“Cybersecurity teams need to expand their programs beyond traditional software protections by mapping new attack surfaces introduced by GenAI models or agentic tools,” said Watts. “Using Gartner’s trust and risk in security management (TRiSM) framework allows cybersecurity teams to know where to embed AI-specific threat mitigations directly into the AI application development process.”

Securing an AI application does not always mean starting from scratch. There are many AI security startups that offer broader and deeper capabilities as organizations mature and need more security around their use of AI. To address this threat, CISOs should apply secure development life cycle and threat modeling best practices to AI applications. They should also strengthen data security by improving data classification, adopt purpose-based access control (PBAC) and implement runtime monitoring.

Identity Impersonation Using Deepfakes

The advent of GenAI has dramatically increased the volume, fidelity and accessibility of deepfake creation across voice, video, and images, both as pre-recorded artifacts or generated in real-time. This has expanded the opportunity for attackers to impersonate identities across a range of attack surfaces. Deepfakes can be used to attack biometric authentication processes, can be combined with social engineering in real-time attacks on employees and can be used to subvert recruitment processes.

“Attacker use of deepfakes continues to advance and is now commonplace to make fraud and phishing scams difficult to detect,” said Watts. “There is no one cybersecurity control that will protect you. Instead organizations should use a combination of strengthening business processes, improving awareness, and deploying available deepfake detection technologies where possible.”

As a result, cybersecurity teams must look beyond deepfake detection and strengthen controls to protect the integrity of real‑time communications, as well as biometric authentication and verification processes by considering the following:

• Build a robust mitigation strategy by recognizing that deepfake detection alone is not sufficient to detect and prevent deepfake identity impersonation attacks. Instead focus on layers of controls that will vary by use case.
• Protect biometric identity verification by focusing on presentation and injection attack detection in addition to contextual signals.
• Secure online meetings by implementing conditional access policies to enforce strong authentication for call participants and analysis of call metadata.

Software Supply Chain Threats

“The evolution of GenAI offerings will only accelerate the trend of software supply chain attacks through vulnerabilities in open source software,” said Watts. “Organizations must work towards trusted component registries, hardening their CI/CD pipelines and building strong operational anomaly detection and response capabilities.”

Cybersecurity teams should build comprehensive inventories of software assets while integrating strong controls at every stage of development. These measures help defend against emerging threats that target both traditional applications and modern AI-powered pipelines. With this in mind, CISOs should:

• Require SBOMs (and AIBOMs) from all vendors; assess every component for risk using tools with up-to-date threat intelligence before deployment.
• Use curated repositories for third-party code, container images and AI models; enforce branch protection on code repositories.
• Sign artifacts during builds; implement least-privilege access controls on build systems; continuously monitor runtime activity by agentic tools.

Prompt Injection

Prompt injection is a cybersecurity threat targeting AI systems, especially those using large language models (LLMs). Attackers manipulate prompts to alter the model’s behavior, causing it to leak sensitive information, perform unauthorized actions, or bypass controls. As organizations increasingly adopt GenAI, the risk of prompt injection expands, making it a critical issue for cybersecurity teams.

To effectively counter prompt injection threats, cybersecurity teams should implement a layered mitigation strategy. This involves AI security testing to proactively identify vulnerabilities, establishing strong system prompts to guide AI behavior, and deploying AI runtime guardrails that monitor for and block suspicious activity. Key actions for CISOs include:

• Implement input validation and sanitization to filter out potentially malicious prompts.
• Establish monitoring and alerting for abnormal AI behavior that may indicate successful prompt injection.
• Integrate prompt injection testing into the AI system development lifecycle.
• Leverage the outcomes of the testing to improve runtime controls.