Agentic AI and the New Frontier of Identity Attacks

 

As enterprises strengthen their perimeter defenses, identity has become the crown jewel for attackers—and the emergence of agentic AI is changing the game. Autonomous, goal-driven AI systems can now execute multi-stage identity attacks with unprecedented speed, scale, and adaptability. From harvesting credentials and bypassing MFA to performing autonomous privilege escalation and persistence, agentic AI can operate continuously, learning from every failed attempt and dynamically adjusting tactics to evade detection. This session explores how agentic AI transforms the identity attack surface: orchestrating reconnaissance to map identity hierarchies, exploiting misconfigurations in identity providers, abusing OAuth and service accounts, and coordinating multiple AI agents to maintain access. We’ll dissect real-world-inspired scenarios that showcase AI-driven lateral movement, privilege abuse, and stealthy persistence within identity systems like Active Directory and Entra ID. You’ll leave with a set of practical strategies for defending against agentic AI threats. In the age of agentic AI, protecting identity is not just a security function—it’s the last line of defense.

October 16, 2025
See Other Session
Stories from the Field: Practical Steps to Accelerate Response and Minimize Downtime After an Active Directory Attack
Uncategorized
Stories from the Field: Practical Steps to Accelerate Response and Minimize Downtime After an Active Directory Attack

Identity’s Work Is Never Done: Applying a Product Mindset to IAM
Uncategorized
Identity’s Work Is Never Done: Applying a Product Mindset to IAM

Hybrid Identity Attacks: Why You Need a Security Assessment
Uncategorized
Hybrid Identity Attacks: Why You Need a Security Assessment

Domain Controller Firewall: Fact or Fiction?
Uncategorized
Domain Controller Firewall: Fact or Fiction?

Panel: The Hybrid Identity Games
Uncategorized
Panel: The Hybrid Identity Games

End the ESCape Clause: Combatting AD CS Vulnerabilities
Uncategorized
End the ESCape Clause: Combatting AD CS Vulnerabilities

Beyond Backups: Practical Steps to Build Operational Resilience
Active Directory security, Cyberattack recovery, Hybrid cloud security, Identity threat detection and response
Beyond Backups: Practical Steps to Build Operational Resilience

Hybrid Identity Unplugged: An AMA with Microsoft AD & Entra Experts
Uncategorized
Hybrid Identity Unplugged: An AMA with Microsoft AD & Entra Experts

From Hybrid to Full Cloud- Is It Right for You?
Uncategorized
From Hybrid to Full Cloud- Is It Right for You?

Enterprise PKI Today: Friend or Foe?
Uncategorized
Enterprise PKI Today: Friend or Foe?

Learn More