• About
  • Subscribe
  • Contact
Tuesday, October 7, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
  • Events
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
  • Events
No Result
View All Result
FutureCISO
No Result
View All Result
Home Process Compliance and Governance

PodChats for FutureCISO: AI alters identity management strategies

Allan Tan by Allan Tan
October 7, 2025
PodChats for FutureCISO: AI alters identity management strategies

PodChats for FutureCISO: AI alters identity management strategies

Share on FacebookShare on Twitter

In 2025, identity has become the new (security) perimeter, making identity security attacks a primary threat vector for organisations throughout the region. Threat actors are targeting user credentials and privileged access pathways, moving beyond traditional network-based assaults to exploit identities as the weakest link.

IDC's 2025 IAM landscape identifies AI agents, non-human identities (such as IoT), and the expansion of identity types (workforce, consumer, and B2B) as major forces reshaping security.

As Nigel Tan, director of sales engineering, Asia Pacific at Delinea, points out, threat actors are aggressively targeting user credentials and privilege access pathways, making identity security a primary concern for organisations across the region.

This shift is forcing a strategic rethink, with a pronounced focus on securing Privileged Access Management (PAM) as a critical control point. The rapid maturation of artificial intelligence (AI) is now fundamentally altering both the threat landscape and the defence strategies for Identity and Access Management (IAM).

Expanding attack surface: Non-human identities and privilege creep

A significant challenge that compounds IAM complexity is the proliferation of non-human identities. Tan highlights a startling statistic from Delinea's research: "There were up to, on average, 46 non-human identities for every human identity in an organisation."

These machine identities, which include service accounts, robotic process automation (RPA) bots, and API keys, are often poorly managed, with stale credentials presenting a massive attack vector.

This aligns with broader industry trends.

Gartner predicts that by 2026, 70% of identity-first security strategies will fail to control the surge in non-human identities, leading to a significant increase in privileged access-related breaches. This underscores the urgent need for organisations to extend their IAM disciplines to the non-human realm.

Furthermore, the perennial issue of "privilege creep"—where employees accumulate access rights over time that they no longer need—remains a critical vulnerability. Manual governance cycles are ill-equipped to handle this scale, creating a governance gap that AI is poised to fill.

AI redefining IAM

According to Tan, AI's role in IAM is twofold: securing the new wave of AI agents themselves and leveraging AI to bolster existing identity security. Delinea's own research indicates a strong appetite for this shift.

NigelTan

"A lot of executives are looking at this new disruptive technology called artificial intelligence... When it comes specifically to identity, there are two main parts: how AI changes their security landscape... [and] how they can use this to help with their identity security,” observes Tan.

Related:  Sophos uncovers connections between prominent ransomware groups

Market forecasts support this. IDC states that by 2027, driven by the explosion of AI/ML workloads, 40% of G2000 organisations will run identity and access management (IAM) processes across domains to reduce operational costs and improve risk mitigation. AI is moving from a niche capability to a core component of modern IAM architectures.

Three emerging AI-driven IAM use cases in Asia-Pacific

Tan identifies three key areas where AI is making an impact in the APAC region:

  1. Managing access for Agentic AI: As autonomous AI agents are deployed to handle business workloads, they require access to sensitive systems and data. A primary concern is ensuring these agents are not "overprivileged." CISOs are now grappling with how to apply the principle of least privilege to non-human AI entities to prevent potential data breaches.
  2. AI-powered access governance: The traditional quarterly access review process is a hefty administrative burden. AI can analyse previous access history and usage patterns to right-size employee access automatically. This shifts governance from a periodic, manual process to a continuous, intelligent one.
  3. Real-time threat detection and intelligent authorisation: AI is augmenting threat detection by accelerating the analysis of login attempts and user behaviour. Tan refers to this as "intelligent authorisation," where access decisions are based on a myriad of contextual factors—such as user behaviour, time, and location—rather than static rules like geographic blocking.

The cybersecurity risks of an AI-powered IAM

While AI offers immense benefits, its adoption is not without risk. Tan highlights that as systems learn, organisations must work to eliminate false positives to build trust in the AI's output. Furthermore, the attackers are also weaponising AI.

A global survey by Delinea paper reveals that 47% of global firms reported that AI-generated phishing/deepfakes were their top concern, and 44% reported that AI-driven credential theft is one of their biggest concerns.

Source: AI in Identity Security, Delinea 2025

The rise of deepfakes for identity fraud poses a clear and present danger, as evidenced by a near-miss case in Singapore where attackers used a deepfaked video of a CEO to attempt a fraudulent transfer.

Surveys from security vendors warn that generative AI will indeed lower the barrier for entry for cybercrime, stating that "AI-powered deepfakes will feature in over 90% of successful digital trust-breaking attacks by 2026." This underscores the need for multi-factor authentication and user education, as emphasised by Tan.

The regulatory horizon for AI in IAM

Efforts are already underway in APAC to regulate AI. Tan points to Singapore's PDPC Model AI Governance Framework and Hong Kong's Ethical AI Framework as examples. "These regulations would be overarching," he says, focusing on transparency and accountability in AI decision-making.

Related:  APeJ security spending poised to grow in 2024

This will directly impact how AI is used in IAM, requiring that access decisions are explainable and that robust audit trails are maintained, falling squarely within the wheelhouse of PAM.

The future of AI in Asia

Tan believes AI adoption will continue to grow in the region, with a strong focus on governance, threat detection, and a new frontier: auditing. "AI to help with being able to audit, to help with audit, because audit generates much information, many logs," he notes.

The ability of AI to summarise hours of session recordings into a concise executive summary, highlighting key points and potential red flags, will save significant time and resources for security teams, making compliance and oversight more efficient.

This is a trend recognised by industry leaders. Gartner highlights that "by 2025, 40% of identity and access management (IAM) buyers will consider advanced, AI-powered analytics a critical capability in their purchasing decisions," indicating that AI will soon become a standard expectation, not a luxury.

Click on the PodChats player to listen in detail to Tan's conversation with FutureCISO on how AI alters identity management strategies.

  1. Before we begin, could you please provide a 30-second elevator pitch about Delinea?
  2. How is AI Redefining Identity and Access Management?
  3. Please identify emerging AI-driven IAM use cases in Southeast Asia and Hong Kong.
  4. How do you see Agentic AI potentially changing Privileged Access Management (PAM)?
  5. We may have covered this in earlier questions: What are the cybersecurity risks of AI-enhanced IAM? Please cite the 2025 incidents on the same topic.
  6. Efforts are underway to develop regional regulations governing the use of AI. Can we expect something similar around AI in IAM?
  7. Can AI Enhance IAM for Hybrid Workforces?
  8. You mentioned earlier about identity access rights that have become dormant. What role would GenAI/Agentic AI play in identity lifecycle management?
  9. Deepfake cases are growing in Asia. How should CISOs prepare for AI-enabled identity fraud?
  10. What skills will security teams need for AI-driven IAM? How about end users?
  11. What is the future of AI in IAM for Southeast Asia and Hong Kong?
Tags: Artificial IntelligenceDelineaidentity and access managementprivileged access management
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • PodChats for FutureCISO: AI alters identity management strategies
  • CISOs urged to strengthen cyber risk management in multitier supply chains
  • ThreatBook offers actionable insights for threat response
  • PodChats for FutureCISO: AI, automation, and the next generation of threats
  • Rising cyber threats highlight need for improved recovery processes

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
  • Events
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl