At a time when artificial intelligence (AI) is reshaping cybersecurity, conventional approaches to passwords and endpoint management are increasingly vulnerable. AI-powered threats are rapidly evolving, leveraging automation and deep learning to crack passwords, slip past authentication measures, and exploit weaknesses in endpoints at an unrivaled scale.
Entities that once relied on static credentials and perimeter-based security now face a landscape where adaptive, AI-driven attacks demand equally intelligent defenses. As endpoint ecosystems expand—with remote work, cloud services, and IoT devices—attack surfaces grow, making it critical for businesses to rethink how they manage access and secure endpoints in real-time.
To understand how firms can stay on top of emerging risks, we chatted with industry experts about the intersection of AI, passwords, and endpoint security. They shared their views on the future of endpoint management, highlighting how AI is both a challenge and a solution in the war against cybercrime.
This feature will look at the key trends shaping endpoint security in an AI-driven world and provides actionable strategies to strengthen defenses against evolving cyber risks.
Enabling Automated Threat Detection
Chloé Messdaghi, Founder of SustainCyber, says AI and machine learning (ML) are starting to transform security, enabling automated threat detection, predictive analytics, and AI-driven remediation. Endpoints can now detect and respond to anomalies in real-time, minimizing the need for manual intervention. Zero-trust architectures will only get stronger, enforcing continuous authentication and stricter access controls.
“But let’s be clear—AI isn’t a magic fix. Human oversight is still crucial to catch edge cases, adversarial attacks, and AI biases that could create security gaps. “
Chloé Messdaghi
Quickly, Efficiently Analyzing Baseline Behaviors
Ross Moore, an Information Security Researcher, agrees that AI and ML can more quickly and more efficiently analyze baseline behaviors of endpoints to pinpoint deviations that might indicate potential threats, detect unknown threats through subtle patterns that traditional systems might miss, including zero-day exploits, and enable proactive identification of threats across endpoints without waiting for alerts.
“These factors will greatly improve behavior analysis, anomaly detection, and threat hunting,” he says. “Advancements in predictive models can analyze trends to foresee potential attack vectors or targets within the environment, and AI algorithms can assess the likelihood of a device being compromised based on its configuration and behavior. These aspects of predictive analytics, along with integrating threat intelligence feeds, can provide superior, actionable insights.”
Moore adds that for incident response, AI systems can prioritize alerts and suggest remediation steps based on threat severity and endpoint context. “This is an improvement over any manual incident response, which can be especially useful in high-risk contexts where numerous attacks can occur simultaneously, resulting in overwhelming personnel.”
A good goal would be lighter agents on endpoints, Moore adds. “Despite years of technological advancement, many solutions still draw heavily on endpoint resources. While many endpoints might not be affected because they primarily perform daily tasks such as checking email, browsing the web, and performing word processing and spreadsheet calculations, many other endpoints – web servers and development workstations – can be negatively impacted because they require much greater computing resources. Advanced algorithms would be enormously beneficial.
Inroads with SIEM and SOAR
“AI and ML have a great chance in 2025 to make good inroads with security information and event management (SIEM) and security orchestration, automation and response (SOAR), Moore says. “There are certainly questions in the wild about the viability of this-or-that SIEM and SOAR technology, but a technology by any other name is still a required function. The ability to collect, analyze, and correlate security data from across an organization to detect and alert on potential threats, and then streamline and automate seconds to enable faster and more efficient threat response through workflows and playbooks – that’s a much-needed capability.”
Ian Thornton-Trump, CISO Inversion 6 , agrees that AI and ML solutions are adding considerable value in rapidly identifying early stages of compromise. “All the effort spent in creating and categorizing threat actor activity using MITRE ATT&CK to describe the activity is ideal training data for AI/ML models. It’s too early to determine if this practical application of technology is having a profound impact (or not). What we can see is cyber attackers increasingly targeting edge and IoT appliances to gain footholds in organizations combined with leveraging social engineering attacks for initial access by targeting privileged user accounts.”
A Move Towards Continuous Authentication
“I see three major shifts happening in endpoint management as AI becomes more prevalent,” adds Christian Toon, Founder & Chief Security Strategist at Alvearium Associates . “First, we’re moving towards continuous authentication models where AI constantly evaluates user behavior patterns, device health, and environmental factors to make real-time access decisions – essentially moving beyond the traditional ‘authenticate once’ model to a constant state of authentication. Secondly, AI is enabling predictive endpoint protection, where systems can anticipate potential vulnerabilities or compromises before they occur.”
For instance, Toon says that in a previous CISO role, he implemented behavioral analytics that could identify unusual endpoint activity patterns indicative of potential compromise before traditional security tools detect them. “Although the bigger challenge here is Data Protection – but that’s one for another time. Finally, I believe we’ll see AI driving autonomous endpoint remediation, where systems can automatically quarantine and heal compromised endpoints without human intervention. However, this needs to be balanced with humans ‘in the loop’ to prevent AI from making potentially disruptive false-positive decisions.”
Everybody Gets Better Technology
When asked now anew AI-powered threats are exploiting traditional password vulnerabilities, Moore says as defenders get better technology, threat actors get better technology – everybody gets better technology.
“Crimes and attempts at crime only get faster and slicker with newer technology.”
Ross Moore
With AI-driven speed, credential stuffing can be performed at scale – more efficiently, with a greater number of attacks, larger username/password lists, and the ability to pivot based on login feedback. This will be used more and more, Moore adds. “Password Cracking with AI will be much more efficient. AI models trained on leaked password datasets predict and generate passwords mimicking human tendencies. Along with that is pattern recognition, where AI can identify and exploit patterns in password creation, such as keyboard paths like “qwerty” or predictable substitutions like P@ssw0rd.”
AI creates convincing deepfake voice or video messages to trick users into divulging passwords, Moore adds. With a little time and not at great expense, a deepfake of anything can be created. Moreover, Natural Language Processing (NLP) enables malicious actors to craft highly personalized phishing emails, increasing the likelihood of password theft.
“An example of improved social engineering is initial access broker TA571. They use a social engineering technique where dialog boxes containing fake error messages trick people into copying and pasting “fix” codes into a Run command, thereby personally and purposely running malicious code, potentially bypassing every typical protection on a machine. Also, any traditional methods – keyloggers, behavioral analytics exploits, data harvesting, password spraying, password security misconfigurations…just to name a few – will have AI and ML applied to them.”
Countering AI/ML-Powered Threats – Ross Moore
Countering these AI/ML-powered threats takes AI/ML-powered defenses, along with human-powered tactics:
- Adopt Passwordless Authentication: Use biometrics, hardware tokens, or FIDO2 standards to eliminate reliance on passwords.
- Implement Stronger MFA: Use phishing-resistant MFA methods like app-based or biometric authentication.
- Educate Users: Train employees and users to recognize phishing attempts and practice good password hygiene.
- Leverage AI for Defense: Deploy AI-driven security solutions to detect and mitigate real-time attacks.
Passwords Aren’t Cutting It
Messdaghi adds that passwords alone aren’t cutting it anymore. “Attackers can use AI to crack weak passwords instantly, bypass MFA with deepfake phishing, and launch adaptive credential stuffing attacks based on leaked data. AI-powered context-aware social engineering makes phishing attempts more convincing and harder to detect. If an organization is still relying solely on passwords, it’s just a matter of time before they get compromised.”
Bypassing or Breaking CAPTCHA
When used in massive brute forcing campaigns that target exposed appliances and IoT devices, AI may be used to conduct analysis on the most likely password based on successful access and analysis of existing data sets to identify password reuse or devices with common passwords, explains Thornton-Trump. “Certainly, AI/ML is not needed to determine the default passwords on so many devices, but that password is likely to be attempted first. In talking to some folks in the password-breaking community, AI/ML has not directly impacted the traditional brute force approach or “hashing.” However, the hardware and computational power used for AI/ML has enabled the use, manipulation, and analysis of massive data sets and high-performance generating incredible hashing speeds.”
In another indirect, AI/ML impact on attacking passwords, the ability of AI/ML to construct scripts leveraging large data sets of passwords has reduced the need for advanced programming skills, Thornton-Trump adds. “ Finally, in a more direct application, AI/ML can be leveraged to conduct brute force campaigns in an unpredictable fashion, bypassing or breaking CAPTCHA defenses and presenting a “human-like” interaction with targeted websites, even going so far as to impersonate different browsers, and machine characteristics – making the identification of the brute force attempts far more “stealthy” and difficult to detect.”
Adapting in Real-time to Bypass Defenses
Large language models (LLMs) are another tool being used by bad actors to generate highly sophisticated phishing campaigns that are increasingly difficult to detect, adds Toon. “They’re contextually aware and can mimic legitimate communication patterns with unprecedented accuracy, even responding in real-time. AI is accelerating credential stuffing attacks by learning from successful breaches and adapting in real-time to bypass traditional defenses.”
Toon says there are AI systems that can intelligently mutate common passwords based on known user behavior patterns, making traditional password policies increasingly vulnerable. Most concerningly, AI is being used to analyze vast datasets of breached passwords to identify patterns in how users modify passwords to meet security requirements. This means attackers can now generate highly targeted password guess lists that account for specific organization’s password policies. Haven’t seen this in the wild, but it’s been discussed heavily in our networks.
Giving the Right People the Right Guidance
Speaking of the strategies that organizations should adopt to improve endpoint and password security, Moore says that when combined with traditional security controls – such as antimalware, least privilege, and identity and access management (IAM) – as part of an in-depth security approach, improved EDR provides excellent fortification against endpoint and password threats.
“Research into three of the top main overall information security threats – phishing, ransomware, and denial-of-service – as they apply to one’s organization, and proceeding according to one’s findings, will provide plenty of insight into how a business can best protect its assets,” Moore adds. “Each place where people have data to protect is different. It’s a puzzle that has to be solved, but a cornerstone of the solution is giving the right people the right guidance to solve it. With the right organizational-specific strategies in place, there’s no reason an organization can’t be ready to defend against and respond to threats.”
Zero Trust With Continuous, Adaptive Authentication
Based on Toon’s experience implementing security strategies with clients, I would recommend the following three steps: Organizations need to move beyond traditional password-based authentication towards a zero-trust architecture with continuous adaptive authentication. “Organizations should implement AI-powered endpoint detection and response (EDR) solutions that can learn from and adapt to new threats in real time. However, it’s crucial to maintain human oversight of these systems to prevent automated responses from causing business disruption – something I learned firsthand when implementing similar systems as CISO in a previous organization.”
Toon also says that ensuring the focus on human behavior is key. “Technical controls alone aren’t enough. Implementing a security awareness program that can use AI to deliver personalized training based on individual user behavior patterns and risk profiles. Most importantly, all these strategies need to be underpinned by strong governance and regular testing.”
“I would always advocate for regular red team exercises that specifically target AI-based security controls to ensure they’re performing as expected.”
Christian Toon
Messdaghi agrees that zero trust isn’t optional. “It’s essential. Every user and device needs continuous verification rather than implicit trust. AI-driven anomaly detection can help identify and mitigate suspicious login behaviors before they escalate. Strengthening MFA with phishing-resistant methods like hardware tokens or FIDO2 authentication is critical to stopping AI-powered attacks that can bypass weaker methods like SMS authentication. Ongoing employee training on AI-enhanced phishing tactics is just as important—humans are still the last line of defense. Security isn’t just about stronger passwords anymore—it takes a layered, adaptive approach to stay ahead of the evolving threat landscape.”
The Achilles Heel
“Passwords or “Creds” as they are referred to in the underground community remain the Achilles heel of many organizations, and clearly the security of “creds” tops the list of initial vectors of attacks,” says Thornton-Trump.
“A multi-layer approach is required, and the first “layer” is an instance of mandatory multi-factor password defenses.”
Thornton-Trump
“Increasingly, social engineering attacks target human weakness ambiguous policies and leverage the human desire to “help someone in need.” There are limited ways to defend against these attacks – awareness and rigorous standard operating procedures to verify identity before any account changes such as “adding a new phone” to an account to receive One Time Passwords (OTPs). The consequences of a successful social engineering attack, which yields valid credentials for an administrative account, can lead to the uninstalling of security defenses and the deletion of backups.
Thornton-Trump adds that changes for privileged user accounts must be rigorously scrutinized and verified out-of-band. “Finally, many organizations are considering abandoning passwords altogether, and as they embark on a digital transformation journey and embrace a “cloud first SaaS” philosophy, choosing to implement biometrics, certificate authentication for machines, human and non-human identity, and micro-segmentation solutions. Certainly having “no passwords” does eliminate the credential avenue of attack, but it’s likely cybercriminals will find a different avenue of attack through the software supply chain or an exposed vulnerability.”
Defenders can never become complacent, as cybercriminals will likely consistently innovate, Thornton-Trump ends.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.