Blog
/
/
May 18, 2026

AI Insider Threats: How Generative AI is Changing Insider Risk

The blog examines how AI has changed the paradigm of understanding, and dealing with, insider threats. It also explores a defense-in-depth approach and discusses what CISOs and SOC leaders can do to protect their organization from AI insider threats.
Written by
Jason Lusted
AI Governance Advisor
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Jason Lusted
AI Governance Advisor
ai insider threatsDefault blog image
18
May 2026

How generative AI changes insider behavior

AI systems, especially generative platforms such as chatbots, are designed for engagement with humans. They are equipped with extraordinary human-like responses that can both confirm, and inflate, human ideas and ideology; offering an appealing cognitive partnership between machine and human.  When considering this against the threat posed by insiders, the type of diverse engagement offered by AI can greatly increase the speed of an insider event, and can facilitate new attack platforms to carry out insider acts.  

This article offers analysis on how to consider this new paradigm of insider risk, and outlines key governance principles for CISOs, CSOs and SOC managers to manage the threats inherent with AI-powered insider risk.

What is an insider threat?

There are many industry or government definitions of what constitutes insider threat. At its heart, it relates to the harm created when trusted access to sensitive information, assets or personnel is abused with malicious intent, or through negligent activities.  

Traditional methodologies to manage insider threat have relied on two main concepts: assurance of individuals with access to sensitive assets, and a layered defense system to monitor for any breach of vulnerability. This is often done both before, and after access has been granted. In the pre-access state, assurance is gained through security or recruitment checks. Once access is granted, controls such as privileged access, and zero-trust architecture offer defensive layers.

How does AI change the insider threat paradigm?

While these two concepts remain central to the management of insider threats, the introduction of AI offers three key new aspects that will re-shape the paradigm.

AI can act as a cognitive amplifier, influencing and affecting the motivations that can lead to insider-related activity. This is especially relevant for the deliberate insider - someone who is considering an act of insider harm. These individuals can now turn to AI systems to validate their thinking, provide unique insights, and, crucially, offer encouragement to act. With generative systems hard-wired to engage and agree with users, this can turn a helpful AI system into a dangerous AI hype machine for those with harmful insider intent.  

AI can act as an operational enabler. AI can now develop and increase the range of tools needed to carry out insider acts. New social engineering platforms such as vishing and deepfakes give adversaries a new edge to create insider harm. AI can generate solutions and operational platforms at increasing speeds; often without the need for human subject matter expertise to execute the activities. As one bar for advanced AI capabilities continues to be raised, the bar needed to make use of those platforms has become significantly lower.

AI can act as a semi-autonomous insider, particularly when agentic AI systems or non-human identities are provided broad levels of autonomy; creating a vector of insider acts with little-to-no human oversight or control. As AI agents assume many of the orchestration layers once reserved for humans, they do so without some of the restricted permissions that generally bind service accounts. With broad levels of accessibility and authority, these non-human identities (NHIs) can themselves become targets of insider intent.  Commonly, this refers to the increasing risks of prompt injection, poisoning, or other types of embedded bias. In many ways, this mirrors the risks of social engineering traditionally faced by humans. Even without deliberate or malicious efforts to corrupt them, AI systems and AI agents can carry out unintended actions; creating vulnerabilities and opportunities for insider harm.

How to defend against AI-powered insider threats

The increasing attack surfaces created or facilitated by AI is a growing concern.  In Darktrace’s own AI cybersecurity research, the risks introduced, and acknowledged, through the proliferation of AI tools and systems continues to outstrip traditional policies and governance guardrails. 22% of respondents in the survey cited ‘insider misuse aided by generative AI’ as a major threat concern.  And yet, in the same survey, only 37% of all respondents have formal policies in place to manage the safe and responsible use of AI.  This draws a significant and worrying delta between the known risks and threat concerns, and the ability (and resources) to mitigate them.

What can CISOs and SOC leaders do to protect their organization from AI insider threats?  

Given the rapid adaptation, adoption, and scale of AI systems, implementing the right levels of AI governance is non-negotiable. Getting the correct balance between AI-driven productivity gains and careful compliance will lead to long-term benefits. Adapting traditional insider threat structures to account for newer risks posed through the use of AI will be crucial. And understanding the value of AI systems that add to your cybersecurity resilience rather than imperil it will be essential.

For those responsible for the security and protection of their business assets and data holdings, the way AI has changed the paradigm of insider threats can seem daunting.  Adopting strong, and suitable AI governance can become difficult to introduce due to the volume and complexity of systems needed to be monitored. As well as traditional insider threat mitigations such as user monitoring, access controls and active management, the speed and autonomy of some AI systems need different, as well as additional layers of control.  

How Darktrace helps protect against AI-powered insider threats

Darktrace has demonstrated that, through platforms such as our proprietary Cyber AI Analyst, and our latest product Darktrace / SECURE AI, there are ways AI systems can be self-learning, self-critical and resilient to unpredictable AI behavior whilst still offering impressive returns; complementing traditional SOC and CISO strategies to combat insider threat.  

With / SECURE AI, some of the ephemeral risks drawn through AI use can be more easily governed.  Specifically, the ability to monitor conversational prompts (which can both affect AI outputs as well as highlight potential attempts at manipulation of AI; raising early flags of insider intent); the real-time observation of AI usage and development (highlighting potential blind-spots between AI development and deployment); shadow AI detection (surfacing unapproved tools and agents across your IT stack) and; the ability to know which identities (human or non-human) have permission access. All these features build on the existing foundations of strong insider threat management structures.  

How to take a defense-in-depth approach to AI-powered insider threats

Even without these tools, there are four key areas where robust, more effective controls can mitigate AI-powered insider threat.  Each of the below offers a defense-in-depth approach: layering acknowledgement and understanding of an insider vector with controls that can bolster your defenses.  

Identity and access controls

Having a clear understanding of the entities that can access your sensitive information, assets and personnel is the first step in understanding the landscape in which insider harm can occur.  AI has shown that it is not just flesh and bone operators who can administer insider threats; Non-Human Identities (such as agentic AI systems) can operate with autonomy and freedom if they have the right credentials. By treating NHIs in the same way as human operators (rather than helpful machine-based tools), and adding similar mitigation and management controls, you can protect both your business, and your business-based identities from insider-related attention.

Visibility and shadow AI detection

Configuring AI systems carefully, as well as maintaining internal monitoring, can help identify ‘shadow AI’ usage; defined as the use of unsanctioned AI tools within the workplace. The adoption of shadow AI could be the result of deliberate preference, or ‘shortcutting’; where individuals use systems and models they are familiar with, even if unsanctioned. As well as some performance risks inherent with the use of shadow AI (such as data leakage and unwanted actions), it could also be a dangerous precursor for insider-related harm (either through deliberate attempts to subvert regular monitoring, or by opening vulnerabilities through unpatched or unaccredited tooling).

Prompt and Output Guardrails

The ability to introduce guardrails for AI systems offers something of a traditional “perimeter protection” layer in AI defense architecture; checking prompts and outputs against known threat vectors, or insider threat methodologies. Alone, such traditional guardrails offer limited assurance.  But, if tied with behavior-centric threat detection, and an enforcement system that deters both malicious and accidental insider activities, this would offer considerable defense-in-depth containment.  

Forensic logging and incident readiness response

The need for detection, data capture, forensics, and investigation are inherent elements of any good insider threat mitigation strategy. To fully understand the extent or scope of any suspected insider activity (such as understanding if it was deliberate, targeted, or likely to occur again), this rich vein of analysis could prove invaluable.  As the nature of business increasingly turns ephemeral; with assets secured in remote containers, information parsed through temporary or cloud-based architecture, and access nodes distributed beyond the immediate visibility of internal security teams, the development of AI governance through containment, detection, and enforcement will grow ever more important.

Enabling these controls can offer visibility and supervision over some of the often-expressed risks about AI management. With the right kind of data analytics, and with appropriate human oversight for high-risk actions, it can illuminate the core concerns expressed through a new paradigm of AI-powered insider threats by:

  • Ensuring deliberately mis-configured AI systems are exposed through regular monitoring.
  • Highlighting changes in systems-based activity that might indicate harmful insider actions; whether malicious or accidental.
  • Promoting a secure-by-design process that discourages and deters insider-related ambitions.
  • Ensuring the control plane for identity-based access spans humans, NHIs and AI models, and:
  • Offering positive containment strategies that will help curate the extent of AI control, and minimize unwanted activities.

Why insider threat remains a human challenge

At its root, and however it has been configured, AI is still an algorithmic tool; something designed to automate, process and manage computational functions at machine speed, and boost productivity.  Even with the best cybersecurity defenses in place, the success of an insider threat management program will still depend on the ability of human operators to identify, triage, and manage the insider threat attack surface.  

AI governance policies, human-in-the-loop break points, and automated monitoring functions will not guard against acts of insider harm unless there is intention to manage this proactively, and through a strong culture of how to guard against abuses of trust and responsibility.

[related-resource]

Understand how to secure AI tools

Discover how to identify AI-driven risks, so you can establish AI governance frameworks and controls that secure innovation

Written by
Jason Lusted
AI Governance Advisor
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Jason Lusted
AI Governance Advisor

When Open Source Is Weaponized: Analysis of a Trojanized 7 Zip Installer

Network
May 19, 2026
Justin Torres
Cyber Analyst
Watch the NIS2 Webinar
Trending blogs
1
Darktrace Recognized as the Only Visionary in the 2026 Gartner® Magic Quadrant™ for CPS Protection Platforms
Mar 20, 2026
2
How Empowering End Users can Improve Your Email Security and Decrease the Burden on the SOC
May 8, 2024
3
Elevating Network Security: Confronting Trust, Ransomware, & Novel Attacks
Jun 21, 2024
4
The State of AI in Cybersecurity: Unveiling Global Insights from 1,800 Security Practitioners
Apr 9, 2024
5
The State of AI in Cybersecurity: The Impact of AI on Cybersecurity Solutions
May 13, 2024

More in this series

No items found.
Continue reading
No items found.

Blog

/

Proactive Security

/

June 3, 2026

Stopping Stealth Attacks with Precision: How Núclea Prevented a Breach Without Disruption

Default blog imageDefault blog image

Núclea is a Brazilian data and technology company that supports the country’s financial system by delivering digital services exclusively to banks and financial institutions. Operating in an environment where trust, availability, and data integrity are critical, the company faces a threat landscape that has evolved rapidly—particularly with the rise of AI-driven cyberattacks.

Brazil has experienced a wave of successful cyber incidents targeting financial institutions, many of them enabled by insiders or compromised credentials. The result was a noticeable shift in attacker strategy: instead of focusing on end customers, threat actors began targeting the institutions and platforms that underpin the financial ecosystem itself.

“Attacks became far more directed and contextual,” explains Guilherme, who leads incident response within Núclea’s security platform engineering team. “They weren’t noisy or obviously malicious—they were precise, patient, and designed to blend into normal operations.”

That precision was on full display in January 2026, when Núclea faced one of the most convincing phishing attacks the team had seen.

A real attack, built on trust and context

The attack began with a seemingly routine email.

It was sent from a real Brazilian government institution, using legitimate infrastructure and valid credentials that were later confirmed to have been compromised. Núclea had an established, ongoing relationship with this organization, and the email’s language, tone, and subject matter aligned perfectly with the type of communication the recipient team handled every day.

Attached to the email was a PDF document containing content that looked entirely legitimate.

The problem? A single URL embedded inside that PDF.

“The message itself was correct. The sender was real. The context was familiar. Even the document content made sense,” Guilherme explains. “There was just one small element that didn’t belong.”

That small detail was enough to initiate a full attack chain.

What the attackers were trying to do

If clicked, the URL would have downloaded a malicious payload designed to:

  • Collect information about the user and device
  • Identify where the system was located within the financial ecosystem
  • Install remote access tools to maintain control
  • Deploy an infostealer to extract sensitive data
  • Execute anti-forensic scripts to erase traces of the intrusion

In other words, it was a carefully engineered operation designed for persistence and stealth, not immediate disruption.

The attack also employed urgency—a classic social engineering technique. When the link didn’t open as expected, employees requested assistance from the security team, insisting the document was important and needed to be accessed quickly.

This is precisely the kind of scenario where traditional security tools struggle: almost everything about the interaction is legitimate.

Where Darktrace made the difference

Instead of blocking the entire message or relying on known indicators of compromise, Darktrace focused on behavioral context.

Darktrace recognized:

  • That the sending organization was normally trusted
  • That the communication pattern matched historical behavior
  • That the PDF content itself was not suspicious

But it also identified that the URL embedded within the document deviated from established behavioral patterns.

Rather than disrupting business operations, Darktrace took precise action: it rewrote the URL, preventing the malicious download while leaving the rest of the email untouched.

“When we analyzed it afterward, it became clear how dangerous the attack would have been,” says Guilherme. “But it never progressed—because Darktrace acted at exactly the right point.”

Subsequent forensic analysis confirmed the payload’s malicious intent. The attack never succeeded.

Precision over disruption

For Núclea, this incident reinforced a critical lesson: modern attacks don’t always look malicious—they hide within normal activity.

“What stands out to me is the precision,” Guilherme says. “Darktrace doesn’t rely on big, obvious signals. It’s effective in situations that fall outside the standard patterns we all know.”

Building resilience in a high trust ecosystem

For Núclea, cybersecurity is not just a defensive measure—it’s a business enabler.

Availability failures or successful breaches in the financial ecosystem can have immediate, large-scale consequences, from financial loss to reputational damage. Preventing those outcomes protects not just Núclea, but its partners and customers as well.

“Cyber resilience means keeping the business running—even under attack,” Guilherme explains. “And that requires people, processes, and technology working together.”

As AI continues to accelerate both attacks and defenses, the role of security is evolving. Precision, behavioral understanding, and intelligent automation are no longer optional—they’re essential.

“The easy days were yesterday,” Guilherme says. “The challenges ahead are bigger. We need to be prepared—internally and with partners that help us build resilience.”

Continue reading
About the author

Blog

/

Proactive Security

/

June 1, 2026

Defend What You Trust: Stories from the Front Lines of Modern Cyber Defense

Default blog imageDefault blog image

Modern attacks don’t always announce themselves, follow obvious patterns, or rely on known malware. Often, they move quietly inside trusted systems, authenticated sessions, and everyday behavior.

They don’t break in. They blend in.

That’s why an AI-powered defense is essential. It turns invisible signals into actionable insights at a scale neither analysts nor traditional tools can achieve alone.

Confidence is creating risk

One of the most dangerous assumptions in cybersecurity today is that strong controls equal strong protection.

Multi-factor authentication (MFA), for example, is widely viewed as a foundational safeguard. But as the CISO for a professional sports organization explains, that confidence can be misplaced. “A lot of organizations assume that once you have MFA, those accounts are safe. That’s not true.”

In one instance, his team identified a sophisticated attack where a threat actor bypassed MFA entirely, not by breaking it, but by going around it. A user’s authenticated session was hijacked and re-used, allowing the attacker to impersonate them without triggering traditional controls.

“Darktrace picked up that a session had been re-injected by the hacker, and we were able to block it right away,” he explains.

Attackers anticipate what we miss

Even well-trained users can become entry points.

“An email bypassed our existing security tools,” shares the VP of IT at a U.S.-based risk management services provider.  “The user missed one signal and entered their credentials into a malicious site. That’s what the bad guys count on.”

The organization responded quickly, but not before damage was done. Crucially, this occurred while Darktrace was in “watch mode,” before autonomous response was fully enabled. “Darktrace would have seen that and shut it down immediately,” he notes.

Mistakes and oversights like misconfigurations, forgotten machines, and missed patches can create serious vulnerabilities.

The CIO of a utility services organization shares an instance when Darktrace detected a breach to a client’s network via their ZTNA VPN due to misconfigured MFA. “Darktrace alerted us and autonomously blocked the scanning, preventing what could have been a ransomware-type incident.”  

The most dangerous threats are already inside

The Head of Security at a global business services provider knows firsthand how blind spots can persist inside environments. His team uncovered evidence of dormant ransomware artifacts sitting unnoticed within a company’s environment ¬¬– long before modern detection was in place.

“During a routine file transfer, Darktrace flagged the suspicious activity, identified the ransomware, and immediately quarantined the server,” he recalls.  While the attack was never executed, the implication was significant: the risk existed long before it was finally detected.

Cyber threats are also successful because they take advantage of normal human behavior, exploiting moments of cognitive overload, urgency, and trust.

The Executive Director of IT and Business Applications at a pharmaceutical lab describes the time Darktrace flagged an employee logging into Microsoft 365 from Singapore, despite him being physically located in the U.S. Darktrace immediately cut off his access and within minutes revealed that the employee’s son was using a VPN to play a video game.

While the threat was benign, it demonstrated the strength of AI to use contextual information to detect threats other tools miss. The information also saved security analysts hours of investigation and minimized downtime for the employee. “That level of precision and speed isn’t just convenient, it’s game changing.”

“Unusual” behavior is the new red flag

Detecting modern threats requires an understanding of what “normal” looks like and recognizing when something subtly deviates.

One security leader  at an AI technology enterprise described a scenario in which an employee connected to a proxy service in China. The service itself was legitimate, and although traditional tools didn’t flag it, the behavior was unusual for that user specifically.

“That’s what Darktrace picked up on. The activity turned out to be benign, but without visibility into behavioral deviations, it could just as easily have been something more serious.”

AI shifts defense from reaction to anticipation

These stories point to a fundamental shift by cyber attackers, both tactically and strategically. Because traditional security tools were built to detect what’s already known, modern attacks are often:

  • Credential-based, not malware-based
  • Behavioral, not signature-based
  • Subtle, not overt

They may operate within the boundaries of what appears normal, exploiting what organizations trust, not what they block:

  • Trusted sessions
  • Legitimate services
  • Human error

This is where AI is changing the equation. Rather than relying on predefined rules or known threat signatures, AI can:

  • Establish a baseline of normal behavior
  • Detect subtle anomalies in real time
  • Act autonomously to contain potential threats

Resilience, not perfection, is the new security standard

As these frontline experiences show, the organizations that lead are those that move beyond reactive defense and embrace AI as a core part of their strategy.

It eliminates the blind spots and uncertainty, says the CISO of a professional sports organization. “If you lack visibility, you’re not managing risk, you’re assuming it. AI gives you the actionable insights needed to turn uncertainty into control.”

And it provides the speed and agility that are vital when seconds matter, says the Executive Director of IT and Business Applications. “When Darktrace alerted us at 3:00 am to a ransomware attack, it had already quarantined the affected systems, blocked the attacker’s access, and provided us with the critical details and time needed to investigate. That action likely saved us hundreds of thousands, if not millions, of dollars.”

The modern SOC has become a cornerstone of enterprise resilience, responsible for protecting data and operational continuity while enabling digital growth and innovation. For today’s security professional, that means success is no longer measured by what they keep out, but by what they protect: revenue, reputation, and trust.

Continue reading
About the author
Your data. Our AI.
Elevate your network security with Darktrace AI