AI innovation meets a familiar identity security reality

Opinion
By published

AI innovation amplifies existing identity security vulnerabilities requiring disciplined controls

A close up of a person's eyes and face. They are wearing glasses and in one eye there's. a reflection of a digital brain
(Image credit: Getty Images)

Every major AI breakthrough arrives with the same question: does this change the rules?

Claude Mythos Preview – and Anthropic's assertion that it can outperform humans in certain hacking and cyber defense tasks – has predictably reignited debate among regulators, financial institutions and enterprise cybersecurity leaders about systemic risk to digital infrastructure.

At the same time, Anthropic has positioned Mythos as a defender-first capability, highlighting its role in identifying and helping remediate vulnerabilities before adversaries can exploit them. This dual-use reality underscores a broader truth: the same technologies that strengthen defense can also expand risk.

Latest Videos From
Darren Guccione

CEO & Co-Founder of Keeper Security.

This moment is significant, but not unprecedented. Claude Mythos represents the latest step in a wider trend where AI systems are becoming more autonomous, more deeply embedded in enterprise environments and more capable of executing complex tasks at scale.

As organizations integrate these models into workflows, they expand both their operational potential and their attack surface.

New AI Capabilities Do Not Change Cybersecurity Fundamentals

Despite the rapid pace of AI innovation, the fundamentals of cybersecurity remain unchanged. Attackers still rely on the same core techniques: exploiting identities, compromising credentials and abusing access.

While AI introduces some novel attack surfaces, it primarily accelerates and amplifies the vulnerabilities organizations already struggle to remediate. Organizations are already facing increasingly sophisticated attacks, including those enhanced by AI-driven automation.

The underlying weaknesses, however, remain consistent. Weak credential hygiene, excessive privileges and inadequate access controls continue to be the primary entry points for breaches. AI raises the speed limit on every attack, it does not rewrite the playbook.

AI Is an Identity Multiplier

Where models like Mythos do shift the landscape is in how identity is defined and managed.

Every AI system, agent or automated workflow introduces a new non-human identity (NHI). These identities often require privileged access to systems, data and IT infrastructure to function effectively. As a result, organizations are rapidly expanding the number of identities that can interact with sensitive environments.

This creates three immediate structural changes:

i. Sprawling NHI inventories create ungoverned privileged access at scale

ii. Increased system and data access expands the blast radius of compromise

iii. Greater reliance on automation reduces human oversight at critical decision points

From a security perspective, each AI-driven process is effectively a privileged user. If left ungoverned, these identities are high-value targets for attackers.

Credential-based attacks remain the most effective path to compromise. That has not changed as environments grow more complex and distributed – it has become more consequential. In AI-driven environments, identity is no longer just a control layer; it is the control plane through which access, risk and trust are managed.

Security Leaders Must Prioritize Proven Controls

The answer to AI-driven risk is not a new strategy. It is disciplined, scaled execution of the strategy organizations already know they need.

Organizations should prioritize the following controls:

Principle of Least Privilege (PoLP): Ensure users and systems only have access to what is necessary, reducing the blast radius of any compromise

Credential and secrets management: Secure, store and rotate credentials and machine secrets regularly to prevent misuse or exposure

Role-Based Access Control (RBAC): Enforce structured access policies that align with organizational roles and responsibilities

Software patching and updates: Maintain consistent patch management to eliminate known vulnerabilities that AI-powered attackers can quickly exploit

These are not new recommendations. They are the debt organizations have been carrying for years – and AI is calling it in. Gaps in basic cybersecurity hygiene are now exposed faster and exploited with greater precision.

Resilience Is Built on Discipline

AI breakthroughs will continue to generate headlines, and models like Mythos will push the boundaries of what machines can achieve. However, organizations cannot afford to let innovation cycles dictate their security priorities. Security maturity, not model novelty, determines organizational resilience.

The organizations that will succeed in the AI era are those that treat identity and access management as foundational infrastructure. They will invest in controlling privileged access, securing credentials and enforcing zero-trust principles across both human and non-human identities.

AI will continue to evolve. Threat actors will continue to adapt. But the path to resilience remains consistent: disciplined execution of cybersecurity fundamentals at scale. Innovation without control increases exposure. Innovation grounded in strong identity and access governance enables organizations to move faster – securely.

We list the best firewall software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

TOPICS
Darren Guccione

CEO & Co-Founder of Keeper Security.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.