June 4: There are four critical and unpredictable threats where attackers hold a significant advantage to successfully exploit weaknesses in targeted organizations according to Gartner, Inc. a business and technology insights company. These include deepfakes, AI application compromise, prompt injection and software supply chains.
The Gartner ThreatScape categorizes the threats into six distinct areas along two axes:
- Differentiating threats based on the quality and volume of information available.
- Assessing threats based on organizational capabilities to manage them, and whether the threat actors hold an advantage.
“The introduction of security initiatives by frontier AI companies creates significant noise to an already noisy threat landscape,” said John Watts, VP Analyst at Gartner. “Cybersecurity leaders must be able to find the threat signal in all the noise in order to respond to shifts in the threat landscape.”
AI Application Compromise
AI application compromise is in the critical threat section as attackers target the growing number of production-ready public-facing and internal enterprise AI tools. The attack surface has grown to include custom-built agents, third-party integrations and employee-only applications, often exposing sensitive data or credentials when controls are weak.
“Cybersecurity teams need to expand their programs beyond traditional software protections by mapping new attack surfaces introduced by GenAI models or agentic tools,” said Watts. “Using Gartner’s trust and risk in security management framework allows cybersecurity teams to know where to embed AI-specific threat mitigations directly into the AI application development process.”
Securing an AI application does not always mean starting from scratch. There are many AI security startups that offer broader and deeper capabilities as organizations mature and need more security around their use of AI. To address this threat, CISOs should apply secure development life cycle and threat modeling best practices to AI applications. They should also strengthen data security by improving data classification, adopt purpose-based access control (PBAC) and implement runtime monitoring.
Identity Impersonation Using Deepfakes
The advent of GenAI has dramatically increased the volume, fidelity and accessibility of deepfake creation across voice, video, and images, both as pre-recorded artifacts or generated in real-time. This has expanded the opportunity for attackers to impersonate identities across a range of attack surfaces. Deepfakes can be used to attack biometric authentication processes, can be combined with social engineering in real-time attacks on employees and can be used to subvert recruitment processes.
“Attacker use of deepfakes continues to advance and is now commonplace to make fraud and phishing scams difficult to detect,” said Watts. “There is no one cybersecurity control that will protect you. Instead organizations should use a combination of strengthening business processes, improving awareness, and deploying available deepfake detection technologies where possible.”
As a result, cybersecurity teams must look beyond deepfake detection and strengthen controls to protect the integrity of real‑time communications, as well as biometric authentication and verification processes by considering the following:
- Build a robust mitigation strategy by recognizing that deepfake detection alone is not sufficient to detect and prevent deepfake identity impersonation attacks. Instead focus on layers of controls that will vary by use case.
- Protect biometric identity verification by focusing on presentation and injection attack detection in addition to contextual signals.
- Secure online meetings by implementing conditional access policies to enforce strong authentication for call participants and analysis of call metadata.
Software Supply Chain Threats
“The evolution of GenAI offerings will only accelerate the trend of software supply chain attacks through vulnerabilities in open source software,” said Watts. “Organizations must work towards trusted component registries, hardening their CI/CD pipelines and building strong operational anomaly detection and response capabilities.”
Cybersecurity teams should build comprehensive inventories of software assets while integrating strong controls at every stage of development. These measures help defend against emerging threats that target both traditional applications and modern AI-powered pipelines. With this in mind, CISOs should:
- Require SBOMs (and AIBOMs) from all vendors; assess every component for risk using tools with up-to-date threat intelligence before deployment.
- Use curated repositories for third-party code, container images and AI models; enforce branch protection on code repositories.
- Sign artifacts during builds; implement least-privilege access controls on build systems; continuously monitor runtime activity by agentic tools.
Prompt Injection
Prompt injection is a cybersecurity threat targeting AI systems, especially those using large language models Attackers manipulate prompts to alter the model’s behavior, causing it to leak sensitive information, perform unauthorized actions, or bypass controls. As organizations increasingly adopt GenAI, the risk of prompt injection expands, making it a critical issue for cybersecurity teams.
To effectively counter prompt injection threats, cybersecurity teams should implement a layered mitigation strategy. This involves AI security testing to proactively identify vulnerabilities, establishing strong system prompts to guide AI behavior, and deploying AI runtime guardrails that monitor for and block suspicious activity. Key actions for CISOs include:
- Implement input validation and sanitization to filter out potentially malicious prompts.
- Establish monitoring and alerting for abnormal AI behavior that may indicate successful prompt injection.
- Integrate prompt injection testing into the AI system development lifecycle.
- Leverage the outcomes of the testing to improve runtime controls.
Additional Insights Available
Gartner clients can read more in How to Respond to the 2026-2027 Threat Landscape.
Gartner is the World Authority on AI
Gartner is the indispensable partner to C-Level executives and technology providers as they implement AI strategies to achieve their mission-critical priorities. The independence and objectivity of Gartner insights provide clients with the confidence to make informed decisions and unlock the full potential of AI. Clients across the C-Level are using Gartner’s proprietary AskGartner AI tool to determine how to leverage AI in their business. With more than 2,500 business and technology experts, 6,000 written insights, as well as more than 4,000 AI use cases and case studies, Gartner is the world authority on AI. More information can be found here.