Sixty-two percent of organizations experienced at least one deepfake attack in the past 12 months, according to a Gartner survey of 302 cybersecurity leaders. The attacks involved social engineering or exploitation of automated verification processes, hitting audio calls, video conferences, and biometric systems. The defenses verified who logged in, but just a few reassessed trust after the initial authentication event.

The system that stopped watching

Credential-based intrusions, not payload delivery, are now the dominant attack pattern, according to the CrowdStrike 2026 Global Threat Report. Attackers logged in with stolen credentials, hijacked session tokens, and moved laterally before any security tool knew it. Breakout times are down from being measured in minutes to seconds today. No payload, no exploit — just a stolen identity and a system that stopped watching.

Authentication is a gate, and trust is a signal. Enterprises are still building gates.

Two vectors, one blind spot

The first four articles in the "Identity blind spot" series document how that gap is being exploited. A single deepfake video call authorized millions in fraudulent wire transfers at a multinational engineering firm. MFA verifies who logged in, but without continuous monitoring of every transaction and activity, attackers have their run of the infrastructure.

Deepfake social engineering tricks humans into authorizing fraudulent transactions. Token theft and credential replay bypass humans entirely. Both exploit the same architectural weakness: assumed trust. Once an attacker defeats authentication, they inherit explicit access across the infrastructure — with the same reach as a legitimate insider.

Alex Philips, CIO at NOV, detailed the gap in a VentureBeat interview: “We discovered that if you detect and disable a compromised user’s account, the attacker’s session tokens might still be active. It isn’t enough to reset passwords; you have to revoke session tokens to truly kick out an intruder.” NOV is now partnering with a startup to build near real-time token invalidation across its most critical resources.

The preparedness gap is widening

Only 37% of organizations had processes to assess AI tool security before deployment, the World Economic Forum’s Global Cybersecurity Outlook 2025 found. That figure nearly doubled to 64% in the WEF’s 2026 follow-up, though the identity-layer blind spot persists regardless.

Ivanti’s 2026 State of Cybersecurity Report quantified the damage across more than 1,200 security professionals: 77% of organizations have encountered deepfake attacks. Only 30% said their CEO could definitively spot one. The threat-preparedness gap widened by double digits in a single year across every threat category Ivanti tracks.

Five capabilities that close the post-authentication blind spot

Five capabilities define the trust stack those investments should build:

Continuous session verification monitors behavioral signals, device posture, geolocation drift, and transaction patterns after the initial login. Philips told VentureBeat that NOV’s journey started with a fundamental shift: “We didn’t know what zero trust was, we just knew that we needed identity and conditional access at the core of everything.” The result was a zero-trust architecture where everything is re-authenticated through a proxy or identity provider, creating what Philips called “a single choke point to cancel tokens globally.”

Behavioral biometrics track typing cadence, mouse movement, and session navigation throughout a session. When patterns deviate from the baseline, the system triggers step-up authentication or terminates the session. This catches deepfake-authenticated sessions where post-login behavior diverges from the real user. The tradeoff is real: without careful tuning, behavioral biometrics generate enough false positives to bury SOC teams. And continuous monitoring of how employees type and navigate sessions runs into GDPR and privacy reviews. Neither problem is a reason not to deploy. Both are reasons to plan the rollout instead of rushing it.

Adam Meyers, Senior Vice President of Counter Adversary Operations at CrowdStrike, told VentureBeat that attackers have forced a fundamental shift in what defenders must monitor. “Think of the endpoint as the domain everybody understands from a security perspective. But now identity is part of that equation, so we have another domain introduced. Adversaries have figured out that if they can use credentials to get into the cloud control plane, they can maximize their effect. You have to overlay that across your endpoint domains, your cloud domain, and your identity domain. That’s what we call cross-domain visibility, and it allows you to react faster because you’re looking across the entire landscape of your enterprise, not just the endpoint.”

Cross-channel identity correlation treats identity as a unified control plane rather than a set of disconnected checkpoints. The architectural gap in most enterprises: identity signals from directory services, cloud access brokers, federation endpoints, and voice authentication systems are governed by separate teams with separate budgets. No single owner correlates them. Attackers move from initial access to lateral movement faster than fragmented identity governance can respond.

Carter Rees, vice president of artificial intelligence at Reputation, told VentureBeat his team is building toward that unified identity layer. “We are moving toward an identity-embedding framework where role-based permissions and behavioral baselines are encoded directly into model reasoning, not just enforced in admin dashboards,” Rees said. Identity correlation becomes native to how AI systems reason about trust, not a post-hoc exercise layered on after the fact.

Adaptive risk-based escalation applies friction proportional to risk. High-value transfers and privilege escalations trigger real-time identity challenges. Low-risk actions proceed without friction. If an identity authenticates from Houston and surfaces from Bucharest 20 minutes later, the system triggers step-up authentication or kills the session.

Identity-aware AI defense treats AI agents as identity surfaces requiring the same governance as human users. Rees told VentureBeat that his team is encoding role-based permissions and behavioral baselines directly into model reasoning. “That shift matters for industries like healthcare, where PHI and PII require stronger trust signals,” Rees explained. But Rees flagged the inverse risk: “User embeddings are sensitive identity artifacts. They can expose PHI or PII through inversion attacks if not controlled. Security leaders must treat embeddings like credentials, encrypted, monitored, and governed under HIPAA and GDPR.”

Where to spend limited budgets first

Session token management is the place to start. Philips said that NOV discovered disabling a compromised account was not enough: “The attacker’s session tokens might still be active.” NOV is building near real-time token invalidation for its most critical resources. On access controls, Philips was equally direct: “No one person should be able to undermine your security controls, myself included. Small process changes like requiring two people to change MFA for an exec or highly privileged IT staff, can thwart malicious insiders, mistakes, and attackers.”

Swap SMS and push-based MFA for phishing-resistant FIDO2 and passkey-based authentication on every privileged account. Every push notification an attacker can fatigue-bomb is a session they can steal. Cheapest upgrade, widest gap closed.

Rees pointed to Google’s USER-LLM research as a signal of where the field is headed: user embeddings cross-attended during inference to ground outputs in verified identity context. “That’s the direction,” Rees told VentureBeat. “Identity has to become a native input to AI reasoning itself, not a policy layer bolted on after the fact.”

Create a budget line for identity-layer controls. Separate from email security. Separate from SOC tooling. Session governance, token lifecycle management, continuous identity verification, and standards like CAEP and the Shared Signals Framework belong under one owner with one budget. ITDR platforms exist for continuous session evaluation, but few enterprises have deployed them with automated token revocation tied to identity anomaly detection. If nobody owns this gap, attackers already do.

What to do Monday morning

The five capabilities above require architectural change. These seven actions require authority and a calendar.

Go full least-privilege on every API key, service account, login, MFA, and authentication app. Audit immediately. Purge all logins and identity-based access privileges that have expired or were created for employees and contractors who have left. Extend the audit to cloud-based storage and tools, including Box, Dropbox, and Google Drive.

Redefine and streamline the revocation process so it is immediate. An IT team needs to be able to kill any session at any time. If your team cannot revoke a compromised session in under five minutes, that window is wide enough for an attacker to move laterally, escalate privileges, and reach your most sensitive resources before anyone finishes triaging the first alert. Philips found exactly that gap at NOV and brought in dedicated resources to close it.

Test your cross-domain identity telemetry end to end. This is where most enterprises discover they are blind. Can you correlate an identity anomaly in your directory service with a cloud control plane login and an endpoint behavioral flag under a single identity risk score? If answering that question requires stitching signals across four separate teams with no shared identity context, attackers will move through the gaps between those teams faster than they can coordinate a response. The fix is structural: unify identity governance under a single owner with a single correlated view.

Audit separation of duties on identity workflows. If one person or one service account can reset credentials, approve privileged access, and bypass MFA, that is a single point of failure, and attackers will find it. While auditing, extend the same scrutiny to AI agent identities. Machine identities already outnumber human user accounts in most enterprise environments, and every autonomous agent with persistent system access needs the same governance: rotation, behavioral baselining, least-privilege scoping, and anomaly detection.

Enforce conditional access at every gateway, not just at login. That means every privilege escalation and every sensitive resource request. Tune for VPN and proxy realities so false positives do not bury the real signals, but do not let the pursuit of perfect policy keep you from deploying any policy at all.

Verify your incident trust chain. AI-generated voice, video, and writing now make traditional confirmation channels unreliable. If your incident response depends on a phone call or a Slack DM to confirm a compromised account, a deepfake-capable attacker can exploit that same confirmation channel. Establish preshared secrets or out-of-band verification protocols now, before you need them under pressure.

Deploy AI-driven log analysis against your existing SIEM data. AI examining SIEM logs and surfacing incidents with short lag time is not perfect visibility, but short lag time beats no visibility, and you can have it running within 30 days.

Give yourself a month. Token audit in week one. Telemetry map in week two. Conditional access enforcement in week three. Revocation drill in week four. Breakout times are measured in minutes, and the fastest recorded intrusions land in seconds. The attackers have already started. The question is whether your identity infrastructure is ready when they arrive.