A comprehensive, security‑focused programme for identity, security, and risk teams.
Identity‑based attacks—compromised credentials, session hijacking, MFA bypass, insider misuse—are now the primary vector for enterprise breaches. AI amplifies these threats through automation, deepfakes, and credential‑stuffing at scale. At the same time, AI‑driven identity analytics can detect anomalies far faster than human analysts.
Audience:
SOC analysts, IAM teams, cybersecurity engineers, cloud security teams, threat hunters, risk managers, compliance officers, and leadership.
Duration:
4 hours (or 2 × 2‑hour sessions)
Learning Outcomes:
Participants will be able to:
Understand how AI enables identity‑based attacks.
Detect identity anomalies across endpoints, cloud, and hybrid environments.
Apply AI‑driven identity analytics and behavioural baselining.
Integrate AI into IAM, SOC, and incident response workflows.
Govern identity‑detection models responsibly and ethically.
Strengthen enterprise identity resilience.
Four modules progress from threat landscape to detection capabilities to governance and operationalisation.
This module explains how adversaries use AI to compromise identities and bypass traditional controls.
Key Topics
AI‑driven credential‑stuffing and password spraying
Automated reconnaissance of identity stores
Deepfake voice/video for social engineering and MFA bypass
AI‑generated phishing targeting identity credentials
Session hijacking and token theft
Synthetic identities used for onboarding or access
AI‑assisted privilege escalation and lateral movement
Enterprise Examples
Deepfake CEO voice requesting urgent access changes
AI‑generated phishing emails stealing MFA tokens
Automated bots testing millions of credentials
AI‑driven discovery of misconfigured identity roles
Synthetic identities bypassing onboarding checks
Learning Activities
Analyse an AI‑generated identity‑phishing attack
Map identity‑centric AI threats to MITRE ATT&CK
Group discussion: “Which identity surfaces in our organisation are most exposed?”
Take‑Home Actions
Review identity hygiene and MFA enforcement
Strengthen verification for privileged access requests
Update staff training to include AI‑enabled identity fraud
This module focuses on how AI enhances detection of identity misuse and anomalies.
Core Detection Capabilities
User and Entity Behaviour Analytics (UEBA)
Machine‑learning anomaly detection for identity events
Impossible travel and geo‑velocity analysis
Privilege misuse detection
Session anomaly detection (token theft, session hijacking)
Identity‑based lateral movement detection
Cloud identity analytics (IAM role misuse, API anomalies)
Enterprise Use Cases
Detecting compromised accounts through behavioural deviation
Identifying anomalous MFA patterns
Flagging suspicious privilege escalations
Spotting unusual API calls in cloud environments
Detecting insider threats through identity misuse
Learning Activities
Explore a sample identity‑analytics dashboard
Walk through an AI‑flagged identity anomaly investigation
Group challenge: Map AI tools to identity detection gaps
Take‑Home Actions
Review identity telemetry coverage
Identify gaps in behavioural analytics
Strengthen integration between IAM, SIEM, and EDR
This module ensures AI‑based identity detection systems meet regulatory, ethical, and operational standards.
Governance Principles
Accountability: humans remain responsible for identity decisions
Explainability: identity‑risk scores must be interpretable
Fairness: avoid biased detection against specific user groups
Privacy: ensure identity data is handled lawfully
Security: protect models from poisoning or evasion
Auditability: maintain logs for investigations and regulators
Regulatory Considerations
Data protection and privacy obligations
Sector‑specific identity and access regulations
AI governance frameworks
Model risk management
Incident reporting requirements
Enterprise Risks
False positives locking out legitimate users
False negatives due to model drift
Poor identity data quality reducing detection accuracy
Over‑reliance on automated identity decisions
Lack of transparency in identity‑risk scoring
Learning Activities
Evaluate an identity‑detection policy for gaps
Conduct a model risk assessment exercise
Scenario: Respond to a regulator requesting identity‑model explainability
Take‑Home Actions
Add identity‑detection models to risk registers
Review model governance documentation
Strengthen human‑in‑the‑loop controls for identity decisions
This module focuses on integrating AI into real‑world identity security operations.
Integration Priorities
AI‑assisted triage of identity alerts
Automated enrichment of identity events
Identity threat hunting with ML‑generated hypotheses
AI‑supported SOAR playbooks for identity incidents
Continuous model tuning and feedback loops
Cross‑team collaboration (IAM, SOC, cloud, HR, risk)
Operational Controls
Strong MFA and adaptive authentication
Privileged access monitoring
Identity lifecycle management
Cloud IAM posture management
Zero Trust identity principles
Incident response automation
Enterprise Scenarios
AI flags anomalous admin behaviour
AI detects unusual privilege escalation
AI identifies a compromised service account
AI correlates multiple identity anomalies into a high‑risk incident
Learning Activities
Tabletop exercise: AI‑assisted identity incident response
Build a detection‑to‑response workflow using AI insights
Action planning: Strengthen identity security maturity with AI
Take‑Home Actions
Update identity incident response playbooks
Conduct regular AI‑driven identity threat simulations
Improve identity telemetry quality and coverage
A structured assessment reinforces enterprise‑level competence.
15 multiple‑choice questions
3 scenario‑based questions
Group reflection on identity detection gaps
Full attendance
Active participation
Completion of assessment
This training aims to:
Strengthen identity threat detection maturity
Reduce account compromise and lateral movement
Improve SOC efficiency and accuracy
Support compliance with regulatory expectations
Build a culture of identity‑centric security vigilance
Improve resilience against AI‑enabled identity attacks