How GenAI Is Aiding a Rise in Identity-Based Threats

Thales CISO Eric Liebowitz Outlines Urgent Defenses for AI-Driven Phishing Threats Michael Novinson (MichaelNovinson) • January 12, 2026

Traditional technical defenses are no longer sufficient since attackers now favor identity-based access methods like phishing and social engineering, said Thales CISO, Americas, Eric Liebowitz.

See Also: On-Demand | NYDFS MFA Compliance: Real-World Solutions for Financial Institutions

Organizations must counter these trends by focusing heavily on employee training and behavior monitoring, building user behavior baselines to detect anomalies. Companies should offer both proactive technical controls like internal artificial intelligence tools and DLP systems as well as sustained investment in employee awareness to counter the generative and agentic AI capabilities of adversaries, he said (see: Identity Sprawl Redefines Enterprise Security).

"Technology has just gotten better at detecting the old-style attacks like brute force where someone would try and guess a million passwords a second in hopes to eventually find a weak password," he said. "We ...