As cyberattacks leveraging artificial intelligence (AI) increase, an analysis found that corporations cannot fend off the deluge of attacks with a single layer of security.
Market research firm Gartner stated accordingly in its report, "Threat environment response strategies for 2026–2027," published on the 9th. Gartner identified four major threats that could give hackers the upper hand: deepfakes (photos or videos manipulated using AI), AI application compromise, prompt injection, and the software supply chain.
The selection was based on "threat signals," meaning the quantity and quality of information available to attackers related to each threat, and on "organizational response capabilities," meaning how effectively the threat can be managed.
The report assessed that the scale, precision, and accessibility of deepfake-generated voice, video, and images have risen sharply. As deepfakes move beyond preproduced content to real-time generation, the risk that attackers can impersonate identities via multiple channels has grown. This can be exploited for attacks on biometric authentication procedures, real-time social engineering against employees, and disruption of hiring processes.
John Watts, a Gartner analyst, said, "Attackers' deepfake techniques keep evolving, and now it is difficult to detect fraud or phishing attacks," adding, "Because a single security measure cannot stop this, corporations should establish a multilayered defense strategy that includes strengthening business processes, raising security awareness, and adopting deepfake detection technologies."
AI application compromise has emerged as a core threat as attackers target enterprise AI tools deployed in corporations' operating environments and employees-only apps. Given the broad attack surface, if security is weak, sensitive data or credentials could be exposed.
Prompt injection attacks targeting AI systems including large language models (LLMs) are also rampant. Attackers inject maliciously crafted prompts to distort the model's algorithmic behavior. By doing so, they bypass existing security controls, such as by exfiltrating sensitive information externally or inducing unauthorized actions. Gartner said, "As corporations expand their adoption of Generative AI, the risks of prompt injection are rising in tandem."
The software supply chain was also identified as a newly notable threat. Analyst Watts explained, "Advances in Generative AI solutions are accelerating the trend of software supply chain attacks that target vulnerabilities in open-source software."
Gartner emphasized that a multilayered security strategy is essential to counter this threat environment. The report said, "Corporations' cybersecurity teams should take steps such as applying strong security controls throughout the entire development lifecycle and running AI security testing that identifies vulnerabilities in advance."