By 2027, AI agents will reduce the time it takes to exploit account exposures by 50%, according to Gartner, Inc.

"Account takeover (ATO) remains a persistent attack vector because weak authentication credentials, such as passwords, are gathered by a variety of means, including data breaches, phishing, social engineering and malware," said Jeremy D'Hoinne, VP Analyst at Gartner. "Attackers then leverage bots to automate a barrage of login attempts across a variety of services in the hope that the credentials have been reused on multiple platforms."

AI agents will enable automation for more steps in ATO, from social engineering based on deepfake voices, to end-to-end automation of user credential abuses.