NEW YORK, March 10, 2026 — HYPR, the Identity Assurance Company, has unveiled its sixth annual State of Passwordless Identity Assurance report, revealing a fundamental transformation in enterprise security priorities. The comprehensive study, commissioned by HYPR and conducted by 451 Research from S&P Global Energy Horizons, documents a seismic shift where artificial intelligence has fundamentally altered the threat landscape for organizations worldwide.
AI Displaces Traditional Credential Theft as Primary Concern
For the first time in cybersecurity history, Generative AI at 53% and Agentic AI at 45% have collectively surpassed stolen credentials as the foremost identity security threat facing enterprises. This dramatic crossover signifies that the industry is no longer combating human-scale password leaks but rather confronting industrial-scale automated attacks powered by sophisticated artificial intelligence systems.
"We have entered a new era where automated agents will leak more passwords than people throughout 2026," explained Bojan Simic, CEO and co-founder of HYPR. "This shifts identity risk from human-scale errors to industrial-scale machine automation, requiring fundamentally different approaches to enterprise security."
The Literacy-Action Gap in Passwordless Adoption
Despite significant advances in technical understanding, enterprise-wide passwordless adoption remains stalled at 43%, creating what HYPR identifies as a "literacy-action gap." While passkey literacy has surged to 64% among security professionals, and FIDO passkeys are now considered the gold standard by 64% of security leaders (up from 40% previously), implementation challenges continue to hinder widespread deployment.
"Technical literacy is no longer the bottleneck; the challenge now lies in the mechanics of scaling across the enterprise," Simic emphasized. "Organizations must move beyond point-in-time security measures and make identity verification a permanent component of employee management from onboarding through offboarding."
Identity Verification Emerges as Critical Response
In response to these evolving threats, organizations are increasingly pivoting toward Identity Verification (IDV) solutions. The report indicates that 71% of organizations have committed to phishing-resistant modernization programs, with 65% of enterprises currently utilizing some form of IDV technology. However, implementation remains fragmented, with most organizations deploying these solutions to less than a quarter of their workforce.
The Velocity Paradox in Modern Cybersecurity
AI technology is dramatically accelerating attack chains while simultaneously empowering defensive capabilities. The report identifies what it terms the "velocity paradox" — while defensive tools now detect 65% of identity-based attacks within hours, the "exfiltration window" for data theft is closing faster than human security teams can effectively respond.
Artificial intelligence is re-arming traditional threats, with 43% of organizations reporting AI-enhanced phishing attacks and 37% encountering AI-powered ransomware campaigns. These automated threats operate at unprecedented scale and sophistication, overwhelming traditional security measures.
Synthetic Media Emerges as Top-Tier Enterprise Threat
The report reveals alarming statistics about the proliferation of synthetic media in identity-based attacks:
- 87% of organizations have encountered audio or video deepfakes in identity-based attacks
- 45% identify prerecorded video deepfakes as a primary security concern
- 40% reported AI voice cloning incidents targeting call centers with manipulated audio
- Identity impersonation incidents have surged by 35% year-over-year
Candidate fraud has emerged as the second most prevalent threat at 39%, following closely behind traditional credential misuse. Personalized phishing remains the dominant identity risk, cited by nearly two-thirds (65%) of surveyed organizations.
Market Outlook and Budget Realignment
The cybersecurity market is undergoing significant transformation as organizations recognize the limitations of legacy approaches. A concerning 59% of organizations incur what the report terms a "hindsight tax," increasing security budgets only after experiencing a breach. Following security incidents, 61% of organizations prioritize rapid IDV deployment, while 57% focus on implementing multi-factor authentication (MFA) solutions.
The project pipeline suggests an imminent market shift as organizations move beyond "persona-based" protection for executives toward universal, enterprise-wide security execution. This transition represents a fundamental rethinking of identity assurance strategies in response to AI-powered threats that target organizations at every level.
As automated agents increasingly dominate the threat landscape, the HYPR report concludes that identity verification must evolve from a supplementary security measure to a core enterprise standard, integrated throughout organizational processes and accessible to every employee regardless of position or privilege level.
