Rising cyber threats: How AI exploits weak security systems

AI-powered cyber threats expose gaps in outdated business security

Passwords on sticky notes, forgotten access credentials of former employees, 119 new vulnerabilities every day—today's security landscape leaves no room for outdated practices like these. The booming identity and access management (IAM) market is now opening up fresh business opportunities for the channel.

On average, 119 new vulnerabilities per day: Germany's Federal Office for Information Security (BSI) paints a troubling picture of the country's IT security in its 2025 Situation Report. Nearly one in ten inquiries to the BSI Service Center involves account hijacking and identity theft (9.5%). After phishing attacks (19.3%), this is the second most common reason companies turn to the agency for help.

Yet according to the BSI report, businesses know full well what they should be doing. On average, they are familiar with basic protective measures: secure passwords, two-factor authentication (2FA), browser-based password managers, passwordless login, and standalone password managers. The most widely adopted measures include secure passwords (54%), 2FA (44%), and browser-integrated password managers (29%). Whether driven by geopolitical tensions or regulatory pressure, many companies wait until the last possible moment before implementing new safeguards. Elmar Eperiesi-Beck, CEO of the German IAM platform Bare.ID, advises, "Companies should address compliance requirements early to avoid being caught off guard by tight deadlines."Proactive resilience is key.

Despite this knowledge, delaying action exposes businesses to data breaches, reputational damage, and severe financial losses. The gap between awareness and implementation remains wide—and could prove disastrous for many in the future. Service providers now have an opportunity not only to advise but to actively support implementation, including keeping systems up to date. Consider this example: A local tradesman stores customer data in the cloud, taking a step toward modernization. But when it comes to security, that's where it ends. Every employee has their own passwords scribbled on notes; former employees' access remains open; and the apprentice has the same data permissions as the CEO.Modern technology without modern security is like a cutting-edge car with no airbags.

The problem is compounded by AI. Criminals now use artificial intelligence to systematically test stolen passwords, crack weak credentials, or deceive employees with deepfake voices. What once took weeks can now be done in hours.

One solution is Identity and Access Management (IAM). These systems don't just verify who is logging in—they continuously monitor behavior to detect anomalies. With cyber threats and geopolitical tensions escalating, companies are being forced to rethink their software strategies, Eperiesi-Beck explains. "We receive daily reports on developments in the U.S., Russia, and other regions, creating a far more complex threat landscape. This inevitably pushes companies to critically review and reassess their existing software solutions."

In this context, digital sovereignty is becoming an increasingly decisive factor in technology decisions. However, a clear definition is essential—it forms the foundation for credible and sustainable implementation. Eperiesi-Beck identifies a concerning trend: "We're seeing a wave of 'sovereignty washing,' where digital sovereignty is more of a marketing buzzword than a real commitment. For me, true digital sovereignty starts with two non-negotiable requirements: a fully German supply chain and no vendor lock-in."

Grappling with these issues has led many organizations to a sobering realization about their existing IT infrastructure. "A large number of companies still rely on outdated identity and access management systems," the expert explains. Microsoft's Active Directory, for instance, was introduced years ago and has simply been "kept running and maintained over time." Too often, this results in a lack of oversight and control. Modern IAM solutions are designed to bring order to the chaos: they automatically detect unusual login attempts, provide full transparency over permissions, and replace password scribbled on sticky notes with single sign-on (SSO).

There's a common misconception that additional security measures hinder business operations. In reality, the opposite is true. As past experience has shown, robust security can deliver a significant competitive advantage.

Another structural shift is adding to the challenge: today's businesses must manage far more identities than just those of their own employees. "Most customers start with business-to-employee scenarios—traditional employee authentication—before expanding the model to suppliers or end customers."

Identity management solutions are available for companies of all sizes and budgets, ranging from Microsoft Entra ID to European alternatives like Bare.ID. For IT service providers, this evolution also opens up new business opportunities, with projects spanning from three-day migrations to systems supporting millions of users. The market is growing—and with it, the potential for providers to help clients navigate their digital transformation.