Seqrite India Cyber Threat Report 2026 warns that password-based systems will become ineffective against sophisticated AI-assisted attacks, positioning identity as the new security perimeter for Indian enterprises. The report, based on telemetry from 8 million endpoints, finds that adversaries are increasingly abusing OAuth tokens to compromise cloud identities and move laterally across hybrid environments without triggering traditional malware-focused alerts.
Behaviour-based detections blocked over 34 million anomalous activities, many tied to identity misuse rather than executable payloads, underscoring the limitations of perimeter and signature-led defences.
OAuth Weaponisation and Ransomware’s Shift to Identity Extortion
Seqrite highlights how 2025 ransomware campaigns by groups such as Qilin, Akira and Cl0p pivoted from mass file encryption to identity-centric extortion, using stolen credentials and OAuth token manipulation to infiltrate cloud consoles and API endpoints. In India’s hybrid environments, on-premises systems still accounted for 91% of detections due to legacy exposure, while cloud workloads contributed 9% but faced highly targeted identity threats such as configuration drift and unmanaged access paths.
The report notes that many cloud intrusions bypassed endpoint visibility entirely, relying on OAuth abuse and API exploitation that rendered stronger password policies insufficient to contain attacks.
Cognitive Threats and Deepfake-Driven Identity Attacks
Looking ahead, Seqrite forecasts an escalation of “cognitive threats” in 2026, with generative AI enabling deepfake-based authentication bypass and autonomous credential stuffing at enterprise scale.
Researchers predict that hyper-realistic impersonations could defeat certain biometric or behavioural MFA implementations, while gaps in zero-trust enforcement across OAuth flows become primary ingress points. Education, healthcare and manufacturing sectors, which together represented 47% of detections in 2025, are flagged as facing heightened existential risk as identity emerges as the weakest link across expanding cloud-native surfaces.
Zero‑Trust Identity and National Frameworks Recommended
To counter these trends, Seqrite recommends that Indian enterprises adopt zero-trust identity management grounded in continuous authentication, behavioural biometrics and AI-powered identity correlation instead of static passwords. The report urges organisations to implement just-in-time access, ephemeral credentials and anomaly detection across identity fabrics to mitigate OAuth token theft and weaponisation.
Analysing 265.52 million detections, Seqrite concludes that signature-based defences cannot address identity-driven threats alone and calls for integrated platforms that combine predictive intelligence with autonomous response. It further advocates regulatory alignment on identity standards and cross-industry collaboration to create national identity assurance frameworks, supported by new offerings such as Seqrite Threat Intelligence and zero-trust identity modules powered by its GoDeep.AI technology.
