Cybersecurity in the Age of Agentic AI

Insights from Industry Leaders

Agentic AI was everywhere at RSAC 2025—and it’s quickly emerging as a major force reshaping cybersecurity.

In a new feature from Cybersecurity Tribe, 21 cybersecurity leaders—including Optery CEO Lawrence Gentilello—weighed in on how agentic AI is transforming defense strategies and giving attackers new advantages.

• Most organizations are still in the testing phase, but adoption is expected to rise sharply by 2026.
• Experts cited major benefits: speed, scale, real-time response, and efficiency.
• But they also pointed to key challenges: governance concerns, the need for transparency, and weaponization by adversaries.

Gentilello focused on how attackers are using agentic AI to automate reconnaissance, personalize social engineering, and scale identity fraud using exposed PII:

“Defenders must respond in kind, eradicating exposed PII data, and employing ‘AI‑against‑AI’ deepfake detection techniques. By understanding how adversaries exploit PII, organizations can better defend themselves.”

Agentic AI is poised to wreak havoc on organizations with exposed employee data. The time to act is now—before attackers’ capabilities evolve into fully autonomous, mass-scale attacks. Read the full article

New Threat Reports from IBM and Fortinet: AI-fueled recon and attack execution means organizations must be proactive

Two of the most important threat intelligence reports of the year just dropped. Both show attackers are using AI to scale up, phishing and credential theft are surging, and proactive exposure management is critical.

IBM X-Force 2025 Threat Intelligence Index

Credential compromise fueled by phishing and infostealers

IBM’s latest report highlights an 84% increase in infostealers delivered via phishing in 2024. Early 2025 data suggests an even greater surge: a 180% increase in weekly volume over 2023.

Credential phishing is also on the rise. IBM notes that attackers are using AI to create phishing sites, generate deepfakes, and write malicious code. The result is a surge in valid credentials being used for identity-based attacks.

Nearly one-third of observed attacks involved the use of valid accounts. The report notes that while these may not always show up as phishing in statistics, phishing or infostealers delivered via phishing are often the real infection vector.

“While it can be difficult to prove, most compromised credentials came from infostealers and credential harvesting campaigns, of which an increasing amount is delivered via phishing.”

The first step the report gives for threat management is to “Limit your exposure across the threat environment.”

Minimizing employee PII exposure on data broker sites is a critical part of doing that. Threat actors routinely rely on this data for reconnaissance, phishing, and credential compromise. Read our summary

Fortinet 2025 Global Threat Landscape Report

AI supercharging attacker recon, social engineering, and credential theft

Fortinet’s report shows attackers moving with “unprecedented speed, precision, and reach,” and AI is the driving force. Tools like FraudGPT, BlackmailerV3, and ElevenLabs are automating the creation of malware, phishing websites, synthetic voices, and deepfake content—fueling more scalable and believable campaigns.

Meanwhile, infostealers like Redline and Vidar are driving a spike in credential harvesting. FortiGuard Labs observed:

• A 500% increase in credential logs on darknet forums
• A 42% rise in compromised credentials for sale
• A growing market for VPNs, RDPs, and admin panels offered by Initial Access Brokers (IABs)

Fortinet’s recommendation echoes IBM’s:

“CISOs must act swiftly and decisively… and close exposure gaps before attackers can strike.”

That includes reducing employee and executive PII exposure. The Black Basta leaks confirmed what many still overlook: employee PII on data broker sites is part of the enterprise attack surface.

When attackers can easily find names, roles, emails, and phone numbers through data brokers, it fuels phishing and infostealer deployment, opening the door to organizational compromise. See our breakdown