AI, Identity, and the Trust Gap: Keeper Security’s Global Survey Exposes the Reality Behind Zero-Trust Readiness

In a year when artificial intelligence has redefined both the promise and peril of cybersecurity, a new report from Keeper Security reveals how far most enterprises still are from turning awareness into action.

Drawing insights from more than 370 cybersecurity professionals across Infosecurity Europe, Black Hat USA, and it-sa Germany, the report — “Identity, AI and Zero Trust: Cybersecurity Perspectives” — paints a vivid picture of practitioners struggling to keep pace with an expanding threat landscape supercharged by AI.

AI: A Double-Edged Sword

While nearly every respondent acknowledged AI’s transformative role, few felt ready to handle its darker side. Only 12% of UK and 16% of U.S. professionals said their organizations were fully prepared for AI-driven attacks. Confidence rose modestly to 28% in Germany, but even there, most admitted their defenses were still evolving.

The trend underscores a global truth: AI is now amplifying both sides of the cybersecurity equation. While defenders are racing to automate detection and response, attackers are deploying the same technologies to generate more sophisticated phishing, impersonation, and evasion tactics.

Zero Trust in Theory, Not Yet in Practice

Zero-trust architecture — the idea that no user or system should be inherently trusted — remains the north star for most teams, but implementation varies widely. At Infosecurity Europe, fewer than one in five practitioners reported a fully realized zero-trust framework. That number improved to 27% at Black Hat USA and 44% at Germany’s it-sa, suggesting that even among mature markets, adoption is uneven and often stalled by operational complexity.

The challenge, according to Keeper’s findings, isn’t lack of understanding but the gap between principle and practice. Many organizations cite fragmented identity systems, legacy infrastructure, and resource constraints as key barriers to progress.

Identity: The Prime Battleground

Identity-based attacks remain the defining risk of modern cybersecurity. Across all regions, phishing and deepfakes dominate as the most feared threats. In the U.S. and UK, nearly half of respondents ranked phishing as their top concern, while in Germany, deepfakes took the lead — cited by a striking 61% of participants.

Equally troubling, privileged access controls — the gatekeepers of critical systems — remain inconsistent. Over 40% of UK and U.S. respondents admitted that multi-factor authentication isn’t enforced for privileged accounts, and half of German organizations said they lack a dedicated Privileged Access Management (PAM) solution altogether.

From Awareness to Execution

The survey reveals a growing maturity in strategy but lagging execution — a dynamic that Keeper CEO and Co-founder Darren Guccione believes organizations can overcome through focus and accountability.

Keeper’s report ultimately calls for disciplined adoption of zero-trust frameworks and PAM practices — coupled with the responsible integration of AI — to detect anomalies and control risk at every point of access.

The full findings, including regional comparisons and practical guidance, are available in Keeper Security’s complete “Identity, AI and Zero Trust” report.