Identity Became the New Perimeter
How Cybersecurity Changed in 2026, part III
Key takeaways
In a rush? Here are the key takeaways, which you can scan now and then come back to later.
The traditional network perimeter has continued to decline as cloud computing, SaaS platforms and hybrid working have become the norm.
AI-enabled social engineering has significantly increased the scale and sophistication of identity-based attacks.
Multi-factor authentication remains essential but is no longer sufficient on its own to defend against modern adversaries.
Continuous identity verification and behavioural analysis are becoming central components of enterprise security strategies.
Machine identities, service accounts and autonomous AI agents are rapidly expanding organisational attack surfaces.
In 2026, the organisations best positioned to defend themselves are those that treat identity as the foundation of cybersecurity rather than simply another access management function.
For decades, cybersecurity strategy revolved around a relatively simple idea: keep attackers outside the network. Firewalls, intrusion detection systems and virtual private networks formed a defensive boundary between trusted internal systems and an untrusted internet. Although no organisation ever relied entirely upon perimeter security, much of the industry’s thinking assumed that once a user or device crossed that boundary, it could generally be trusted.
That assumption has been eroding for years. Cloud computing, software-as-a-service platforms, remote working and mobile devices steadily weakened the concept of a clearly defined corporate network. By 2026, however, another force has accelerated that transition. Artificial intelligence has dramatically improved the speed, scale and sophistication with which attackers can impersonate legitimate users.
Modern cybercriminals increasingly recognise that they no longer need to exploit software vulnerabilities to achieve their objectives. If they can steal, manipulate or convincingly imitate a trusted identity, many traditional technical controls become irrelevant.
As a result, identity has become the primary battleground of cybersecurity. The question organisations increasingly ask is no longer, “can an attacker reach our systems?”, but rather, “Can we trust the identity attempting to use them?”
The Decline of the Traditional Perimeter
The traditional enterprise network has gradually disappeared. Employees routinely access business applications from home networks, customer sites and public internet connections. Corporate data resides across multiple cloud providers and SaaS platforms rather than within a single datacentre. Contractors, suppliers and partners require varying levels of access to internal resources, while employees increasingly use personal devices alongside corporate-managed hardware.
These developments have created considerable business flexibility, but they have also undermined the effectiveness of perimeter-based security. Blocking malicious traffic entering a corporate network provides little protection when the applications employees depend upon are hosted externally and accessed directly over the internet. Likewise, preventing unauthorised access to office networks does little to stop attackers who successfully authenticate using stolen credentials.
Security has therefore become progressively less concerned with where users are connecting from and increasingly focused on who—or what—is attempting to connect. That is why it’s our belief that identity has replaced location as the principal measure of trust.
Attackers Have Become Better at Pretending to Be You
Credential theft has existed almost as long as computer networks themselves. What has changed is the sophistication with which attackers now obtain and exploit trusted identities.
Generative AI has transformed social engineering. Criminal groups can produce highly convincing phishing emails tailored to specific individuals, organisations or ongoing business projects. Language models eliminate many of the grammatical mistakes and awkward phrasing that once made phishing campaigns relatively easy to recognise.
The evolution extends well beyond email. Voice synthesis technologies allow attackers to imitate executives during telephone conversations. Deepfake video enables convincing impersonation during online meetings. Publicly available information harvested from social media, professional networking platforms and corporate websites provides AI systems with sufficient context to generate remarkably persuasive communications.
None of these techniques guarantee success individually. Together, however, they substantially reduce the effort required to conduct targeted attacks at scale. Business email compromise campaigns increasingly resemble genuine commercial correspondence. Fraudulent requests for payments, credential verification or document approval are often supported by realistic writing styles and contextual awareness that would previously have required extensive manual preparation.
The result is that identity attacks are becoming more difficult to distinguish from legitimate business activity.
Why Multi-Factor Authentication Is No Longer the Finish Line
For many organisations, deploying multi-factor authentication represented a significant security milestone. MFA remains one of the most effective defences against password-based compromise and continues to prevent large numbers of opportunistic attacks. However, by 2026 it is increasingly recognised as a necessary baseline rather than a comprehensive solution.
OF course, the attackers have adapted. Adversary-in-the-middle frameworks intercept authentication sessions in real time, capturing session tokens after successful authentication. Rather than stealing passwords, criminals increasingly steal authenticated sessions themselves.
Similarly, phishing kits have become capable of proxying legitimate authentication pages, enabling victims to complete MFA challenges while unknowingly granting attackers access. Attackers are also exploiting weaknesses in authentication recovery processes, abusing trusted devices, targeting authentication fatigue and compromising browser sessions through malware.
The implication is clear. Authenticating successfully at the beginning of a session no longer guarantees that the individual using the account remains trustworthy throughout its lifetime. Security, therefore, increasingly treats authentication as a continuous process rather than a single event.
Continuous Trust Replaces One-Time Verification
One of the defining cybersecurity trends of 2026 is the growing emphasis on continuous identity validation. Rather than assuming trust after successful login, organisations increasingly evaluate behaviour throughout a user’s interaction with corporate systems.
Modern identity platforms consider factors such as device health, geographic location, access patterns, application usage, typing behaviour and historical activity when determining whether additional verification is required.
An employee accessing familiar systems from a managed device during normal working hours may experience minimal friction. The same individual attempting privileged administrative actions from an unfamiliar device halfway around the world may trigger additional authentication requirements or automated investigation.
Importantly, these decisions increasingly occur dynamically. Trust is no longer granted indefinitely. It is recalculated continuously. This approach aligns closely with Zero Trust architecture, which assumes that no user, device or application should receive implicit trust simply because it has already been authenticated. The objective is not to make access more difficult but to ensure that trust accurately reflects current risk.
Machine Identities Are Expanding the Attack Surface
Human users are no longer the only identities organisations must protect. Cloud-native environments rely heavily upon machine identities. Applications authenticate to databases, APIs communicate with cloud services, containers request secrets and automated workflows exchange credentials continuously.
Many enterprise environments now contain significantly more machine identities than human users. This growth presents both operational and security challenges.
Machine credentials often possess elevated privileges, operate continuously and receive less scrutiny than employee accounts. Misconfigured service accounts, exposed API keys and unmanaged certificates have become attractive targets for attackers seeking persistent access.
Artificial intelligence compounds the issue by accelerating software development and increasing the number of automated services deployed within enterprise environments. Identity security therefore extends beyond employees.
Organisations increasingly require comprehensive governance for human identities, workloads, applications and autonomous AI agents alike. The perimeter is no longer defined by physical infrastructure but by every identity capable of accessing digital resources.
Identity Is Becoming a Shared Responsibility
Protecting identities is no longer the exclusive responsibility of identity and access management teams.
Application developers influence authentication design. Infrastructure engineers manage workload identities. Security operations teams monitor behavioural anomalies. Risk managers define governance policies. Executive leadership determines acceptable levels of organisational risk.
Artificial intelligence has strengthened these relationships rather than simplifying them. AI systems increasingly consume sensitive information, perform privileged operations and interact with enterprise applications on behalf of users. Determining what an AI agent should be permitted to access has become an identity management question as much as an AI governance issue.
Consequently, identity security is evolving into an organisation-wide discipline. Successful organisations increasingly integrate identity governance into software development, procurement, cloud architecture and business operations rather than treating it as a standalone technical function.
Trust Is the New Security Boundary
The defining characteristic of cybersecurity in 2026 is not the disappearance of networks but the changing nature of trust.
Organisations continue to deploy firewalls, endpoint protection and network monitoring. These technologies remain essential components of modern security architectures. What has changed is their relative importance. Increasingly, the most damaging cyber incidents begin with trusted identities rather than exploited infrastructure.
Attackers authenticate legitimately using stolen credentials. They inherit existing permissions, blend into normal business activity and exploit trust that has already been granted. Defending against these attacks requires organisations to rethink long-standing assumptions.
Identity must be monitored continuously rather than verified once. Trust must be earned repeatedly rather than assumed indefinitely. Security controls must evaluate behaviour alongside authentication.
This represents a significant philosophical shift. For many years, cybersecurity concentrated on preventing attackers from entering organisational environments. Today, organisations increasingly accept that access attempts will occur continuously and that the critical challenge lies in determining whether each request deserves trust.
Identity has become the new perimeter because trust itself has become the primary security control.
Further Reading
NIST, Zero Trust Architecture (SP 800-207)
CISA, Identity and Access Management Guidance
Google Cloud: Mandiant, M-Trends 2026
Verizon. 2026 Data Breach Investigations Report
#249: Vibe Coding Changed the Security Perimeter
The software development industry has spent decades refining the relationship between developers and security teams. Secure development lifecycles, code reviews, static analysis tools and penetration testing all evolved around a central assumption: humans write software, and security professionals evaluate what those humans produce.
#250: Security Became Autonomous
The first generation of security automation promised to eliminate repetitive work. Security orchestration, automated playbooks and machine learning-assisted detection all aimed to help analysts process larger volumes of alerts without increasing headcount. For much of the past decade, however, these systems remained firmly under human control. They coul…







So "identity" is the new perimeter.
Not gonna work, folks. You need to learn that you HAVE NO PERIMETER.
Especially when agents themselves can do whatever the hell their probabilistic natures demand they do, whatever their "identity" or "monitoring". And they can be manipulated the same way - by merely altering a word or even a symbol.
You need to read the AI academic papers.