A warning has been issued that AI agents will automate logins through bots that collect passwords in various ways and reduce user account hijacking times by 50% by 2027.

Global research firm Gartner warned of the severity of account takeovers (ATOs) and social engineering attacks due to the advancement of AI technology, and emphasized the importance of preparing security countermeasures.

According to Gartner, AI agents are expected to reduce the time it takes to take over accounts by 50% by 2027.

“Hackers who obtain passwords through data breaches, phishing, malware, etc. exploit the fact that users reuse the same passwords across multiple sites,” said Jeremy D'Hoinne, VP analyst at Gartner.

AI agents are streamlining the entire process of stealing user credentials, leveraging automated bots and deepfake technology, increasing the risk of account hijacking.

Vendors are introducing web, application, and API security products that detect and monitor interactions involving AI agents.

In particular, reducing password dependency and improving authentication methods by introducing mandatory multi-factor authentication (MFA) is emerging as an important task.

Social engineering attacks are also emerging as a serious threat. Gartner predicts that by 2028, 40% of these attacks will target a wider range of targets. The combination of fake reality technology using deepfakes and social engineering attacks is making the attacks more sophisticated. This makes attack detection more difficult and threatens the security of real-time video and voice communication platforms.

“Companies need to improve internal procedures and workflows and educate employees on social engineering attacks to protect against attacks leveraging counterfeit reality technology,” said Manuel Acosta, senior director analyst at Gartner.

In addition to the development of attack detection technology, specialized training utilizing it is indicated as a key measure.

Akif Khan, VP analyst at Gartner, said, “To strengthen user account security, we must encourage the transition from passwords to multi-device passkeys,” and pointed out the need for education and incentives related to authentication options.

Security leaders also said they need to closely analyze the threats posed by AI technology and prepare response strategies.

Gartner presents major security threats and countermeasures related to AI in its report, “Navigating the Impending AI Turbulence for Cybersecurity: 2025 Forecast.” This report is expected to be used as a guide for cybersecurity innovation.