Cybercriminals are no longer just guessing passwords; they’re mimicking CEOs, cracking login credentials with machine learning, and flooding inboxes with synthetic spear-phishing emails. A new report from Frontegg reveals that artificial intelligence is not just shaping the cybersecurity landscape, it’s inventing entirely new forms of attack, and IT teams are struggling to keep pace.
New Threats, New Pressures
AI-driven cyberattacks are evolving faster than most teams can react. According to Frontegg’s May 2025 survey of over 1000 IT professionals, 61% have faced threats that didn’t even exiist two years ago. In the last year alone, 35% reported an overall rise in cyberattacks, with 51% attributing that increase specifically to AI-powered activity.
What’s more, one in five IT professionals encountered more than 10 AI-driven attacks over the past 12 months. Almost half (49%) said their organizations had received AI-assisted phishing emails during that period.
Despite increased attacks, 66% of IT teams admitted they spend zero time each month updating internal security protocols to account for new AI threats. Even worse, only a third of respondents have developed red-team simulations to test systems against AI-enhanced attack methods.
Authentication Under Siege
Frontegg’s findings show that authentication systems are fast becoming the weakest link in enterprise security. Over half (51%) of respondents said their current login systems could not withstand an AI-powered attack. More encouragingly, 53% have already made changes to their authentication systems in response.
“Deepfakes and voice clones are now so convincing, your CEO could ‘approve’ a wire transfer on a fake Zoom call. If your authentication system still relies on passwords, you’re likely beginning to fall behind,” said Aviad Mizrachi, CTO of Frontegg. “This isn’t a theoretical risk, either. Our survey revealed that 34% of IT professionals had encountered phishing emails using their CEO’s likeness. With synthetic media rapidly evolving, legacy login systems simply can’t keep up.”
IT teams also view passwords, long the foundation of digital identity, as a security liability. 51% of respondents named passwords as the weakest part of their AI defense stack, while 44% are exploring passwordless alternatives like biometrics, hardware tokens, or identity-bound cryptography.
That said, many teams face barriers to adopting stronger authentication: 34% cited complexity, 27% pointed to budget constraints, and 19% reported internal resistance. As a result, only 32% of organizations have fully implemented passwordless authentication to date.
Governments, Banks, and Healthcare Under Fire
AI-driven threats are hitting critical sectors the hardest. The Frontegg report found that the highest attack increases occurred in government (52%), financial services (48%), and healthcare (45%). These industries are both data-rich and often constrained by legacy systems, making them prime targets for sophisticated impersonation and credential attacks.
Rethinking the Security Stack
Many IT leaders believe it’s time to rethink foundational security frameworks. Half of respondents said AI-powered threats deserve their own dedicated category in risk models and incident response planning.
Looking ahead, 41% of IT teams plan to overhaul password policies in the next 12 months, while others are prioritizing:
- Multi-factor authentication (32%)
- CAPTCHA/bot detection upgrades (26%)
- Identity verification enhancements (21%)
- Biometric authentication (19%)
- Revisiting SMS-based authentication (19%)
Still, a significant number remain unsure of where to begin. When asked how much of their authentication stack they’ve reevaluated in response to AI threats, 13% said none at all, while another 22% were unsure.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.