Delinea report finds 90 % of organisations pressure security teams to loosen identity controls for AI
NordVPN’ s Threat Intelligence exposes recruitment phishing campaign impersonating top global brands
CISO news
Delinea report finds 90 % of organisations pressure security teams to loosen identity controls for AI
elinea, a pioneering provider of solutions for securing human
D and machine identities through centralised authorisation, has published new research examining how rapid AI adoption is reshaping identity security risks for enterprises.
According to the report, Uncovering the Hidden Risks of the AI Race, 90 % of organisations pressure security teams
to loosen identity controls to enable AI initiatives, despite significant gaps in AI identity discovery, monitoring and privilege control. The report also reveals an AI security confidence paradox between organisations’ perceived readiness for AI and their actual capabilities to adopt it securely.
Based on a global survey of over 2,000 IT decision-makers actively using or piloting AI, the report finds organisations struggling to maintain visibility and governance as AI-driven automation rapidly expands the number of identities in enterprise environments. Nearly 90 % of respondents report at least one identity visibility gap, with the largest gap tied to machine
Art Gilliland, CEO at Delinea
and non-human identities( NHIs), including accounts used by AI agents.
“ The pressure to move fast on AI is real, but identity governance has not kept pace, which exposes enterprises to significant risk,” said Art Gilliland, CEO at Delinea.“ As AI agents multiply across enterprise environments, these identities often have the least oversight. The organisations that will succeed in the AI era will be the ones that enforce real-time, contextual access across every human, machine and Agentic AI identity.”
NordVPN’ s Threat Intelligence exposes recruitment phishing campaign impersonating top global brands
ordVPN’ s Threat Intelligence research unit reports on a
N sophisticated phishing campaign targeting job seekers by impersonating some of the world’ s most recognisable employers.
The operation exploits the names of Meta( and its subsidiaries), Disney, Coca-Cola and Spotify to steal victims’ Facebook credentials and hijack their accounts.
The investigation revealed a multi-stage operation that goes far beyond typical phishing attempts. Attackers deploy hidden‘ HUB’ domains, referral-link activation mechanisms and realistic job listing interfaces to guide victims through a carefully constructed path. The final step redirects them to a fake Facebook login page designed to capture their credentials.
“ Job seekers are uniquely vulnerable because they’ re already in a mindset of sharing personal information and following
instructions from unfamiliar contacts,” said Domininkas Virbickas, Product Director, NordVPN.“ Such campaigns take advantage of that trust using polished communications and convincing fake career portals that are nearly indistinguishable from the real thing.”
The campaign begins with a cold email, often sent through legitimate services like Google AppSheet to bypass spam filters. These messages appear polished and professional, with clean grammar and a tone that mirrors real recruitment outreach. Contact lists are likely compiled through automated scraping of platforms like LinkedIn or sourced from previous data breaches.
WWW. INTELLIGENTCISO. COM 9