truly dangerous about these digital warlords is their ability to operate at unprecedented scale and speed. Malicious actors can now activate dormant accounts at 1 a.m., execute privileged commands, and disappear by 1:01 a.m., all without triggering traditional security alerts.
Cyber defense investment landscape
The cybersecurity investment landscape has changed. Venture capitalists position their investments to demonstrate:
- Precise AI model-driven use cases
- Dynamic Visibility Strategy
- Real-time anomaly detection
- Predictive threat intelligence
My advice is straightforward: Penetration testing teams must prioritize identity vulnerability assessments that comprehensively map cloud and on-premises identity environments.
Start with a thorough assessment of identity-based vulnerabilities. Deeply integrate security into your identity management strategy. Develop a governance framework that provides unprecedented visibility into every authentication entity.
The alternative carries not only the risk of a data breach, but also the risk of the organization’s demise due to unchecked identity breaches.
This is the age of digital warlords. They are just beginning to expand their attacks on your most invisible asset: your machine’s identity.
