GARTNER SECURITY & RISK MANAGEMENT SUMMIT – National Harbor, Md. – Enterprise defenses for four critical threats are overmatched and in urgent need of improvement.
That’s according to several analysts who spoke at the Gartner Security and Risk Management Summit this week. In a session on Monday, John Watts, VP analyst at Gartner, highlighted deepfakes, software supply chain risks, prompt injections, and AI application compromises as the four most pressing threats for enterprises.
These four threats ranked at the top of Gartner’s 2026-27 ThreatScape chart, which contrasts threat actor signals against the effectiveness of the attack against enterprise defenses. And in these cases, “the attacker holds the advantage,” Watts said, because organizations’ security capabilities and current solutions aren’t yet up to the task.
Other Gartner analysts emphasized these threats across numerous sessions throughout the conference, urging enterprises to improve their security postures through additional controls and stronger policies. But that may be easier said than done.
Deepfakes and Software Supply Chain Risks
There was a time not too long ago when AI’s role in vishing or videoconferencing attacks was unclear. But that time is long past — deepfakes are “clearly a problem,” Watts said.
According to Gartner, 62% of organizations have been hit with some kind of deepfake attack involving social engineering or bypassing facial or voice recognition systems. In a Tuesday session, Zachary Smith, director analyst at Gartner, said that even if some deepfake detection technologies work today, the AI market is moving so fast that they may not work tomorrow.
To that point, Smith urged organizations to apply a layered security approach with additional authentication requirements as well as tools to detect caller ID spoofing and SIM swapping. “You don’t need to detect the deepfake to stop a deepfake attack,” Smith said, explaining that a failed authentication check will thwart an attacker.
Bryson Byrd, cybersecurity adviser at Huntress, tells Dark Reading that additional authentication measures are a must. “Multifactor authentication doesn’t just apply to passwords. It’s everything now,” he says.
Gartner’s 2026-27 ThreatScape chart has deepfakes, prompt injections, software supply chain risks and AI application compromises as the most pressing threats. SOURCE: Gartner
Like deepfakes, supply chain attacks aren’t new. However, the landscape has changed with automated worms like Shai-Hulud, which became a force multiplier for attackers looking to sweep up credentials and secrets and continue compromising repositories.
In addition to the worms, organizations are struggling with securing their code on third-party platforms. While GitHub has introduced security features like secrets scanning, organizations sometimes skip over them and exposure sensitive data. Watts said “NPM is kind of a mess,” even though some improvements have been made.
But organizations need to apply controls around their software and development environments, Watts added. Those controls include strong version-control policies, secrets scanning and management, and applying the principle of least privilege to CI/CD pipelines.
Prompt Injections and AI Application Compromises
Prompt injections have been an ongoing problem for AI companies and their customers. But the threat is even more concerning with the massive growth of AI agents. Watts explained that threat actors can execute indirect injection attacks by planting malicious prompts in webpages, for example, and waiting for agents to read them.
Watts cited data from Google that showed a 32% increase in indirect prompt injections attacks between November 2025 and February 2026. “The big issue is that as you get to agentic, autonomous AI, once the execution chain is poisoned, the whole thing goes downhill,” he said. “You can’t really recover from that.”
Watts said some security vendors that claim to focus on prompt injection security are merely looking for keywords typically featured in malicious prompts. “That’s not going to work,” he said. In another session on rogue AI agents, Dennis Xu, research vice president at Gartner, emphasized that there is no way to stop prompt injection and jailbreaking attacks 100% of the time,
Instead of relying solely on third-party solutions, Watts encouraged organizations to use penetration testing and red teaming on their AI systems to find and address prompt injections.
Last but not least, Watts flagged AI application compromises, which can stem from variety of sources. For example, Watts noted there were 2,130 AI-related CVEs disclosed in 2025, a nearly 35% year-over-year increase. Additionally, memory poisoning attacks and insecure resources and infrastructure can also lead to compromise.
“As you build and scale your AI applications and get more out of AI, you’re going to increase the attack surface,” he said, which threat actors are counting on.
It doesn’t help matters when, for example, OpenClaw spreads like wildfire across the industry. The popular open source AI framework, which has had numerous critical vulnerabilities, has been deployed widely — and often insecurely — by many organizations since it was launched earlier this year.
“Right now you can still run scans and find OpenClaw on the Internet with admin rights,” Watts said. “You’ve got to make sure you’ve got some controls around how people are doing this stuff.”

No responses yet