AI is speeding attacks, but identity remains cybersecurity’s weakest link, according to PwC’s Cyber threats in motion. The SecurityWeek piece notes that Infostealers and resulting stealer logs feed initial access brokers, who sell identities to criminals, while AI helps attackers generate convincing phishing and impersonations, including deepfake-enabled social engineering.
It describes attacker speed as increasing with access-ability, with AI accelerating reconnaissance, malware development, and social engineering across languages and platforms, though fully autonomous end-to-end AI attack sequences are still early-stage and not widespread. PwC cautions that traditional techniques like phishing and credential theft remain effective, and many organisations are grappling with basic security fundamentals.
Beyond defending identities, the article emphasises understanding an organisation’s crown jewels and how threat actors—whether nation state or cybercriminal—might pursue them, with Russia-based actors blending cyber and influence operations and China-based actors aiming for persistent access in critical infrastructure.
It closes by urging identity protection and continuous trust validation, arguing that resilience in an AI-accelerated threat landscape comes from governing identity at speed and integrating cyber risk with business strategy. 25 March 2026.