All posts
Cyber Security
2
min read

AI-driven Identity Attacks are Reshaping the Cyber Risk Landscape

In this month’s article Sention explores how AI-driven deepfakes, impersonation attacks and evolving social engineering tactics are reshaping cyber risk and why organisations must strengthen behavioural resilience and cyber preparedness.
AI-driven identity attacks are changing cyber risk forever
Written by
Dr Rebecca Hoile
Published on
May 27, 2026
Copy post

Cyber attacks are no longer focused only on exploiting technical vulnerabilities. Increasingly, attackers are targeting staff directly to gain access to systems, information and trusted business processes.

The rise of AI-generated deepfakes, impersonation attacks and more convincing social engineering techniques is changing how many organisations are being compromised. Rather than trying to break through security controls, threat actors are increasingly manipulating people through fake voices, realistic emails, cloned identities, video impersonation and deceptive collaboration requests.

Recent incidents involving Microsoft Teams phishing campaigns have shown how quickly attackers can infiltrate organisations by posing as internal IT support staff or trusted contacts. Staff are being persuaded to approve MFA requests, share credentials, install remote access tools or disclose sensitive information through interactions that appear genuine.

What makes these attacks more difficult is that they no longer resemble the obvious phishing attempts many people were trained to identify several years ago.

AI tools are now helping threat actors:

  • Create highly personalised phishing messages.
  • Imitate executive communication styles.
  • Clone voices and video likenesses.
  • Ggenerate realistic meeting invitations and support requests.
  • Automate research on organisations and staff.
  • Pressure employees into bypassing normal processes

At Sention, we are seeing increasing concern across healthcare, aged care, education, research and critical infrastructure sectors about how quickly these threats are evolving compared with current preparedness levels.

One of the biggest gaps is that many organisations still invest far more effort preparing for traditional physical emergencies than they do for cyber disruption.

For example, healthcare and aged care providers regularly practice fire evacuation and emergency response procedures because these are heavily regulated and well understood operational risks. Those exercises are important and required. However, many of these same organisations are statistically far more likely to experience a cyber-attack, prolonged technology outage or data breach than a major fire event. Despite this, cyber exercising and workforce preparedness often remain limited.

We continue to see environments where:

  • Staff receive only basic phishing awareness training.
  • Executives have never been exposed to impersonation scenarios.
  • Communication verification processes are informal or inconsistent.
  • Operational teams rely heavily on digital systems without tested workarounds.
  • Workforce reporting culture is still immature.
  • Business continuity plans are rarely exercised against cyber disruption scenarios

In practice, this means a single manipulated interaction can result in credential theft, ransomware deployment or significant operational disruption before anyone realises something is wrong. The impacts are also extending well beyond IT teams.

Organisations are increasingly dealing with:

  • Privacy breaches and regulatory obligations.
  • Operational downtime.
  • Financial fraud.
  • Reputational damage.
  • Loss of stakeholder trust.
  • Workforce disruption.
  • Safety concerns where clinical or operational systems are affected.

Most organisations now recognise the importance of cyber awareness training. The challenge is that many programs are still geared toward traditional phishing and compliance risks, while attackers are increasingly using AI-driven impersonation and behavioural manipulation techniques that are far more convincing and difficult for staff to identify.

Many attacks are now succeeding not because security systems failed, but because the interaction itself appeared legitimate.

At Sention, we believe organisations need to move beyond passive awareness programs and place greater focus on practical preparedness and behavioural resilience.

That includes:

  • Realistic phishing and impersonation exercises.
  • Executive-level cyber disruption scenarios.
  • Stronger verification processes for sensitive requests.
  • Clearer escalation and reporting pathways.
  • Workforce education focused on AI-enabled deception tactics.
  • Integration of cyber scenarios into crisis management and business continuity activities.
  • Reducing over-reliance on digital trust alone

The organisations responding best to this shift are usually the ones building a culture where staff feel comfortable questioning unusual requests, checking information through secondary channels and escalating concerns early.

AI is lowering the barrier for increasingly sophisticated attacks. Threat actors no longer need advanced technical capability to create highly convincing campaigns against organisations.

In many cases, the initial compromise may simply look like a normal Teams conversation, phone call or support request.

Now is the time for organisations to reassess whether their current cyber awareness, exercising and preparedness activities genuinely reflect the way modern attacks are occurring.

Threat Tags
No items found.
Monthly Threat Briefing
Want to receive a free monthly summary report on the threat landscape?  Sign up here to receive your monthly Threat Intelligence Briefs.
Read about our privacy policy.
You are now subscribed!
Oops! Something went wrong while submitting the form.