Skip to content

AI Security Fails in Practice at Implementation Stage

The Point: German companies neglect implementation of AI security measures while attackers already operate via identities and access paths instead of classic gateway attacks.

German companies acknowledge the risks of AI-driven attacks but do not implement countermeasures systematically. A critical gap emerges particularly in Microsoft 365 environments: attackers focus on access paths and identities, while companies concentrate their defences primarily at the email level.

The current problem does not lie in the availability of security technology, but in its actual deployment. German organisations have recognised that AI models can serve as an attack vector – for example, to automate attacks or generate deceptively authentic phishing content. However, this recognition does not lead to a prioritised security strategy against it.

The threat landscape has fundamentally shifted: attackers think in terms of access chains and identity models, not in individual entry points. They target accounts, escalate privileges and move laterally through the infrastructure. This pattern is particularly pronounced in Microsoft 365 environments, as central identities and collaboration platforms converge here. Companies, however, often locate their risks only at classic control points such as email gateways – a defence strategy that does not meet the modern attack approach.

The discrepancy between technical understanding and practical risk mitigation requires a reassessment of priorities in the security budget and a reorientation towards identity-based and access governance models.


Source: www.security-insider.de · Published 7 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: