AI-powered scams and identity attacks become top cyber threats in 2026

Rowan Swanepoel, Principal Cyber Security Specialist at Cyberlogic.

---

As organisations continue investing heavily in cyber security technologies, attackers are shifting their focus away from networks and systems and towards the people who use them. According to Cyberlogic, AI-driven social engineering and identity-based attacks have emerged as two of the most significant cyber threats facing businesses in 2026.

While organisations have traditionally focused on securing hardware, software and infrastructure, the human factor has become a preferred target for cyber criminals looking for easier ways to gain access to sensitive information and systems.

"Cyber criminals have realised that breaking through a company's technology stack is often far more difficult than manipulating a person," says Rowan Swanepoel, Principal Cyber Security Specialist at Cyberlogic. "As a result, we're seeing a significant increase in attacks that exploit human behaviour rather than technical vulnerabilities."

Artificial intelligence is accelerating this trend. While AI has become a valuable tool for improving productivity and business efficiency, it is also being used by malicious actors to automate and scale cyber attacks.

Attackers are increasingly using AI to create highly personalised phishing e-mails and voice phishing, or vishing, campaigns. By leveraging information gathered from social media platforms and other publicly available sources, criminals can craft convincing messages that appear legitimate and relevant to their targets.

At the same time, deepfake technology has evolved rapidly, making it increasingly difficult for individuals to distinguish between a real person and an AI-generated voice.

"Deepfake audio has become remarkably convincing," says Swanepoel. "We are reaching a point where many people don't realise they are speaking to a machine. That creates significant risks for organisations, particularly where financial approvals, sensitive information or executive communications are involved."

Alongside AI-driven social engineering, identity-based attacks are becoming a growing concern. Rather than attempting to breach corporate networks directly, cyber criminals are targeting user identities through stolen credentials, session token theft and multi-factor authentication (MFA) fatigue attacks.

In many cases, attackers gain access using credentials exposed in previous data breaches or by tricking users into clicking malicious links that capture authentication tokens. Stolen credentials are useful because password re-use is very common. For session token theft, users are often not even aware of anything – and this would even bypass any MFA requirement.

A growing concern within identity-based attacks is the rise of stolen credentials and session token theft. Cyber criminals regularly harvest usernames and passwords from previous data breaches and then use automated tools to test them across multiple platforms, relying on the fact that many users still re-use passwords. Even more concerning is session token theft, where attackers steal the authentication token that proves a user has already logged in. This can occur when a user clicks on a malicious link, downloads malware or interacts with a fraudulent website. Once in possession of a valid session token, attackers can often bypass passwords and even MFA controls, effectively impersonating the user and gaining direct access to corporate systems, cloud applications and sensitive business data.

"The modern attacker doesn't necessarily need to break into your network anymore," explains Swanepoel. "If they can steal or hijack your identity, they can often gain the same level of access with far less effort and far less chance of being detected."

According to Swanepoel, technology alone is no longer enough to defend against modern cyber threats.

"We need to empower employees to become part of the organisation's cyber defence strategy. The goal is to transform staff from potential vulnerabilities into a human firewall. Every employee should understand how to recognise phishing attempts, avoid risky online behaviour and know exactly what to do if they suspect a security incident."

Security awareness training remains one of the most effective defences against social engineering and identity-based attacks. Training programmes should address common risks such as password re-use, recognising suspicious communications, incident reporting procedures and adopting a zero-trust mindset where every request is treated with caution until verified.

Businesses are also encouraged to implement password managers that generate and store unique passwords for every account. Many modern password management solutions support MFA and passkeys, which offer a more secure, passwordless approach to authentication.

"Password managers remove the temptation to re-use passwords across multiple platforms," says Swanepoel. "Employees only need to remember a single master password, while the software handles the creation and storage of strong, unique credentials."

Keeping software up to date is equally important. Regular updates for operating systems, browsers, mobile devices and business applications often contain critical security patches that protect users against newly discovered vulnerabilities.

"Many people see updates as an inconvenience, but they're one of the simplest and most effective security controls available," adds Swanepoel. "Whether it's your web browser, laptop operating system or smartphone, keeping software updated closes vulnerabilities that attackers actively look to exploit."

Swanepoel concludes that cyber security can no longer be viewed as the sole responsibility of the IT department.

"Security is everyone's responsibility. All it takes is a single click on a malicious link, a compromised credential or an employee trusting the wrong voice on the phone to create a serious security incident. End-users need to be recognised as a critical component of every organisation's cyber defence strategy."