Insider-Threat Worries Rise

A Fox Business segment that drew wide attention this week framed artificial intelligence as an “insider threat” problem as much as an external hacking risk, arguing that faster AI adoption is making data leaks and misuse by trusted employees harder to contain. (youtube.com) In cybersecurity, an insider threat means damage caused by people who already have legitimate access: employees, contractors, or partners who can view files, move data, or misuse tools without first breaking in. The Cybersecurity and Infrastructure Security Agency says insider-risk programs are meant for government and private-sector organizations alike. (cisa.gov) The basic AI concern is simple: a worker can now paste sensitive material into a chatbot, generate convincing phishing text, or automate repetitive abuse with far less skill than older attacks required. IBM said generative AI expands the insider-threat “attack surface” by increasing the risk of data leaks and manipulation by people inside an organization. (ibm.com) That concern is landing as organizations are already struggling with human-driven security failures. Verizon’s 2025 Data Breach Investigations Report said the “human element” was involved in roughly 60% of breaches, while third-party involvement doubled from 15% to 30%. (verizon.com) Federal guidance has been moving in the same direction for years: trust less, verify more, and limit what any one account can reach. NIST’s zero-trust architecture standard says security should shift away from static network perimeters and focus on users, assets, and resources. (nist.gov) CISA’s Zero Trust Maturity Model breaks that work into five pillars — identity, devices, networks, applications and workloads, and data — and treats continuous verification as a core operating principle. That gives agencies a concrete shopping list when AI worries turn into budget requests. (cisa.gov) The spending tends to cluster around identity controls because insider misuse usually starts with a valid account, not a smashed firewall. NIST’s cloud-focused zero-trust model says one of the field’s basic tenets is removing implicit trust in users, services, and devices based on location or ownership alone. (nist.gov) Monitoring is the other half of the response. CISA’s May 2025 guidance on securing AI data urged organizations to adopt stronger data protection, risk management, monitoring, threat detection, and network defense as AI systems move deeper into essential operations. (cisa.gov) NIST has also shifted from theory to implementation. Its practice guide on zero trust, released in 2025, documented 19 example architectures built with 24 industry collaborators so agencies and companies can copy working models instead of starting from scratch. (nist.gov) The cost figures help explain why the argument is resonating beyond television. A 2025 Ponemon report sponsored by DTEX put the average annual cost of insider risk at $17.4 million per organization, up from $16.2 million in 2023, with containment and incident response driving much of the increase. (dtex.ai) Not everyone uses the same language for the problem: some vendors describe AI itself as the “new insider threat,” while federal standards still focus on people, identities, and access decisions. The practical response is converging anyway on tighter permissions, closer monitoring, and systems that assume a trusted user can still make a costly mistake. (thalesgroup.com)