Executives Identify AI Identity Threats as Major Concern, Yet 97% Feel Unprepared
In a revealing study by The Identity Underground, a significant disconnect has emerged between executives’ acknowledgment of AI-driven identity threats and their actual preparedness to mitigate these risks. The 2026 Annual Pulse report, published on January 20, 2026, highlights that while 54% of executives regard AI-enhanced identity risks as their primary concern for the upcoming year, only a mere 3% of organizations feel “very prepared” to handle these AI-related identity attacks.
Based on a comprehensive survey conducted with over 150 members from The Identity Underground, which serves as an exclusive community for identity and access management (IAM) professionals, the findings underscore a critical transformation in the identity security landscape. Notably, the study points out that modern identity security is evolving beyond mere access management; it is becoming an essential real-time control mechanism within enterprises.
As organizations initiate efforts to modernize their identity security frameworks for managing AI threats, they encounter challenges, particularly due to legacy systems. About 82% of surveyed companies acknowledge that outdated infrastructure poses active risks to their identity security. The report emphasizes that 61% of practitioners identify NTLM authentication as a significant vulnerability, while 43% frequently face common cyberattacks like credential stuffing and password spraying.
The report illuminates the tension between executives, who are focused on capitalizing on AI technologies, and practitioners, who grapple with immediate security threats. Recognizing the constraints of legacy systems, 68% of executives express confidence in their ability to detect identity-based attacks, yet only 8% believe that real-time detection combined with automated response contributes to their confidence.
Emerging challenges, such as the proliferation of non-human identities—service accounts, API keys, and automated processes—further complicate traditional governance models. Notably, 37% of organizations report managing over 21 third-party vendors with access to their systems, amplifying the risk landscape.
In response to these challenges, many organizations are investing in unified identity security platforms. Over half are moving towards integrated solutions to enhance visibility and control, while 55% are focusing on implementing SIEM platforms with identity analytics to improve their detection capabilities.
Overall, while significant hurdles remain, the report reflects an industry striving for better alignment between security practices and the demands posed by evolving AI threats. Organizations that take proactive measures to consolidate their identity security strategies and minimize friction in security processes are more likely to thrive in an increasingly complex threat environment.
