Identity Under Attack: Lessons on AI-Driven Credential Risks from Security Experts

Identity is now the front line of cybersecurity. As credential-based attacks become more sophisticated and widespread, AI is accelerating the speed, scale, and success of these threats.

To examine how this is impacting businesses, Dashlane CISO Joanna Chen recently co-hosted a webinar with Prashanth Challa, Managing Director of Wealth Management Cybersecurity at Morgan Stanley.

Get the essential takeaways from their conversation below, or catch up on everything they discussed by checking out their on-demand webinar, “Identity Under Attack: How Credential Threats Are Reshaping Security in Finance and Tech.”

Where phishing emails and brute-force attacks were once indiscriminate, AI now enables attackers to create highly tailored and convincing lures at scale.

It can scrape data from public sources, generate context-specific messaging, and even mimic communication styles—making it harder for employees to spot the red flags. Joanna and Prashanth agreed: AI has lowered the barrier to entry for cybercrime while increasing its potential impact.

On the defensive side, however, AI is just as powerful. By automating risk detection and surfacing suspicious activity faster, AI-powered security tools can help teams respond before attackers gain a foothold.

The challenge, Joanna and Prashanth said, is ensuring the AI tools businesses are using are transparent and trustworthy. This is especially true in regulated industries where governance and compliance carry as much weight as technical capability.

As attackers get more sophisticated with AI and deepfakes, humans remain the path of least resistance. Both Joanna and Prashanth warned that organizations can’t just harden systems. They must also prepare their people.

“The thing we’ve seen starting to pick up now, but I expect it to really blow up in 2026,” shared Prashanth, “is attacks on our call centers—taking advantage of GenAI and deepfakes to impersonate employees or clients.”

Because call centers are often staffed with junior, seasonal, or contract employees, fraudsters use spoofed phone numbers, high-pressure tactics, and even AI-generated voices to trick agents into resetting accounts or granting access. Morgan Stanley is responding by strengthening authentication procedures and piloting AI tools that can monitor calls in real time to ensure protocols are followed.

Joanna added that beyond call centers, humans more broadly remain the most persistent risk:

“Where attackers often go is that human element. It’s always going to be a bit squishy… and it’s always going to be a part of a company’s risk that they can’t fully get rid of.”

She noted that with defenses like firewalls growing stronger, attackers are prioritizing the exploitation of people instead. With tools like ChatGPT making it easy to generate convincing content in any language, the human factor is only becoming more vulnerable.

Prashanth addressed the value of a defensive, proactive cybersecurity strategy.

Both experts outlined several strategies that organizations in any industry can use to reduce identity risk:

The rapid evolution of credential-based threats means organizations can’t afford a reactive stance. Identity security must be proactive, layered, and woven into business culture.

Customer trust is everything, and protecting that trust starts with protecting identities.