India’s cyber threat landscape is expected to shift further toward identity-led attacks in 2026, with password-based controls increasingly ineffective against AI-assisted intrusion techniques, according to findings highlighted in Seqrite’s India Cyber Threat Report 2026. The report frames “identity as the new perimeter,” warning that attackers are moving away from conventional malware-heavy approaches and toward methods that exploit authentication and access mechanisms in cloud and hybrid environments.

A key forecast is the increased weaponization of OAuth tokens to compromise cloud identities. The report suggests this enables lateral movement across hybrid environments while avoiding traditional malware-based detection, especially when identity providers are misconfigured or access controls are weak. The report also notes that a large volume of suspicious activity observed across monitored endpoints was tied to identity misuse and anomalous behavior, rather than executable threats.

The report further describes how ransomware activity in 2025 evolved toward identity-centric intrusion and extortion, using stolen credentials and token manipulation to access cloud consoles and APIs. It points out that hybrid environments remain uneven in exposure: on-premises systems continue to generate the majority of detections due to legacy risks, while cloud environments—though a smaller share—face more targeted identity-driven compromise attempts. In these cases, attackers may bypass endpoint visibility by relying on OAuth abuse and API exploitation, maintaining persistence and exfiltrating data through legitimate channels.Looking ahead, the report anticipates “cognitive” threats accelerating identity attacks through AI-generated impersonation and automated credential abuse at enterprise scale, potentially stressing existing authentication controls. It flags gaps in OAuth flows and identity governance as likely entry points for these attacks, particularly as cloud-native adoption expands.

In response, the report emphasizes that enterprises will need to strengthen identity security beyond static passwords, focusing on continuous verification, tighter access governance, and stronger monitoring for anomalous identity activity across cloud and hybrid identity systems.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!