Exabeam has released its multinational report, From Human to Hybrid: How AI and the Analytics Gap Are Fueling Insider Risk. Drawing on insights from 1,010 cybersecurity professionals across multiple sectors, the study finds that insider threats have now surpassed external attacks as the leading security concern, with AI driving the acceleration.
According to the From Human to Hybrid study, 64% of respondents now view insiders, whether malicious or compromised, as a greater risk than external actors. Generative AI (GenAI) is a major driver, making attacks faster, stealthier, and more difficult to detect.
“Insiders aren’t just people anymore,” said Steve Wilson, Chief AI and Product Officer at Exabeam. “They’re AI agents logging in with valid credentials, spoofing trusted voices, and making moves at machine speed. The question isn’t just who has access — it’s whether you can spot when that access is being abused.”
Insider Threat Growth Shows No Signs of Slowing
Insider activity is intensifying across industries, driven by both malicious intent and accidental compromise. Over the past year, more than half of organizations (53%) have seen a measurable increase in insider incidents, and the majority (54%) expect that growth to continue. Government organizations are bracing for the steepest rise (73%), followed by manufacturing (60%) and healthcare (53%), fueled by expanding access to sensitive systems and data.
This surge is not uniform; risk trajectories vary sharply by geography and sector. Asia-Pacific and Japan lead in projected insider threat growth (69%), reflecting heightened awareness of identity-driven attacks. The Middle East stands apart, with nearly one-third (30%) anticipating a decrease, a signal of either stronger confidence in current defenses or a potential underestimation of evolving risks. These contrasts underscore the complexity of the insider threat landscape and the need for defense strategies that align with regional realities.
AI is Powering Faster, Smarter, and Stealthier Insider Attacks
AI has become a force multiplier for insider threats, enabling actors to operate with unprecedented efficiency and subtlety. Two of the top three current insider threat vectors are now AI-related, with AI-enhanced phishing and social engineering emerging as the most concerning tactics (27%). These attacks can adapt in real time, mimic legitimate communications, and exploit trust at a scale and speed human adversaries cannot match.
Unauthorized GenAI use compounds the challenge, creating a dual-risk scenario where the same tools meant to boost productivity can be repurposed for malicious activity. More than three-quarters of organizations (76%) report some level of unapproved usage, with those in technology (40%), financial services (32%), and government (38%) experiencing the highest rates. Regional variations are telling, in the Middle East, unauthorized GenAI is the top insider concern (31%), reflecting both rapid AI adoption and the governance gaps that can follow. Globally, the convergence of insider access and AI capabilities is producing threats that evade traditional controls and demand more advanced behavioral detection.
Most Insider Threat Programs Still Miss the Mark on Detection
While 88% of organizations say they have insider threat programs, most lack the behavioral analytics needed to catch abnormal activity early. Just 44% use user and entity behavior analytics (UEBA), the foundational capability for insider threat detection. Many continue to rely on identity and access management, security training, DLP, and EDR, tools that provide visibility but not the behavioral context necessary to spot subtle or emerging risks.
AI adoption is widespread, with 97% of organizations using some form of AI in their insider threat tooling, yet governance and operational readiness lag far behind. More than half of executives believe AI tools are fully deployed, but managers and analysts say many are still in pilot or evaluation stages. Compounding the challenge, security teams face persistent barriers: privacy resistance, fragmented tools, and difficulty interpreting user intent remain major blind spots.
“AI has added a layer of speed and subtlety to insider activity that traditional defenses weren’t built to detect,” said Kevin Kirkwood, CISO, Exabeam. “Security teams are deploying AI to detect these evolving threats, but without strong governance or clear oversight, it’s a race they’re struggling to win. This paradigm shift requires a fundamentally new approach to insider threat defense.”
Closing the Insider Threat Gap
As insider threats accelerate, driven by AI, identity misuse, and a lack of behavioral visibility, organizations that succeed will be those that align leadership priorities with operational reality. Progress will come from moving beyond surface-level compliance to approaches that focus on context, accurately distinguish between human and AI-driven activity, and foster collaboration across teams to close visibility gaps.
Bridging this divide requires more than policy changes. It demands leadership engagement, cross-functional cooperation, and governance models that keep pace with the speed of AI adoption. Success will be defined by the ability to shorten detection and response times, reduce the window of opportunity for insider activity, and adapt strategies as threats evolve.
To access the full report, From Human to Hybrid: How AI and the Analytics Gap Are Fueling Insider Risk, visit the website here.
Related News:
Exabeam Nova Launches First Cybersecurity Strategy Agent for SOC Leaders
18 Artificial Intelligence Predictions for 2024
Methodology
This report is based on research conducted by Sapio Research on behalf of Exabeam during June and July 2025. The survey represents a global audience of 1,010 cybersecurity professionals, including analysts, security team leads, and executive decision-makers across key sectors such as technology, financial services, manufacturing, healthcare, retail, and government. Respondents were required to either work directly in a cybersecurity function or be responsible for managing security teams.
The organizations represented varied in size, with a significant portion of participants coming from large enterprises with 500+ employees.
