Artificial intelligence (AI) will underpin the move away from traditional identity and access management (IAM) to a decentralised IAM model.
This is significant because identity is the connective tissue of cyber security, said Tope Olufon, senior analyst at Forrester, speaking today at ITWeb Security Summit 2025, at the Sandton Convention Centre, Johannesburg.
Olufon said in addition to understanding AI, businesses must achieve full visibility of their assets and view cyber security through the eyes of threat actors. He noted that traditional identity management models are fragmented, inflexible, inefficient and siloed.
“The industry is maturing and use cases are growing. With decentralised identity management, trust becomes a two-way street and reusability will drive efficiency.”
He added that this IAM model facilitates augmented physical ID with revocable credentials, and beyond security, will find use cases in vertical markets like healthcare and recruiting.
Olufon said achieving full visibility is still a major challenge, along with requisite budgets to meet costs.
“Identity is the connective tissue of cyber security, and AI is a force multiplier that gives us speed and has changed the way we approach creativity and security. AI is just code, and the risks today are generally the same as they were. However, companies still struggle with challenges like budget and visibility.”
AI plays a key role in empowering organisations by automating general tasks, helping businesses to understand the nuances of change and sifting through vast amounts of data to help users to find specific information they are looking for.
“More data means you need a bigger security budget to be able to analyse this data.”
He added that threat intelligence is an essential warning system and businesses that are proactive in their security approach are harnessing this intelligence to anticipate and mitigate risk.
According to Olufon, businesses will continue to look to AI to strengthen threat detection and operational efficiency. Threat actors will always adapt and therefore organisations must do the same. AI cannot replace people – businesses need both, and it is imperative that organisations research, communicate and prove new technologies to stay resilient.
Olufon added that identity lifecycle management will gain stronger deepfake and anomaly detection, authentication will benefit from large transaction models and enhanced patterns detection, and authorisation will benefit from autogenerated policies and integration code.
Lisa Flynn, founder of Catalysts & Canaries Research Institute & Training Academy, spoke about the impact of deepfakes, and how “social engineering on steroid attacks” continue to impact organisations.
She referred to the Verizon Data Breach Investigations Report 2025, according to which 60% of breaches involved the human element, and AI/large language models are increasingly being used by attackers to craft more convincing e-mails.
Flynn said AI voice scams are on the rise globally and listed several notable recent breaches, including the $25 million Hong Kong CFO deepfake hack, the OpenAI global hiring scam and the SBD Securities fake trading app.
Her call to action is to educate ourselves, teams and families, be curious, suspicious and situationally aware, to prioritise cognitive security practices and collaborate with researches.
Share