5 ways new AI agents can automate identity attacks

2025 has started off with a ton of AI hype. But so far, the impact of GenAI on cyber attacks has been seriously overstated. LLMs like ChatGPT, Claude, Gemini, and now DeepSeek, have been mainly used for the creation of phishing emails and in AI-assisted malware development — noteworthy, but not exactly transformative. 

This could all be about to change with the introduction of a new type of AI agent — Computer-Using Agents (CUAs) — like OpenAI’s Operator. 

CUAs drive your browser/OS for you. These tools are essentially no-code automation platforms, enabling low-cost, low-effort automation of common web tasks — including those frequently performed by attackers.

Join our VP R&D, Luke Jennings, where he’ll be demonstrating the impact of CUAs in automating common identity attack techniques, and what this means for the future of how and where identity attacks will take place. 

In this webinar, you’ll learn how attackers can use AI for:

1. Reconnaissance to discover a company’s SaaS tenants and valid usernames
2. Initial access through changing how and where phishing attacks take place, and significantly scaling up credential stuffing attacks using compromised credentials
3. Persistence following account takeover by creating additional ghost logins to grant backdoor access
4. Lateral movement to compromise additional apps and accounts within a company’s user base following an initial account takeover
5. Exfiltration through mass data collection across compromised apps and accounts

We’re running separate sessions for multiple timezones so be sure to select the time that works best for you. And don’t worry, if you can’t attend, sign up anyway and receive a copy of the recording to your email.